Cisco documentation fun

Started by Otanx, February 19, 2016, 02:10:09 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

wintermute000

#15
March 02, 2016, 04:39:31 AM
Standard operating procedure for ASA:
- disable ESMTP inspection
- disable SQL inspection
- disable SIP inspection
....... aaaaand ah sod it, disable ALL the inspections aside from basic TCP/UDP

killabee

#16
March 02, 2016, 08:08:57 AM
We were actually close to disabling all the inspections on all of our internal ASAs because of the problems they created (especially ESMTP).  We never pulled the trigger, though

Otanx

#17
March 02, 2016, 09:22:49 AM
Quote from: Dieselboy on March 01, 2016, 07:58:41 PM
I didn't know why ESMTP inspection broke SMTP, but if you telnet to the SMTP server receive port through the ASA and issued EHLO then you get something back like:
Code Select

*************************************
220
*************************************


Which isn't normal.

That is the banner block that the ASA does. To prevent fingerprinting of the mail server the ASA will replace all EHLO response text except the 220 with asterisks.

-Otanx

Dieselboy

#18
March 02, 2016, 08:58:48 PM
Otanx - thanks for explaining that to me mate :)
Print
Go Up Pages 1 2
User actions