Cisco documentation fun

Started by Otanx, February 19, 2016, 02:10:09 PM

Previous topic - Next topic

wintermute000

Standard operating procedure for ASA:
- disable ESMTP inspection
- disable SQL inspection
- disable SIP inspection
....... aaaaand ah sod it, disable ALL the inspections aside from basic TCP/UDP

killabee

We were actually close to disabling all the inspections on all of our internal ASAs because of the problems they created (especially ESMTP).  We never pulled the trigger, though

Otanx

Quote from: Dieselboy on March 01, 2016, 07:58:41 PM
I didn't know why ESMTP inspection broke SMTP, but if you telnet to the SMTP server receive port through the ASA and issued EHLO then you get something back like:

*************************************
220
*************************************


Which isn't normal.

That is the banner block that the ASA does. To prevent fingerprinting of the mail server the ASA will replace all EHLO response text except the 220 with asterisks.

-Otanx

Dieselboy

Otanx - thanks for explaining that to me mate :)