Asa5512, ver. 8.6(1)2, SMTP over NAT problem

hi guys,
i have a weird issue while trying to organize smtp-server behind my asa 5512.
the most interesting thing is that all other services like ssh, http, https, etc works just fine...except smtp....and yes, i've disabled inspect esmtp feature.
object network obj-10.100.22.19
host 10.100.22.19
object network PAT
subnet 10.100.22.16 255.255.255.248
access-list inet-in extended permit tcp any host 10.100.22.19 eq smtp
access-list inet-in extended permit tcp host X.X.X.X host 10.100.22.19 eq ssh
access-list inet-in extended permit tcp host X.X.X.X host 10.100.22.19 eq imap4
access-list inet-in extended permit tcp host X.X.X.X host 10.100.22.19 eq 993
access-list inet-in extended permit tcp object-group inet-grp1 host 10.100.22.19 eq www
access-list inet-in extended permit tcp object-group inet-grp1 host 10.100.22.19 eq https
object network obj-10.100.22.19
nat (serv2,inet) static Y.Y.Y.Y
object network PAT
nat (serv2,inet) dynamic interface
access-group inet-in in interface inet
what i see in logs:
%ASA-6-302013: Built inbound TCP connection 1733 for inet:X.X.X.X/47056 (X.X.X.X/47056) to serv2:10.100.22.19/25 (Y.Y.Y.Y/25)
%ASA-6-302014: Teardown TCP connection 1733 for inet:X.X.X.X/47056 to serv2:10.100.22.19/25 duration 0:00:30 bytes 0 SYN Timeout
%ASA-6-106015: Deny TCP (no connection) from 10.100.22.19/25 to X.X.X.X/47056 flags SYN ACK on interface serv2
so it looks like smtp-client doesn't receive TCP ACK while building the session and in 30 sec issues SYN Timout message...
and i am sure, that everything is OK with sendmail, because tcp/25 is opened and working from another dmz of this ASA, the only difference is that dmz connected without NAT...
any ideas?
thanx in advance.

hi,
i've tried to capture via tcpdump on smtp-client and server interfaces and have seen on client side that SYN ACK never comes and on the server side that it does issue this SYN ACK. so it's been dropped somewhere on the way...
server connected directly into ASA interface and client just in few hops on internet.
here's configuration:
ASA Version 8.6(1)2
hostname ________
no names
interface GigabitEthernet0/0
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
interface GigabitEthernet0/1.1011
vlan 1011
nameif vlan1011
security-level 75
ip address 10.100.10.11 255.255.255.0
interface GigabitEthernet0/1.1035
vlan 1035
nameif inet
security-level 50
ip address X.X.X.Y 255.255.255.248
interface GigabitEthernet0/2
nameif serv1_mng
security-level 100
ip address 10.100.22.5 255.255.255.252
interface GigabitEthernet0/3
nameif serv2_mng
security-level 100
ip address 10.100.22.1 255.255.255.252
interface GigabitEthernet0/4
nameif serv1
security-level 100
ip address 10.100.22.13 255.255.255.252
interface GigabitEthernet0/5
nameif serv2
security-level 100
ip address 10.100.22.17 255.255.255.248
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
dns domain-lookup inet
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit inter-interface
object network obj-10.100.22.19
host 10.100.22.19
object network PAT
subnet 10.100.22.16 255.255.255.248
object-group network vlan1011-grp1
network-object 10.0.0.0 255.255.255.0
network-object 10.100.10.0 255.255.255.0
object-group network vlan1011-grp2
network-object host 10.0.0.238
network-object host 10.0.0.239
object-group network vlan1011-grp3
network-object host 10.100.13.50
network-object host 10.100.14.50
object-group network vlan1011-grp4
network-object host 10.100.10.1
network-object 10.0.0.0 255.255.255.0
object-group service backup-tcp tcp
port-object range 10080 10083
port-object range 10100 10108
object-group service backup-udp udp
port-object range 10080 10083
port-object range 10100 10108
object-group network inet-grp1
network-object host ____________
network-object host ____________
access-list inet-in extended permit icmp any any
access-list inet-in extended permit tcp any host 10.100.22.19 eq smtp
access-list inet-in extended permit tcp host A.A.A.A host 10.100.22.19 eq ssh
access-list inet-in extended permit tcp host A.A.A.A host 10.100.22.19 eq imap4
access-list inet-in extended permit tcp host A.A.A.A host 10.100.22.19 eq 993
access-list inet-in extended permit tcp object-group inet-grp1 host 10.100.22.19 eq www
access-list inet-in extended permit tcp object-group inet-grp1 host 10.100.22.19 eq https
access-list vlan1011-in extended permit icmp any any
access-list vlan1011-in extended permit tcp object-group vlan1011-grp1 10.100.22.16 255.255.255.248 eq ssh
access-list vlan1011-in extended permit tcp object-group vlan1011-grp2 10.100.22.16 255.255.255.248 eq 10050
access-list vlan1011-in extended permit tcp object-group vlan1011-grp3 10.100.22.16 255.255.255.248 object-group backup-tcp
access-list vlan1011-in extended permit udp object-group vlan1011-grp3 10.100.22.16 255.255.255.248 object-group backup-udp
access-list vlan1011-in extended permit tcp object-group vlan1011-grp1 host 10.100.22.19 eq www
access-list vlan1011-in extended permit tcp object-group vlan1011-grp1 host 10.100.22.19 eq https
access-list vlan1011-in extended permit tcp object-group vlan1011-grp1 host 10.100.22.19 eq imap4
access-list vlan1011-in extended permit tcp object-group vlan1011-grp1 host 10.100.22.19 eq 993
access-list vlan1011-in extended permit tcp object-group vlan1011-grp1 host 10.100.22.19 eq smtp
tcp-map Exp_MSS
pager lines 24
logging enable
logging timestamp
logging buffer-size 100000
logging console warnings
logging monitor informational
logging buffered informational
logging trap errors
logging history informational
logging asdm informational
logging device-id hostname
mtu vlan1011 1500
mtu inet 1500
mtu serv1_mng 1500
mtu serv2_mng 1500
mtu serv1 1500
mtu serv2 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
object network obj-10.100.22.19
nat (serv2,inet) static X.X.X.X
object network PAT
nat (serv2,inet) dynamic interface
access-group vlan1011-in in interface vlan1011
access-group inet-in in interface inet
route inet 0.0.0.0 0.0.0.0 X.X.X.Z 1
route vlan1011 10.0.0.0 255.0.0.0 10.100.10.100 1
route vlan1011 10.0.0.0 255.255.255.0 10.100.10.1 1
timeout xlate 9:00:00
timeout conn 48:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca
quit
telnet 10.100.10.0 255.255.255.0 vlan1011
telnet timeout 30
ssh 10.100.10.0 255.255.255.0 vlan1011
ssh timeout 30
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server __________ prefer
webvpn
class-map Exp_MSS
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class Exp_MSS
set connection advanced-options Exp_MSS
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect http
inspect pptp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous

Similar Messages

Crystal Report Server - SMTP over secured connection (SSL/TLS)

<p>Hello All,</p><p>Been looking around information on Crystal Reports Server but have not managed to find the information I need. So was wondering if anyone new if it is possible to distribute reports via SMTP over secured connections such as SSL/TLS using Crystal Reports Server? </p>

Only if the security is external to BO. our SMPT configuration does not have a built in configuration parameter to encrypt data.
Regards,
Tim

Error when trying to se smtp over ssl

Hi all ,
I have a webdynpro application that sends mail using smtp over ssl .
Ihvae imported the ca certificate to trused ca key store , but when I run the application I get the following error :
javax.mail.MessagingException: Exception reading response;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
could you please help
Regards ,
Oren

My apologies for jumping into this thread, but I'm having a similar problem. I placed a file into the webroot/vod folder for testing purposes, but I cannot play the file when I use it as a source for the HTML5 <video> tag. When I try to access the file directly, http://63.116.232.4/vod/AmericanFlag.mov I get the following error messages:
Not Found The requested URL /vod/AmericanFlag.mov was not found on this server.Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h Server at 63.116.232.4 Port 80
The sample file, however, plays through Safari with no problems. http://www.librarymedia.net/Flash3/HTML5.html

Firewall settings for Authenticated SMTP over SSL?

I'm trying to set up mail servives on a server hosted at a host company with a firewall. I think I need to open ports 587 and 465 but the hosting company says I should only open port 465 for this SMTP over SSL. When I try to send email locally thru an account on the server using the server's SMTP server, Apple Mail says it can't. I think part of the problem is the firewall at my end hosted by my ISP might be interacting with everything else.
Should i have both ports open? Thanks!

You will need to open the ports that you have added/enabled in Postfix. By default, Postfix only listens to port 25.
Typically, port 587 should be used. Often you will also need port 465 for backwards compatibility with some Microsoft mail clients.
To enable those ports in Postfix, see this:
http://mac007.com/?Tips:AlternateSMTPPorts
HTH,
Alex

I bought a new iMac. iWeb and all folders migrated over, no problem, but I cannot bring up my website - it only seems to allow for creating a new site.

I bought a new iMac. iWeb and all its folders migrated over, no problem, but I cannot bring up my website - it only seems to allow for creating a new site.

You need the 'Domain' file in which iWeb keeps its data. This lives by default in (user)/Library/Application Support/iWeb. You need to locate it on the old machine and copy it to the same position in the new machine. Note that it is the Library folder in your Home folder, not the one at root level.
This folder is hidden on Lion and above; to access it, in the Finder go to the ‘Go’ menu and hold down the Option (Alt) key; the Library folder will appear as a choice. In Mavericks you can make it permanently visible - open your Home Folder the from the Finder's View menu, choose show View Options and check Show User Library.

HT1483 Ipod froze. How to get over the problem and bring it back?

Ipod froze and not responding. How to get over this problem and bring back the Ipod ?

Go to the  menu/About This Mac - what OS version shows there?
Do a backup, preferably 2 separate ones on 2 separate drives.
Revert to a Previous OS X
Revert to Snow Leopard
If you do revert, I'd use Setup Assistant to restore your data. This process takes a while, so do it when you won't need the computer for several hours, based on my experience.

My ipad mini 2 gets blue screen and then keep restarting over and over again problem

My ipad mini 2 gets blue screen and then keep restarting over and over again problem. I tried to restore to the factory setting but it was not successful to fix the problem. Sometimes I could not even restore. How can I do with this kind of problem?
I'm very frustrated now. Please help me!

I have the same issue and have not found a way to fix it yet. I cant even down grade back to 8.2 because it wont stay on long enough.

Dv6-3123tx - is facing over heating problem?

Hi All,
I am planning to buy another LPTP
my main requriment is : intel i5 , 4 GB RAM , atlist 2.66GHZ cpu , 15" monitor.
So that I have chk hp following model : dv6-3123tx its cost is Rs.50,000/- INR
I have chked some review of (dv6-3123tx) and some post is saying it is having over heating problem and hp is stoped to supply it in to the market.
can any one will me guide me in this case. or pls suggest some model.
I m from India
my budget is up to Rs. 50,000/- INR = $ 1050/- USD
niranjan

i have bought the dv6-3123tx about 2 months back and i wouldnot recommend it to anyone too.
All i do i browse and sometime not even that. Leaving it on the table switched on make its go hot, so hot that you cant even type on the keyboard. And the sound the fan makes is annoying.
The touchpad is also one big disadvantage. it makes a sound each time you click. So you cannot work unless you have a mouse. Right now its so heated up that i can barely type (mostly on the left hand side of the laptop.
Also i was checking for remedies when I relaised that this laptop 3123 is not even listed in the HP products list:
http://h20180.www2.hp.com/apps/Nav?h_pagetype=s-001&h_lang=en&h_cc=in&h_product=4247579&h_client=s-s...
If you perform a search with this name, you wouldnot get any results. I guess i better take it to the store immediately before it burns my hand, else i would have to use it as an omlette maker.

JMS Issues over NAT IP in weblogc 10.3

Dear Tom B,
We have an issue in connecting to the JMS TOPIC's over NAT IP. Pls note the application has Applets/Swing and hence use Thin Client jars for communicating it with weblogic server. We are getting the following exception when we try to look up using the Natted IP.
Exception at MessagingServiceFactory :::weblogic.jms.common.JMSException: [JMSClientExceptions:055054]Error finding dispatcher: weblogic.messaging.dispatcher.DispatcherException: Could not register a DisconnectListener for [IOR:0000000000000042524d493a7765626c6f6769632e6d6573736167696e672e646973706174636865722e44697370617463686572496d706c3a30303030303030303030303030303030000000000000010000000000000208000102000000000d3137322e31362e31372e313000001f6a000000f800424541080103000000000b74726561737572792d3100000000000000000042524d493a7765626c6f6769632e6d6573736167696e672e646973706174636865722e44697370617463686572496d706c3a303030303030303030303030303030300000000000000432363800000000024245412a0000001000000000000000007667e38aea8d58524245410b00000068000000000000006000005d7765626c6f6769632e6d6573736167696e672e646973706174636865722e4469737061746368657252656d6f74653a7765626c6f6769632e6d6573736167696e672e646973706174636865722e446973706174636865724f6e6557617900000005000000010000002c0000000000010020000000030001002000010001050100010001010000000003000101000001010905010001000000190000003b0000000000000033687474703a2f2f3137322e31362e31372e31303a383034322f6265615f776c735f696e7465726e616c2f636c61737365732f00000000001f000000040000000300000020000000040000000100000021000000580001000000000001000000000000002200000000004000000000000806066781020101010000001f0401000806066781020101010000000f7765626c6f67696344454641554c540000000000000000000000000000000000] for treasury-1
weblogic.jms.common.JMSException: [JMSClientExceptions:055054]Error finding dispatcher: weblogic.messaging.dispatcher.DispatcherException: Could not register a DisconnectListener for [IOR:0000000000000042524d493a7765626c6f6769632e6d6573736167696e672e646973706174636865722e44697370617463686572496d706c3a30303030303030303030303030303030000000000000010000000000000208000102000000000d3137322e31362e31372e313000001f6a000000f800424541080103000000000b74726561737572792d3100000000000000000042524d493a7765626c6f6769632e6d6573736167696e672e646973706174636865722e44697370617463686572496d706c3a303030303030303030303030303030300000000000000432363800000000024245412a0000001000000000000000007667e38aea8d58524245410b00000068000000000000006000005d7765626c6f6769632e6d6573736167696e672e646973706174636865722e4469737061746368657252656d6f74653a7765626c6f6769632e6d6573736167696e672e646973706174636865722e446973706174636865724f6e6557617900000005000000010000002c0000000000010020000000030001002000010001050100010001010000000003000101000001010905010001000000190000003b0000000000000033687474703a2f2f3137322e31362e31372e31303a383034322f6265615f776c735f696e7465726e616c2f636c61737365732f00000000001f000000040000000300000020000000040000000100000021000000580001000000000001000000000000002200000000004000000000000806066781020101010000001f0401000806066781020101010000000f7765626c6f67696344454641554c540000000000000000000000000000000000] for treasury-1
at weblogic.jms.client.JMSConnectionFactory.setupJMSConnection(JMSConnectionFactory.java:266)
at weblogic.jms.client.JMSConnectionFactory.createConnectionInternal(JMSConnectionFactory.java:285)
at weblogic.jms.client.JMSConnectionFactory.createTopicConnection(JMSConnectionFactory.java:184)
I read your other thread Weblogic JMS port usage! where you have said a special -D property might be required, but I could not get the exact property for us to try it out.
Request your advise.
Regards
Suresh.

Hi ,
Would you be able to explain what are you trying to do , what is failing along with tha stack trace please?
Presumably, you have got JMS modules -> JMS Topic created and all assigned/targetted to the Managed server instances? Are you having trouble connecting/subscribing to that topic from your client code? if so, where does your client code execute from .. I mean is that on the same host as weblogic server ?
from the host that has your client code - try ping / nslookup /tracert to weblogic host and see if thats resolved in the first place.
HTH
Sri

Xbox360 WRT54GS ver. 6 NAT problems

my xbox 360's NAT is set to strict and prevens me from connecting with a lot of otehr players and my wireless router is a WRT54GS ver. 6

for xbox 360 having NAT problem... you need to call Xbox to ask for the port numbers to open...now if your isp is dsl then call them up and set the modem to bridge to set the rtr to pppoe...in this way we will be able eliminate the multiple NAT issues and for your xbox to work...
CamZ

ISCSI over NAT

Hi
I see that is is not possible with a standard config to connect to a MS ISCSI target over NAT , are there any special tricks to getting the external IP and not the internal.
Dave

Hi
I see that is is not possible with a standard config to connect to a MS ISCSI target over NAT , are there any special tricks to getting the external IP and not the internal.
Dave
Connecting from inside a VM should do the trick.
StarWind Virtual SAN clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts.

Tunnel over NAT

Hi All
In our network we have configured tunnel over NAT setup
this tunnel is flapping continuously
with log meesage CRYPTOSESSION UP & DOWN
Attaching the configuration detail on the remote Side router
there is Crypto Seesion Up & Down log in the Hub Side router

Hi, Yes i have removed the crypto map from the tunnel & applied only in Fastethernet but the tunnel is still flapping
with the same log messages:
Aug 14 17:28:55: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 165.204.14.205 (Tunn
el160) is down: interface down
Aug 14 17:29:33: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer 195.75.9
7.209:4500 Id: 195.75.97.209
Aug 14 17:29:33: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is DOWN. Peer 195.75.9
7.209:4500 Id: 195.75.97.209
Aug 14 17:29:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel160, chan
ged state to up
Aug 14 17:30:21: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 165.204.14.205 (Tunn
el160) is up: new adjacency
Configuration Detail
dubai-vpn1#sh running-config interface tunnel 160
Building configuration...
Current configuration : 388 bytes
interface Tunnel160
description Primary GRE to drsfso-vpn1
bandwidth 512
ip address 165.204.14.206 255.255.255.252
ip mtu 1400
ip hello-interval eigrp 1 40
ip hold-time eigrp 1 220
ip route-cache flow
ip tcp adjust-mss 1360
no ip mroute-cache
load-interval 30
delay 1000
qos pre-classify
keepalive 20 5
tunnel source FastEthernet0/1
tunnel destination 195.75.97.209
end
Regards
Gopinath.V

ASA5512 iOS 9.3 inside nat problem

Hi,
I face some nat problem. i have ASA5512 iOS 9.3 its connect outside (ip: 37.10.1.2/29) for internet and inside (ip 10.78.61.1/24) for LAN and server.
I configure dynamic nat for internet its work. In LAN switch has 4 VLAN one server VLAN ip add 10.88.61.0/24.
Now i map a public ip 37.10.1.3 for server 10.88.61.10 from outside internet its work. But when i try to ping server public ip 37.10.1.3 from LAN its not ping but server local ip 10.88.61.10 ping from LAN.
How can solve the issue i need to ping public ip from LAN. ALL LAN VLAN are nat on ASA outside interface (ip: 37.10.1.2/29).
interface GigabitEthernet0/0
description #### Connect TO Internet ####
nameif outside
security-level 0
ip address 37.10.1.2 255.255.255.248
interface GigabitEthernet0/1
description #### Connect TO Core Switch ####
nameif inside
security-level 100
ip address 10.78.61.1 255.255.255.0
access-list outside-in extended permit ip any any
access-group outside-in in interface outside
access-group outside-in in interface inside
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj_Ser
host 10.88.61.10
object network obj_Ser_WAN
host 37.10.1.3
nat (inside,outside) source static obj_Ser obj_Ser_WAN
object network obj_any
nat (inside,outside) dynamic 37.10.1.4
same-security-traffic permit intra-interface
Thanks
Afzal

Hi,
Try this NAT:-
nat (inside,inside) source static obj_Ser obj_Ser_WAN
Thanks and Regards,
Vibhor Amrodia

Configuring IMAP - POP - SMTP over SSL

Hi,
I have configured SSL for webserver. I have copied same cert database (cert8.db and key3.db) in the config directory of messaging server. Changed the ownership of database to messaging server user. Password file is updated. I am able to see the certficate (./msgcert list-certs and ./msgcert show-cert cert1).
SSL is enabled for IMAP and POP.
# ./getconf | grep ssl
service.imap.enablesslport = 1
service.imap.sslcachesize = 0
service.imap.sslport = 993
service.imap.sslusessl = yes
service.pop.enablesslport = 1
service.pop.sslcachesize = 0
service.pop.sslport = 995
service.pop.sslusessl = yes
I am not able to connect to 993 and 995 port.
bash-3.00# telnet mail1 995
Trying 10.77.33.135...
telnet: Unable to connect to remote host: Connection refused
bash-3.00# telnet mail1 993
Trying 10.77.33.135...
telnet: Unable to connect to remote host: Connection refused
Am I missing any step? How do I use IMAP / POP over ssl?
Thanks and Regards,
Shashank

for a simple ssl client, use openssl:
openssl s_client -connect imap.gmail.com:993provides the following output:
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
Server certificate
-----BEGIN CERTIFICATE-----
MIIDYzCCAsygAwIBAgIQCtN0WxFVbbMJoG3rDFxPezANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA4MDQyOTAwMTEwOVoXDTA5MDQyOTAwMTEwOVow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDmltYXAu
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFMvRc3adE9FQT
U957F6ogQjmQRg6PGKSg79ECfMsDu/Rjrx2mFDmdScPLdHJxMgwfSrKGC/+R0OEf
FLDCXsNng6lwrCGL1xQXwNF1mfbzQZTa01HkiGQKcv6e93jZ1FTLHTak1eja6SA+
62IW+CSxyUGyue56quHza6zec2bhZQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQUFAAOBgQBycxu3lqcaaIly9avL8Xw80+SFeWVJCUdO
A2n2Y12OcKYeYCXuMJiHREpg+u8rjnUoDccdt7bhYq3sdhYARxtD47VjsqdpxnN0
9ERig/Dc0vRHGdBaxJX9OfDzpJjXdcTmMfN4xfbshJr6hlsfnQ5fzw1Fk7ya4PzD
PaGdeSi00w==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
No client certificate CA names sent
SSL handshake has read 1017 bytes and written 324 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 86F8C5265F6EE4524797F2139851376D20D702BB9EFFB78C5CD35999DE3B4C7A
    Session-ID-ctx:
    Master-Key: EA5857BBF58622793961B6CFEE448D079E249AF36171532F40C46C2E3887E08ACFBAC823D2186231D228ECB726140718
    Key-Arg   : None
    Start Time: 1213099885
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---It helps you figure out if you configured your servers correctly. It shows the cert chain sent by server, negotiated cipher suite, and whether any client-auth DNs were sent.

Uncontrolled tab openings? Can't see a pattern. Allowed to run once, but stopped with 80+ new tabs/pages. Only stop by closing down my FireFox[ver 3.6.13] and starting over. Searched here uncontrolled tab openings but nothing found. Thank you.

Happens when seeking to forward something, email something etc. Then it is just one additional tab after another, until I select right top corner to close FireFox.

See:
* [[Firefox keeps opening many tabs or windows]]

Asa5512, ver. 8.6(1)2, SMTP over NAT problem

Similar Messages

Maybe you are looking for