Unable to open SMTP session through ASA 5512-X

Hi All,
Just doing some basic testing before we replace our ancient PIX 515E with a new 5512. I have a mini lab set up following the diagram below, although I am unable to telnet through to the mail server's netcat listener on port 25 TCP. I can ping all the way outbound from 192.168.101.1 to 10.0.0.2, and the 10.0.0.2 machine shows it is translated properly to 200.225.117.1.
NAT and access rules are as follows:
object network mail host 192.168.101.1 description Mail relayaccess-list inbound extended permit ip any host 200.225.117.1ASA# sh routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static routeGateway of last resort is 72.38.1.2 to network 0.0.0.0
C    192.168.100.0 255.255.255.0 is directly connected, inside
C    72.38.1.0 255.255.255.0 is directly connected, outside
C    192.168.101.0 255.255.255.0 is directly connected, dmz1
S*   0.0.0.0 0.0.0.0 [1/0] via 72.38.1.2, outside
Any ideas? I am also unable to ping the 200.225.117.1 machine with access list permitting IP.
EDIT: Somehow the new global access rule is involved. When adding a permit any any in there I can get to the mail server no problem. When I remove it but leave in my permit ip any any on the outside interface, I am denied?!?!

You can actually refer to the object in the access-list instead of the actual ip address.
There is also a lot of more flexible NAT that you can configure, ie: both source and destination IP and ports being translation, etc.
Here is the major changes which take place from version 8.3:
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
1) NAT
2) Access-list
3) Licensing if you have failover pair, doesn't need to be the same anymore.

Similar Messages

  • Unable to open CATS link through Portal...

    Hi Guys,
    I am unable to open the CATS Link through Portal.
    Once I click the link "Record working time", Iam getting error message i.e:
    500   Internal Server Error
    SAP NetWeaver Application Server 7.00/Java AS 7.00 
    Failed to process request. Please contact your system administrator.
    [Hide]
    Error Summary
    While processing the current request, an exception occured which could not be handled by the application or the framework.
    If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator. To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
    Root Cause
    The initial exception that caused the request to fail, was:
       com.sap.aii.proxy.framework.core.BaseProxyException: Access via 'NULL' object reference not possible., error key: RFC_ERROR_SYSTEM_FAILURE
        at com.sap.aii.proxy.framework.core.AbstractProxy.send$(AbstractProxy.java:150)
        at com.sap.xss.hr.cat.record.model.valuehelp.CatsValueHelpModel.hrxss_Cat_Wd_F4_Get_Meta_Data(CatsValueHelpModel.java:259)
        at com.sap.xss.hr.cat.record.model.valuehelp.Hrxss_Cat_Wd_F4_Get_Meta_Data_Input.doExecute(Hrxss_Cat_Wd_F4_Get_Meta_Data_Input.java:137)
        at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:92)
        at com.sap.xss.hr.cat.record.blc.RfcValueHelpManager.onRFCGetMetaData(RfcValueHelpManager.java:294)
        ... 66 more
      at com.sap.xss.hr.cat.record.model.valuehelp.Hrxss_Cat_Wd_F4_Get_Meta_Data_Input.doExecute(Hrxss_Cat_Wd_F4_Get_Meta_Data_Input.java:137)
        at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:92)
        at com.sap.xss.hr.cat.record.blc.RfcValueHelpManager.onRFCGetMetaData(RfcValueHelpManager.java:294)
        ... 66 more
    See full exception chain for details.
    System Environment
    How to solve this issue?

    Hi,
    You will have to check this with the person who is upporting our portal applications. From the error description it does not look like there is any thing wrong with CATS application as such.
    Regards
    Sreekanth

  • Unable to install WildCard Certificate for ASA 5512-x

    Have a customer who we manage an ASA 5512-X for.  I am configuring a Wildcard Certificate for AnyConnect. They have a wildcard certificate purchased through Godaddy.com.  I am utilizing ASDM 7.3 for the installation of the certificate.  I added the Identity Certificate ASDM_TrustPoint0.  Checked the radio button "Add a new identity certificate:"  Named the Key Pair WildCard, and set the size to 2048.  I also changed the "Certificate Subject DN: to CN=cityvpn.wirapids.org.  There were no other attributes to add.  I also changed the FQDN under the advanced tab to the same cityvpn.wirapids.org.  Then clicked Add Certificate.  Successful
    Under CA Certificates I added the certificate from file.  Which I added the bundle.crt from Godaddy.  Certificate was added successfully.
    Going back to Identity Certificates.  I click on install.  Install from a file.  Which I tried the other crt file and the bundle file from Godaddy.  I get an Error: Failed to parse or verify imported certificate.  With the other .crt file from Godaddy I get the same error, but "Certificate does not contain device's General Purpose Public Key."
    Not sure what to think.  Any suggestions or help would be great.  Thanks
    Paul

    You should never ever get a wildcard certificate. Because if that certificates private key gets stolen, the thief can impersonate all ssl-protected services. The clients view them as valid resources, because the certificate is correct. The only thing to do then, is to revocate the certificate, which will cause you to get a new certificate installed on ALL services that you had protected with the wildcard one.
    Even worse, most broswers (besides IE) ignore certificate revocation lists in various cases!

  • Unable to open .sql file through console window

    Getting error msg sp2-0310 while opening sql file

    Hemant_Khandare wrote:
    Getting error msg sp2-0310 while opening sql fileUse a fully qualified filename (with path). E.g.
    SQL> @y.sql
    SP2-0310: unable to open file "y.sql"
    SQL> @/tmp/y.sql
    SQL> select * from dual;
    D
    X
    SQL> If the problem is more complex than this, then please copy-and-paste the actual contents of what you're doing and the error that results.

  • Unable to open login page through internet explorer

    Hi,
    Configured Reverse proxy external tier. We are able to access login page through Mozilla but unable to access through IE8.
    Raised SR, but they have reverted saying it's browser problem & not in their scope.
    Please help for the following error message when redirecting to login page.
    You are trying to access a page that is no longer active.
    - The referring page may have come from a previous session. Please select Home to proceed.
    Thanks in advance

    Please post the details of the application release, database version and OS.
    Configured Reverse proxy external tier. We are able to access login page through Mozilla but unable to access through IE8.
    Raised SR, but they have reverted saying it's browser problem & not in their scope.Do you meet the requirements in these docs?
    Recommended Browsers for Oracle E-Business Suite Release 12 [ID 389422.1]
    Recommended Browsers for Oracle E-Business Suite 11i [ID 285218.1]
    Please help for the following error message when redirecting to login page.Can you find any errors in the application/apache/database log files?
    You are trying to access a page that is no longer active.
    - The referring page may have come from a previous session. Please select Home to proceed. Please see if these docs help.
    Session Error Raised Direct After Login when Using Two-Letter Domain Segments [ID 420573.1]
    Login Issue via Internet Explorer after EBS Upgrade from 11.5.10.2 to 12.0.4 [ID 828534.1]
    R12 Login Fails When A Cookie Using Comma Separated Values Is Set First [ID 946807.1]
    R12: Error "You are trying to access a page that is no longer active" When Attempting to Access Through Internet Explorer [ID 968839.1]
    Thanks,
    Hussein

  • Unable to open Planning application  through Workspace

    Hi All,
    I have Installed and configured the Hyperion products in the following Order
    ->Foundation services
    ->Essbase server
    ->Essbase Administration service
    ->Planning
    ->Reporting and Analysis
    ->Workspace
    We know that workspace is a single user interface.
    After configuring, I tried to open the Planning Application through workspace but I could not able to find "*Classic Application Administration*" under Administer option of Navigate menu Kindly guide me.
    Thanks and Regards
    chiDam

    You don't need to start downloading weblogic.
    Usually the issue is that either the web server has not been configured (this is not weblogic) or the permissions are not correct in shared services e.g. the hss roles of application creator, dimension editor.
    You can always try going to create a planning application directly first http://<planningmachine>:8300/HyperionPlanning/AppWizard.jsp
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Unable to open a session file.

    Hello everyone.
    I'm having a few problems with my adobe and i urgently need help because i have a very important file i need to edit but it doesn't seem to open.
    The problem is that whenever i try to open that specific session file, it says: "Audition has encountered an error. [|Monk|main|common|PremiereShell|Src|PlayerFactory.cpp-379]"
    "Microsoft Visual C++ Runtime Library
    Runtime Error!
    Programme: C:\Programme Files\Adobe\Adobe Audition 3.0\Audition.exe
    R6205
    - pure virtual function call"
    Sometimes it tells me to restart adobe. Do i have to reinstall it again? Or is it because the session file is corrupted ?

    If you post the session file I can take a look at it for you - you can also email it to me via the aatranslator web site (if you want a quick reply)

  • Unable to open payments/PaymentPG through JDeveloper

    I am trying to open the Oracle/apps/per/selfservice/payments/PaymentPG.xml through the EBS instance and the page is opening fine.When i am trying to open the same page through the JDeveloper the page is erroring out.
    The following is the error message that i can on the page...
    Errors:
    The data that defines the flexfield on this field may be inconsistent. Inform your system administrator that the function: KeyFlexfieldDefinitionFactory.getStructureNumber could not find the structure definition for the flexfield specified by Application = PAY, Code = BANK and Structure number =
    Error in validating configuration information (stage: UNEXPECTED_ERROR) Additional information: ORA-20002: 3000: Invalid value(s) passed for arguments. ITEMTYPE=NULL ITEMKEY=NULL ANAME=PAY_PSS_GOT_CONFIG1
    Is this any configartion issue??

    Looks like this page is just one of the steps of a multistep process. In this case, it is expecting some parameter values from previous pages. Either start running the page which starts the overall transaction process or pass the expected the page parameters through the project setting. Also check the page function definition.
    --Shiv                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • Unable to open excel file through application created by application builder

    Hello,
    I've created an application for my program using application builder, but the built application  is not able to open the required excel file as it was being opened in original program.
    Please help.

    Please post your code. We cannot do anything to help you if you do not. There are too many things that could be wrong for us to try and guess what you are doing. Also please tell us which version of LV you are using and which version of the toolkit. This is important because there have been a lot of changes to the toolkits here in the last couple of years.
    Joe.
    "NOTHING IS EVER EASY"

  • Unable to Open the HFM application through Workspace

    Hi,
    Here I am getting below error while i am trying to open the HFM application through Workspace.
    I was permitted allowed all IIS (Allow option checked ) but still the error coming i am unable to open my application through workspace , but i am able to do the all thing in HFM via Clien.The error is below
    There was some communication error. Response is : http://localhost:19000/hfm/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/appcontainer/Adf.asp <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <HTML><HEAD><TITLE>The page cannot be found</TITLE>
    <META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
    <STYLE type="text/css">
    BODY { font: 8pt/12pt verdana }
    H1 { font: 13pt/15pt verdana }
    H2 { font: 8pt/12pt verdana }
    A:link { color: red }
    A:visited { color: maroon }
    </STYLE>
    </HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
    The page cannot be found
    The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
    <hr>
    Please try the following:
    Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
    If you reached this page by clicking a link, contact
    the Web site administrator to alert them that the link is incorrectly formatted.
    Click the Back button to try another link.
    HTTP Error 404 - File or directory not found.
    Internet Information Services (IIS)
    <hr>
    Technical Information (for support personnel)
    Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
    Open IIS Help, which is accessible in IIS Manager (inetmgr),
    and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.
    </TD></TR></TABLE></BODY></HTML>
    "There was some communication error. Response is : http://localhost:19000/hfm/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/appcontainer/Adf.asp"
    "

    there can be many causes to this error....
    1) you should check first of all that the redirection from Apache port 19000 to folder HFM within the IIS is actually working. try hitting http://apacheserver:19000/hfm and make sure you get "hfm" response back.
    2) check that ASP is turned on in the IIS ("file / directory not found" suggests that it isnt)
    3) check what URL you used when you created the application or when you registered it with shared services as the "Financial Management Web Server URL for Security". It should normally be http://apacheservername:19000/hfm. If you did this wrong then re-register it with shared services via Navigate->Administer->Classic Application Administration->Consolidation Administration.
    4) check that the application was registered with Shared Services in the first place.
    5) make sure that on the HFM web server, the HFM application server/cluster is properly registered
    6) stop and restart all services and test again...
    7) try not to use "localhost" but proper fully qualified domain names "servername.mydomain.com" wherever possible. you will have less problems. the only place where you should use a non qualified name is in Relational Content links... see the HFM readme.

  • Unable to open the deployed applications

    Hi,
    I am unable to open planning application through Hyperion workspace. Its showing me the error "No Applications Available".
    Please suggest me on this regard.
    Thanks and Regards,
    Uday Dey

    Hi John,
    Please check the log message while strating planning in the foreground.
    Oct 20, 2008 6:20:50 PM org.apache.coyote.http11.Http11Protocol init
    INFO: Initializing Coyote HTTP/1.1 on http-8300
    Oct 20, 2008 6:20:50 PM org.apache.catalina.startup.Catalina load
    INFO: Initialization processed in 875 ms
    Oct 20, 2008 6:20:50 PM org.apache.catalina.core.StandardService start
    INFO: Starting service Catalina
    Oct 20, 2008 6:20:50 PM org.apache.catalina.core.StandardEngine start
    INFO: Starting Servlet Engine: Apache Tomcat/5.0.28
    Oct 20, 2008 6:20:50 PM org.apache.catalina.core.StandardHost start
    INFO: XML validation disabled
    Oct 20, 2008 6:20:50 PM org.apache.catalina.core.StandardHost getDeployer
    INFO: Create Host deployer for direct deployment ( non-jmx )
    Oct 20, 2008 6:20:50 PM org.apache.catalina.core.StandardHostDeployer install
    INFO: Installing web application at context path /HyperionPlanning from URL file
    :D:\Hyperion\deployments\Tomcat5\HyperionPlanning\webapps\HyperionPlanning
    Creating rebind thread to RMI
    Oct 20, 2008 6:20:53 PM org.apache.coyote.http11.Http11Protocol start
    INFO: Starting Coyote HTTP/1.1 on http-8300
    Oct 20, 2008 6:20:53 PM org.apache.jk.common.ChannelSocket init
    INFO: JK2: ajp13 listening on /0.0.0.0:8302
    Oct 20, 2008 6:20:53 PM org.apache.jk.server.JkMain start
    INFO: Jk running ID=0 time=0/16 config=null
    Oct 20, 2008 6:20:53 PM org.apache.catalina.startup.Catalina start
    INFO: Server startup in 2485 ms
    Regards,
    Uday Dey.

  • After install NAC agent I must remove cable before open windows session normaly

    Hi
    I use ISE 1.1 and NAC agent 4.9
    I have configure my catalyst 2960 port with dot1x and install NAC agent on many computer
    But I observed that I am unable to open windows session on some computer (windows 7)
    When I enter login and password, then I got black screen and nothing else, then if I remove the network cable on my computer, the black screen change and move to the windows desktop normaly
    Why do I need to remove network cable before get to my desktop normaly ?
    Please How can I fixed this issue ?
    Thanks in advance for your help

    Hi
    The given link might be helpful regarding your issue:
    http://www.cisco.com/en/US/netsol/ns466/index.html
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet0900aecd802da1b5.html

  • Unable to Open forms Through Forms session

    All,
    We are having a strange issue with Oracle Forms, recently we have applied CPU patches and after that we are unable to open 'PO CHange History' form through forms session and also we are having same issue with our Custom Form as well, below is the error message
    Error
    You are trying to access a page that is no longer active.
    - The referring page may have come from a previous session. Please select close window to proceed.
    We are on Oracle EBS 11.5.10.2 version and the issue we are getting in windows 7 system.
    Let me know if anyone has any idea on this issue..
    Thanks,

    We are having a strange issue with Oracle Forms, recently we have applied CPU patches and after that we are unable to open 'PO CHange History' form through forms session and also we are having same issue with our Custom Form as well, below is the error messageWhat CPU patches been applied recently?
    Error
    You are trying to access a page that is no longer active.
    - The referring page may have come from a previous session. Please select close window to proceed.
    We are on Oracle EBS 11.5.10.2 version and the issue we are getting in windows 7 system.Is Windows 7 the client OS?
    Unable to See Purchase Order Details From PO Change History Screen [ID 340806.1]
    PO Change History View Function - Page Cannot be Displayed Error [ID 1084807.1]
    Thanks,
    Hussein

  • Unable to load admin page asa 5512

    Hi,
    I have a new ASA 5512-X, out-of-the-box, which I am unable to open the admin web page on.
    Laptop - Lenovo Windows 7 64 bit
    Browsers - Firefox 28 & IE 11
    Java is installed and correct vesrions
    ASDM on the 5512 - asdm-66114.bin
    ASA Ver - asa861-2-smp-k8.bin
    https is enabled and I'm using IP addresses that are allowed connectivity to the 5512
    When i browse to https://192.168.1.1/admin I am presented with a certificate error as expected, I accept the certificate, then the page hangs.  This happens on both Firefox and IE. 
    Wireshark shows the TCP 3-way handshake and the TLS/SSL negotiation which is then immediately followed by the 5512 sending SSL data then a FIN,PSH,ACK packet back to my PC.  then a load of TCP retransmits from both my PC and the 5512.
    Now, I tried a different PC (Dell), same OS, same ver of Firefox but IE ver.9, and did not have any problems being presented with the 'Run ASDM Wizard' page.
    Has anyone had a similar issue?  Has anyone please got any idea what config on my PC may be at fault?
    Many thanks for any suggestions and help.
    Cheers

    Please have a look at the ssl settings on the ASA: "show run | i ssl".
    You may not have strong ciphers enabled and the PC with the newer browser does not accept the default weak ciphers. I make it a habit to setup ASAs with:
    ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 rc4-md5
    Those are all strong ciphers.

  • Unable to open Messaging Server 6.2 through admin console 5.2

    my system is
    Sun Java(tm) System Messaging Server 6.2-3.05 (built Nov 23 2005)
    libimta.dll 6.2-3.05 (built 02:22:19, Nov 23 2005)
    Microsoft Windows 2000 version 5.2 (Build 3790)
    i installed Sun Java Enterprise System (directory, admin, messaging) servers on my windows 2003 server, all is working fine except:
    1- unable to open my messaging server through my admin console 5.2.
    when checking the error log file i see
    "[05/Jun/2006:10:51:49] failure ( 2624): for host t.est.hotmail.com trying to GET /msg-config/tasks/operation/cgi_root, cgi_scan_headers reports: the CGI program E:\Sun\Server-Root\bin\msg\admin\bin\cgi_root.exe did not produce a valid header (program terminated without a valid CGI header. Check for core dump or other abnormal termination)"
    Any clue?
    2- When creating a new user through the admin console 5.2, and check the mail account checkbox, i don't get the "mail tab" to complete the needed information, and therefore the newly created user is not an active email account as mainly the mailhost attribute has not been created for the account
    Is this related to the problem in point 1?
    NOTE 1: i ran cmm_dssetup.pl before configuring the messaging server and selected schema 1
    NOTE 2: i downloaded the software from sun.com, didn't register it yet as i'm in the testing phase
    Appreciate your help, direction and tips

    Oh, my.....
    1. The Directory Console is not very useful, for anything in Messaging 6. The MTA is configured via editing files, and the mail store is better configured using the configutil utility.
    2. You SHOULD NOT attempt to create users with the Directory Console. They won't work. Use either the command-line tools provided (comm-admin), or use the Delegated Admin tool provided.

Maybe you are looking for

  • SD or SDHC that is the question

    Is it possible to use a SDHC card with an 8320 or do you have to use a SD card? THanks

  • How to install oracle 9i application server

    Dear friends, I have 9i dedicated server. However I want to install oracle 9i AS independent of Oracle 9i server. When I install it asks for Host name and Port name as though iam connecting from domain server. How to install oracle 9i AS and how to r

  • Customer invoice : where the account are maintained  ?

    Hi, when we post a customer invoice, the system generate an FI doc automatically : where it finds the appropriate accounts related to each material ? please where the settings are done ? i hope your help Regards.

  • Reg:2LIS_11_VAITM

    Business content for the ITM extract has been discussed many times in the forums - pease searh the forums before posting Dear All, what is the standard query for infosource 2LIS_11_VAITM? Thanks, Sankar M Edited by: Arun Varadarajan on Mar 20, 2009 3

  • Assign approver in standard PCR.

    Hello, Our "Request to transfer" PCR is working fine hoever a step seems to be missing. 1. Manager is able to request PCR for his employee. 2. HR administrator is able to get the same in notifications and is able to approve and close the same. Reques