Guest

Cisco Email Security Appliance

Field Notice: FN - 63661 - CRES: IP Address Changes and Outage Notification

Field Notice: FN - 63661 - CRES: IP Address Changes and Outage Notification

June 27, 2013


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Date Comment
1.0
27-JUN-2013
Initial Public Release

Products Affected

Products Affected
ESA

Problem Description

There is a scheduled change to the IPv4 addresses for the Cisco Registered Email Service (CRES) hosts.

Background

By default, Cisco Email Security Appliances (ESAs) use forward and reverse Domain Name System (DNS) to match against sender groups. However, some environments might have configured static IP addresses under the sender groups defined in the Host Access Table to control inbound Transport Layer Security (TLS). If you have configured IP-based access control to permit inbound TLS connections from Cisco's '.res.cisco.com' servers, you need to modify your rules to support the new IP addresses.

Problem Symptoms

Customers that have configured static IP addresses under the sender groups defined in the Host Access Table to control inbound TLS from CRES need to include the new IP addresses prior to July 15, 2013.

If this is not changed before July 15th, your ESA will not accept TLS connections from CRES hosts and will not receive replies from messages encrypted by this service.

Workaround/Solution

Add this range of IP addresses to your sender group defined in the Host Access Table for TLS replies from CRES by July 15, 2013: 184.94.241.96 to 184.94.241.99

In order to add the above listed IP address range and hostname to your existing sender group that is used for TLS (Incoming), complete these steps:

  1. Log in to the Administrator's User Interface.
  2. Edit your TLS sender group (naming conventions vary) under Mail Policies > Host Access Table > HAT Overview.
  3. Add this IP address range and hostname: 184.94.241.96-99, .res.cisco.com
  4. Submit and commit changes.

Note: It is highly recommended to add the hostname '.res.cisco.com' along with the above IP address range since any future additions will have DNS complete the lookup for the IP address information.

Should you have any questions, contact your local Cisco Support Team.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.