June 27, 2013
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision Date Comment 1.0 27-JUN-2013 Initial Public Release
Products Affected ESA
There is a scheduled change to the IPv4 addresses for the Cisco Registered Email Service (CRES) hosts.
By default, Cisco Email Security Appliances (ESAs) use forward and reverse Domain Name System (DNS) to match against sender groups. However, some environments might have configured static IP addresses under the sender groups defined in the Host Access Table to control inbound Transport Layer Security (TLS). If you have configured IP-based access control to permit inbound TLS connections from Cisco's '.res.cisco.com' servers, you need to modify your rules to support the new IP addresses.
Customers that have configured static IP addresses under the sender groups defined in the Host Access Table to control inbound TLS from CRES need to include the new IP addresses prior to July 15, 2013.
If this is not changed before July 15th, your ESA will not accept TLS connections from CRES hosts and will not receive replies from messages encrypted by this service.
Add this range of IP addresses to your sender group defined in the Host Access Table for TLS replies from CRES by July 15, 2013: 126.96.36.199 to 188.8.131.52
In order to add the above listed IP address range and hostname to your existing sender group that is used for TLS (Incoming), complete these steps:
- Log in to the Administrator's User Interface.
- Edit your TLS sender group (naming conventions vary) under Mail Policies > Host Access Table > HAT Overview.
- Add this IP address range and hostname: 184.108.40.206-99, .res.cisco.com
- Submit and commit changes.
Note: It is highly recommended to add the hostname '.res.cisco.com' along with the above IP address range since any future additions will have DNS complete the lookup for the IP address information.
Should you have any questions, contact your local Cisco Support Team.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.