Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
50-2
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 50 Configuring Inspection for Management Application Protocols
DCERPC Inspection
This typically involves a client querying a server called the Endpoint Mapper listening on a well known
port number for the dynamically allocated network information of a required service. The client then sets
up a secondary connection to the server instance providing the service. The security appliance allows the
appropriate port number and network address and also applies NAT, if needed, for the secondary
connection.
DCERPC inspect maps inspect for native TCP communication between the EPM and client on well
known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server
can be located in any security zone. The embedded server IP address and Port number are received from
the applicable EPM response messages. Since a client may attempt multiple connections to the server
port returned by EPM, multiple use of pinholes are allowed, which have user configurable timeouts.
Note DCERPC inspection only supports communication between the EPM and clients to open pinholes
through theASA. Clients using RPC communication that does not use the EPM is not supported with
DCERPC inspection.
Select DCERPC Map
Add/Edit Service Policy Rule Wizard > Rule Actions >
Protocol Inspection Tab >Select DCERPC Map
The Select DCERPC Map dialog box lets you select or create a new DCERPC map. A DCERPC map
lets you change the configuration values used for DCERPC application inspection. The Select DCERPC
Map table provides a list of previously configured maps that you can select for application inspection.
Fields
Use the default DCERPC inspection map—Specifies to use the default DCERPC map.
Select a DCERPC map for fine control over inspectionLets you select a defined application
inspection map or add a new one.
Add—Opens the Add Policy Map dialog box for the inspection.
Modes
The following table shows the modes in which this feature is available:
DCERPC Inspect Map
Configuration > Global Objects > Inspect Maps > DCERPC
The DCERPC pane lets you view previously configured DCERPC application inspection maps. A
DCERPC map lets you change the default configuration values used for DCERPC application
inspection.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••