50-3
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 50 Configuring Inspection for Management Application Protocols
DCERPC Inspection
DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows
software clients to execute programs on a server remotely.
This typically involves a client querying a server called the Endpoint Mapper (EPM) listening on a well
known port number for the dynamically allocated network information of a required service. The client
then sets up a secondary connection to the server instance providing the service. The security appliance
allows the appropriate port number and network address and also applies NAT, if needed, for the
secondary connection.
DCERPC inspect maps inspect for native TCP communication between the EPM and client on well
known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server
can be located in any security zone. The embedded server IP address and Port number are received from
the applicable EPM response messages. Because a client may attempt multiple connections to the server
port returned by EPM, multiple use of pinholes are allowed, which have user configurable timeouts.
Fields
• DCERPC Inspect Maps—Table that lists the defined DCERPC inspect maps.
• Add—Configures a new DCERPC inspect map. To edit a DCERPC inspect map, choose the
DCERPC entry in the DCERPC Inspect Maps table and click Customize.
• Delete—Deletes the inspect map selected in the DCERPC Inspect Maps table.
• Security Level—Select the security level (high, medium, or low).
–
Low
Pinhole timeout: 00:02:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: enabled
Endpoint mapper service lookup timeout: 00:05:00
–
Medium—Default.
Pinhole timeout: 00:01:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: disabled.
–
High
Pinhole timeout: 00:01:00
Endpoint mapper service: enforced
Endpoint mapper service lookup: disabled
–
Customize—Opens the Add/Edit DCERPC Policy Map dialog box for additional settings.
–
Default Level—Sets the security level back to the default level of Medium.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—