EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #897 background imageLoading...
Page #897 background image
40-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 40 Configuring Inspection for Management Application Protocols
DCERPC Inspection
This typically involves a client querying a server called the Endpoint Mapper (EPM) listening on a well
known port number for the dynamically allocated network information of a required service. The client
then sets up a secondary connection to the server instance providing the service. The security appliance
allows the appropriate port number and network address and also applies NAT, if needed, for the
secondary connection.
DCERPC inspect maps inspect for native TCP communication between the EPM and client on well
known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server
can be located in any security zone. The embedded server IP address and Port number are received from
the applicable EPM response messages. Because a client may attempt multiple connections to the server
port returned by EPM, multiple use of pinholes are allowed, which have user configurable timeouts.
Fields
• DCERPC Inspect Maps—Table that lists the defined DCERPC inspect maps.
• Add—Configures a new DCERPC inspect map. To edit a DCERPC inspect map, choose the
DCERPC entry in the DCERPC Inspect Maps table and click Customize.
• Delete—Deletes the inspect map selected in the DCERPC Inspect Maps table.
• Security Level—Select the security level (high, medium, or low).
–
Low
Pinhole timeout: 00:02:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: enabled
Endpoint mapper service lookup timeout: 00:05:00
–
Medium—Default.
Pinhole timeout: 00:01:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: disabled.
–
High
Pinhole timeout: 00:01:00
Endpoint mapper service: enforced
Endpoint mapper service lookup: disabled
–
Customize—Opens the Add/Edit DCERPC Policy Map dialog box for additional settings.
–
Default Level—Sets the security level back to the default level of Medium.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals