40-18
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 40 Configuring Inspection for Management Application Protocols
XDMCP Inspection
Add/Edit SNMP Map
The Add/Edit SNMP Map dialog box lets you create a new SNMP map for controlling SNMP application
inspection.
Fields
• SNMP Map Name—Defines the name of the application inspection map.
• SNMP version 1—Enables application inspection for SNMP version 1.
• SNMP version 2 (party based)—Enables application inspection for SNMP version 2.
• SNMP version 2c (community based)—Enables application inspection for SNMP version 2c.
• SNMP version 3—Enables application inspection for SNMP version 3.
Modes
The following table shows the modes in which this feature is available:
XDMCP Inspection
XDMCP inspection is enabled by default; however, the XDMCP inspection engine is dependent upon
proper configuration of the established command.
XDMCP is a protocol that uses UDP port 177 to negotiate X sessions, which use TCP when established.
For successful negotiation and start of an XWindows session, the adaptive security appliance must allow
the TCP back connection from the Xhosted computer. To permit the back connection, use the
established command on the adaptive security appliance. Once XDMCP negotiates the port to send the
display, The established command is consulted to verify if this back connection should be permitted.
During the XWindows session, the manager talks to the display Xserver on the well-known port 6000 |
n. Each display has a separate connection to the Xserver, as a result of the following terminal setting.
setenv DISPLAY Xserver:n
where n is the display number.
When XDMCP is used, the display is negotiated using IP addresses, which the adaptive security
appliance can NAT if needed. XDCMP inspection does not support PAT.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
Need help?
General
