40-2
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 40 Configuring Inspection for Management Application Protocols
DCERPC Inspection
This typically involves a client querying a server called the Endpoint Mapper listening on a well known
port number for the dynamically allocated network information of a required service. The client then sets
up a secondary connection to the server instance providing the service. The security appliance allows the
appropriate port number and network address and also applies NAT, if needed, for the secondary
connection.
DCERPC inspect maps inspect for native TCP communication between the EPM and client on well
known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server
can be located in any security zone. The embedded server IP address and Port number are received from
the applicable EPM response messages. Since a client may attempt multiple connections to the server
port returned by EPM, multiple use of pinholes are allowed, which have user configurable timeouts.
Note DCERPC inspection only supports communication between the EPM and clients to open pinholes
through theadaptive security appliance. Clients using RPC communication that does not use the EPM is
not supported with DCERPC inspection.
Select DCERPC Map
The Select DCERPC Map dialog box lets you select or create a new DCERPC map. A DCERPC map
lets you change the configuration values used for DCERPC application inspection. The Select DCERPC
Map table provides a list of previously configured maps that you can select for application inspection.
Fields
• Use the default DCERPC inspection map—Specifies to use the default DCERPC map.
• Select a DCERPC map for fine control over inspection—Lets you select a defined application
inspection map or add a new one.
• Add—Opens the Add Policy Map dialog box for the inspection.
Modes
The following table shows the modes in which this feature is available:
DCERPC Inspect Map
The DCERPC pane lets you view previously configured DCERPC application inspection maps. A
DCERPC map lets you change the default configuration values used for DCERPC application
inspection.
DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows
software clients to execute programs on a server remotely.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
