Rsh Inspection - Cisco FirePOWER ASA 5500 series Configuration Manual

RSH Inspection

RSH Inspection
RSH inspection is enabled by default. The RSH protocol uses a TCP connection from the RSH client to
the RSH server on TCP port 514. The client and server negotiate the TCP port number where the client
listens for the STDERR output stream. RSH inspection supports NAT of the negotiated port number if
necessary.
RTSP Inspection
This section describes RTSP application inspection. This section includes the following topics:
•
•
•
RTSP Inspection Overview
The RTSP inspection engine lets the security appliance pass RTSP packets. RTSP is used by RealAudio,
RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections.
For Cisco IP/TV, use RTSP TCP port 554 and TCP 8554.
Note
RTSP applications use the well-known port 554 with TCP (rarely UDP) as a control channel. The
security appliance only supports TCP, in conformity with RFC 2326. This TCP control channel is used
to negotiate the data channels that is used to transmit audio/video traffic, depending on the transport
mode that is configured on the client.
The supported RDT transports are: rtp/avp, rtp/avp/udp, x-real-rdt, x-real-rdt/udp, and x-pn-tng/udp.
The security appliance parses Setup response messages with a status code of 200. If the response
message is travelling inbound, the server is outside relative to the security appliance and dynamic
channels need to be opened for connections coming inbound from the server. If the response message is
outbound, then the security appliance does not need to open dynamic channels.
Because RFC 2326 does not require that the client and server ports must be in the SETUP response
message, the security appliance keeps state and remembers the client ports in the SETUP message.
QuickTime places the client ports in the SETUP message and then the server responds with only the
server ports.
RTSP inspection does not support PAT or dual-NAT. Also, the security appliance cannot recognize HTTP
cloaking where RTSP messages are hidden in the HTTP messages.
Using RealPlayer
When using RealPlayer, it is important to properly configure transport mode. For the security appliance,
add an access-list command from the server to the client or vice versa. For RealPlayer, change transport
mode by clicking Options>Preferences>Transport>RTSP Settings.
Cisco Security Appliance Command Line Configuration Guide
25-60
RTSP Inspection Overview, page 25-60
Using RealPlayer, page 25-60
Restrictions and Limitations, page 25-61
Chapter 25 Configuring Application Layer Protocol Inspection
OL-10088-01