Configure Dcerpc Inspection - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
DCERPC Inspection
This typically involves a client querying a server called the Endpoint Mapper listening on a well known
port number for the dynamically allocated network information of a required service. The client then sets
up a secondary connection to the server instance providing the service. The security appliance allows the
appropriate port number and network address and also applies NAT, if needed, for the secondary
connection.
DCERPC inspection maps inspect for native TCP communication between the EPM and client on well
known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server
can be located in any security zone. The embedded server IP address and Port number are received from
the applicable EPM response messages. Since a client may attempt multiple connections to the server
port returned by EPM, multiple use of pinholes are allowed, which have configurable timeouts.
DCE inspection supports the following UUIDs and messages:
•
•
•
Configure DCERPC Inspection
DCERPC inspection is not enabled by default. You must configure it if you want DCERPC inspection.
Procedure
Step 1
Configure a DCERPC Inspection Policy Map, page
Step 2
Configure the DCERPC Inspection Service Policy, page
Configure a DCERPC Inspection Policy Map
To specify additional DCERPC inspection parameters, create a DCERPC inspection policy map. You can
then apply the inspection policy map when you enable DCERPC inspection.
Before You Begin
Some traffic matching options use regular expressions for matching purposes. If you intend to use one
of those techniques, first create the regular expression or regular expression class map.
Procedure
Step 1
Create a DCERPC inspection policy map, enter the following command:
hostname(config)# policy-map type inspect dcerpc policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Cisco ASA Series Firewall CLI Configuration Guide
15-2
End point mapper (EPM) UUID. All EPM messages are supported.
ISystemMapper UUID (non-EPM). Supported messages are:
–
RemoteCreateInstance opnum4
–
RemoteGetClassObject opnum3
Any message that does not contain an IP address or port information because these messages do not
require inspection.
Chapter 15
Inspection of Database, Directory, and Management Protocols
15-2.
15-3.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
