Cisco ASA Series Cli Configuration Manual page 1100

Default Settings
Table 1-1 Supported Application Inspection Engines (continued)
Default
1
Application Port
SNMP UDP/161,
162
SQL*Net TCP/1521
Sun RPC over UDP/111
UDP and TCP
TFTP UDP/69
WAAS —
XDCMP UDP/177
1. Inspection engines that are enabled by default for the default port are in bold.
2. The ASA is in compliance with these standards, but it does not enforce compliance on packets being inspected. For example, FTP commands are supposed
to be in a particular order, but the ASA does not enforce the order.
The default policy configuration includes the following commands:
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect ip-options _default_ip_options_map
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
Cisco ASA Series CLI Configuration Guide
1-6
NAT Limitations
No NAT or PAT.
No extended PAT.
No NAT64.
No extended PAT.
No NAT64.
No NAT64.
No extended PAT.
No NAT64.
No extended PAT.
No NAT64.
message-length maximum client auto
message-length maximum 512
dns-guard
protocol-enforcement
nat-rewrite
Chapter 1 Getting Started with Application Layer Protocol Inspection
2
Standards Comments
RFC 1155, 1157, v.2 RFC 1902-1908; v.3 RFC
1212, 1213, 1215 2570-2580.
— v.1 and v.2.
— The default rule includes UDP port 111;
if you want to enable Sun RPC
inspection for TCP port 111, you need
to create a new rule that matches TCP
port 111 and performs Sun RPC
inspection.
RFC 1350 Payload IP addresses are not translated.
— —
— —