Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Select DCERPC Map, DCERPC Inspect Map

14-2

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter14 Configuring Inspection for Management Application Protocols

DCERPC Inspection

This typically involves a client querying a server called the Endpoint Mapper listening on a well known

port number for the dynamically allocated network information of a required service. The client then sets

up a secondary connection to the server instance providing the service. The security appliance allows the

appropriate port number and network address and also applies NAT, if needed, for the secondary

connection.

DCERPC inspect maps inspect for native TCP communication between the EPM and client on well

known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server

can be located in any security zone. The embedded server IP address and Port number are received from

the applicable EPM response messages. Since a client may attempt multiple connections to the server

port returned by EPM, multiple use of pinholes are allowed, which have user configurable timeouts.

Note DCERPC inspection only supports communication between the EPM and clients to open pinholes

through theASA. Clients using RPC communication that does not use the EPM is not supported with

DCERPC inspection.

Select DCERPC Map

Add/Edit Service PolicyRule Wizard > Rule Actions >

Protocol Inspection Tab>Select DCERPC Map

The Select DCERPC Map dialog box lets you select or create a new DCERPC map. A DCERPC map

lets you change the configuration values used for DCERPC application inspection. The Select DCERPC

Map table provides a list of previously configured maps that you can select for application inspection.

Fields

•Use the default DCERPC inspection map—Specifies to use the default DCERPC map.

•Select a DCERPC map for fine control over inspection—Lets you select a defined application

inspection map or add a new one.

•Add—Opens the Add Policy Map dialog box for the inspection.

DCERPC Inspect Map

Configuration> Global Objects > Inspect Maps > DCERPC

The DCERPC pane lets you view previously configured DCERPC application inspection maps. A

DCERPC map lets you change the default configuration values used for DCERPC application

inspection.

DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows

software clients to execute programs on a server remotely.

This typically involves a client querying a server called the Endpoint Mapper (EPM) listening on a well

known port number for the dynamically allocated network information of a required service. The client

then sets up a secondary connection to the server instance providing the service. The security appliance

allows the appropriate port number and network address and also applies NAT, if needed, for the

secondary connection.

Cisco Systems Select DCERPC Map, DCERPC Inspect Map