Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1294
Views
0
Helpful
2
Replies

UNIX server RPC service port mapping in asa 5580

santoshm_75
Level 1
Level 1

‎02-05-2009 08:45 AM - edited ‎03-11-2019 07:46 AM

Hi,

I have many UNIX servers in different DMZs and inside zone. They connect each other by using RPC service ports. Even when i checked server rpcinfo -p the ports getting mapped with rpc service to tcp and udp ports are different in different servers.

Please how this can be achived.

Labels:
0 Helpful
2 Replies 2

eddie.mitchell
Level 3
Level 3

‎02-06-2009 07:08 AM

Per Cisco Documentation:

"To enable Sun RPC application inspection or to change the ports to which the security appliance listens,

use the inspect sunrpc command in policy map class configuration mode, which is accessible by using

the class command within policy map configuration mode. To remove the configuration, use the no form

of this command.

The inspect sunrpc command enables or disables application inspection for the Sun RPC protocol. Sun

RPC is used by NFS and NIS. Sun RPC services can run on any port on the system. When a client

attempts to access an Sun RPC service on a server, it must find out which port that service is running on.

It does this by querying the portmapper process on the well-known port of 111.

The client sends the Sun RPC program number of the service, and gets back the port number. From this

point on, the client program sends its Sun RPC queries to that new port. When a server sends out a reply,

the security appliance intercepts this packet and opens both embryonic TCP and UDP connections on

that port."

"You enable the RPC inspection engine as shown in the following example, which creates a class map to

match RPC traffic on the default port (111). The service policy is then applied to the outside interface.

hostname(config)# class-map sunrpc-port

hostname(config-cmap)# match port tcp eq 111

hostname(config-cmap)# exit

hostname(config)# policy-map sample_policy

hostname(config-pmap)# class sunrpc-port

hostname(config-pmap-c)# inspect sunrpc

hostname(config-pmap-c)# exit

hostname(config)# service-policy sample_policy interface outside

To enable RPC inspection for all interfaces, use the global parameter in place of interface outside."

0 Helpful

santoshm_75
Level 1
Level 1
In response to eddie.mitchell

‎02-09-2009 06:23 AM

Hi,

do anything need to be done other than the config what you have mentioned before for two way communication between the UNIX server in both the zone.

Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card