Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19236
Views
21
Helpful
3
Replies

ASA and Dynamic Opening of MS-RPC Ports

fahim_mohd
Level 1
Level 1

‎06-18-2009 01:22 AM - edited ‎03-11-2019 08:45 AM

Hi team

can anyone shed light on whether Cisco ASA 8.0 and higher can support MS-RPC dynamic port assignment. Instead of opening High Ports 1025-65535 for MS-RPC Services, does ASA has an Application inspection and Predefined Service for MS-RPC-ANY, whereby it intelligently allows Client-Server connection using pin-holes and closes dynamically.

4 people had this problem
Labels:
0 Helpful
3 Replies 3

Kureli Sankar
Cisco Employee
Cisco Employee

‎06-18-2009 05:13 AM

Yes it does. Pls. read here:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i2.html#wp1725357

Sample config is there in the above link as well.

mravibhavi
Level 1
Level 1
In response to Kureli Sankar

‎08-08-2019 09:07 AM

the link which you have shared is not working

0 Helpful

Kirupairajah Satheeskumar
Level 1
Level 1

‎04-24-2014 01:37 AM

 

Since RPC use Random ports above 1024, need to be pin holed. RPC Endpoint Mapper (EPM) running on TCP135 will be queried for random ports. So that tcp 135 should be allowed in ACL and the below policy map will be configured to allow RPC under global_policy map.

 

 

 policy-map type inspect dcerpc dcerpc_map
 parameters
 timeout pinhole 0:10:00


 class-map dcerpc
 match port tcp eq 135


policy-map global_policy
 class dcerpc
  inspect dcerpc dcerpc_map

verify the above using #show run policy map

Satheesh CCIE# 38651 R&S

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card