06-18-2009 01:22 AM - edited 03-11-2019 08:45 AM
Hi team
can anyone shed light on whether Cisco ASA 8.0 and higher can support MS-RPC dynamic port assignment. Instead of opening High Ports 1025-65535 for MS-RPC Services, does ASA has an Application inspection and Predefined Service for MS-RPC-ANY, whereby it intelligently allows Client-Server connection using pin-holes and closes dynamically.
06-18-2009 05:13 AM
Yes it does. Pls. read here:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i2.html#wp1725357
Sample config is there in the above link as well.
08-08-2019 09:07 AM
the link which you have shared is not working
04-24-2014 01:37 AM
Since RPC use Random ports above 1024, need to be pin holed. RPC Endpoint Mapper (EPM) running on TCP135 will be queried for random ports. So that tcp 135 should be allowed in ACL and the below policy map will be configured to allow RPC under global_policy map.
policy-map type inspect dcerpc dcerpc_map
parameters
timeout pinhole 0:10:00
class-map dcerpc
match port tcp eq 135
policy-map global_policy
class dcerpc
inspect dcerpc dcerpc_map
verify the above using #show run policy map
Satheesh CCIE# 38651 R&S
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide