Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DCERPC Inspect Maps - ASA 5550

Hello,

I require some assistance with how to set up DCE RPC, the configuration I have has been applied through ASDM 6.1(5) and the ASA 8.0(4).

I have tried a couple of approaches;

1) Created an inspect map for DCERPC (ASDM)

2) Added DCERPC to the default inspection Service policy Rule(ASDM)

3) Copying an example from Cisco.com on the CLI

RPC connectivity works when allowing high ports in the Access Rules but not when only permitting tcp/135 which suggests the policy does not work. What am I missing? Is there other configuration to be completed with in the access rules?

Many thanks in advance

Richard

3 REPLIES
Anonymous
N/A

Re: DCERPC Inspect Maps - ASA 5550

This is because by default all traffic from a higher-security interface to a lower-security interface is allowed. Access lists let you either allow traffic from lower-security interfaces, or restrict traffic from higher-security interfaces.

The security appliance supports two types of access lists:

• Inbound-Inbound access lists apply to traffic as it enters an interface.

• Outbound-Outbound access lists apply to traffic as it exits an interface.

The following URL explains in steps about configuring access rules using ASDM 6:

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/aclrules.html#wp1046058

New Member

Re: DCERPC Inspect Maps - ASA 5550

I'm not too sure how this actually related to my issue of DCERPC traffic and configuration of this functionality?

Cisco Employee

Re: DCERPC Inspect Maps - ASA 5550

class-map inspection_default

match default-inspection-traffic

exit

policy-map global-policy

class inspection_default

inspect dcerpc

exit

exit

##########

Regards,

Sushil

676
Views
0
Helpful
3
Replies