DCERPC Inspection Does not Seem to work (OPC Communication)
Here is my situation: I have an OPC server (10.10.100.100/24) sitting at the secure side of the ASA Firewall 5512 (IOS: asa861-2-smp-k8.bin and ASDM Image asdm-66114.bin) and an OPC Client (192.168.100.100/24) sitting at the unsecure side (DMZ) of the firewall. The OPC client uses the MicroSoft DCOM protocol to communicate. (Note: NO OPC Server and Client Configuration issue since the communication is fine when they are in the same network). Because of that, I first allow the inbound TCP traffic (TCP Port 135) from OPC Client to OPC server to pass through the firewall using ACL "ManagementDMZ_access_in" on the DMZ interface. Then I enabled DCERPC Inspection. Based on the DCERPC Inspection result, there is 73 DCERPC packets with 0 drop. However, the ASDM Log shows the data traffic from OPC client to OPC server with dynamic TCP port was blocked by the Inbound ACL, which I think it should be allowed to pass through with DCERPC Inspection. Did I miss anything or anyone has any hit? Your help is much appreciated!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...