Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM blocks RPC traffic

Hello

I have a customer who has Microsoft SMS running on Windows 2008 server and agent is installed on all clients, server is in DMZ and the clients are in other dmz , other applications are running and using RPS with no problems but the SMS server is new and I found dropped packets by the inspection policy for the inspected SMS server as below

fwsm# sho service-policy

Global policy:

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: dns maximum-length 512, packet 358660, drop 0, reset-drop 0

      Inspect: ftp, packet 1873, drop 0, reset-drop 0

      Inspect: h323 h225, packet 0, drop 0, reset-drop 0

      Inspect: h323 ras, packet 0, drop 0, reset-drop 0

      Inspect: netbios, packet 224450, drop 0, reset-drop 0

      Inspect: rsh, packet 0, drop 0, reset-drop 0

      Inspect: sip, packet 0, drop 0, reset-drop 0

      Inspect: skinny, packet 0, drop 0, reset-drop 0

      Inspect: sqlnet, packet 1265466, drop 0, reset-drop 0

      Inspect: sunrpc, packet 68218, drop 0, reset-drop 0

      Inspect: tftp, packet 0, drop 0, reset-drop 0

      Inspect: xdmcp, packet 72, drop 0, reset-drop 0

      Inspect: dcerpc, packet 100362, drop 18, reset-drop 0

Also the output of " debug dcerpc events" gives this error "DCERPC-ERR: Corrupted packet, incorrect scm reply header"

Removing the DCREPC inspection interupts other application .

the FWSM version is 4.1(7) .

ANY IDEA ?

1 REPLY
Community Member

FWSM blocks RPC traffic

Any hint experts ?

469
Views
0
Helpful
1
Replies
CreatePlease to create content