Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

UNIX server RPC service port mapping in asa 5580

Hi,

I have many UNIX servers in different DMZs and inside zone. They connect each other by using RPC service ports. Even when i checked server rpcinfo -p the ports getting mapped with rpc service to tcp and udp ports are different in different servers.

Please how this can be achived.

  • Firewalling
2 REPLIES

Re: UNIX server RPC service port mapping in asa 5580

Per Cisco Documentation:

"To enable Sun RPC application inspection or to change the ports to which the security appliance listens,

use the inspect sunrpc command in policy map class configuration mode, which is accessible by using

the class command within policy map configuration mode. To remove the configuration, use the no form

of this command.

The inspect sunrpc command enables or disables application inspection for the Sun RPC protocol. Sun

RPC is used by NFS and NIS. Sun RPC services can run on any port on the system. When a client

attempts to access an Sun RPC service on a server, it must find out which port that service is running on.

It does this by querying the portmapper process on the well-known port of 111.

The client sends the Sun RPC program number of the service, and gets back the port number. From this

point on, the client program sends its Sun RPC queries to that new port. When a server sends out a reply,

the security appliance intercepts this packet and opens both embryonic TCP and UDP connections on

that port."

"You enable the RPC inspection engine as shown in the following example, which creates a class map to

match RPC traffic on the default port (111). The service policy is then applied to the outside interface.

hostname(config)# class-map sunrpc-port

hostname(config-cmap)# match port tcp eq 111

hostname(config-cmap)# exit

hostname(config)# policy-map sample_policy

hostname(config-pmap)# class sunrpc-port

hostname(config-pmap-c)# inspect sunrpc

hostname(config-pmap-c)# exit

hostname(config)# service-policy sample_policy interface outside

To enable RPC inspection for all interfaces, use the global parameter in place of interface outside."

New Member

Re: UNIX server RPC service port mapping in asa 5580

Hi,

do anything need to be done other than the config what you have mentioned before for two way communication between the UNIX server in both the zone.

Regards,

983
Views
0
Helpful
2
Replies
This widget could not be displayed.