https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373431#M271771 <P>Hi,</P><P></P><P>We are running Cisco ASA 2220 version 8.4(3).</P><P>In previous attempts we have been unable to firewall Microsoft DCOM communications and generally any Microsoft RPC comms although the last time we attempted we were running an older model of Cisco ASA.</P><P></P><P>Is it possible to use a policy map to correctly open the pinholes for Microsoft RPC communications? If so what version of IOS is required and would anyone have a configuration example?</P><P></P><P>Has anyone had success with this?</P><P></P><P>Many thanks in advance.</P> Tue, 12 Mar 2019 03:27:54 GMT tekgem123 2019-03-12T03:27:54Z https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373431#M271771 <P>Hi,</P><P></P><P>We are running Cisco ASA 2220 version 8.4(3).</P><P>In previous attempts we have been unable to firewall Microsoft DCOM communications and generally any Microsoft RPC comms although the last time we attempted we were running an older model of Cisco ASA.</P><P></P><P>Is it possible to use a policy map to correctly open the pinholes for Microsoft RPC communications? If so what version of IOS is required and would anyone have a configuration example?</P><P></P><P>Has anyone had success with this?</P><P></P><P>Many thanks in advance.</P> Tue, 12 Mar 2019 03:27:54 GMT https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373431#M271771 tekgem123 2019-03-12T03:27:54Z https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373432#M271774 <HTML><HEAD></HEAD><BODY><P>MS RPC has been supported for years with constant improvements and updates.</P><P></P><P>See here e.g. the 9.1 overview:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/inspect_mgmt.html#wp1478733">http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/inspect_mgmt.html#wp1478733</A></P></BODY></HTML> Sat, 11 Jan 2014 13:39:12 GMT https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373432#M271774 m.kafka 2014-01-11T13:39:12Z https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373433#M271777 <HTML><HEAD></HEAD><BODY><P>Addendum: Yes I used it a couple of times with different requirements, one time remeber I had to update the ASA to whatever to support DCERPC without endpointmapper (was some OWA frontend on a DMZ talking to a Exchange on the inside)</P></BODY></HTML> Sat, 11 Jan 2014 13:41:05 GMT https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373433#M271777 m.kafka 2014-01-11T13:41:05Z https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373434#M271779 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>So I setup a lab for testing... specifically a client server application called Microsoft Data Protection Manager (backup application) which makes use of DCOM for agent communications.</P><P>The lab consists of Cisco ASA with inside (security-level 100) and outside interface (security-level 0) and a DCOM client and server on each side of the firewall.</P><P></P><P>Interestingly when I use the dcerpc policy map and test using a simple dcom test application from Microsoft it is successful and correctly opens up the pinholes for DCOM. </P><P></P><P>As soon as I try to use Microsoft DPM the communications fail but I don't see any denied traffic so it must be hitting the rule but failing. I just wonder if some of the inbound traffic is not being inspected and being dropped rather than denied.</P><P></P><P>Any ideas how to troubleshoot further?</P></BODY></HTML> Wed, 22 Jan 2014 13:35:14 GMT https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373434#M271779 tekgem123 2014-01-22T13:35:14Z https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373435#M271781 <HTML><HEAD></HEAD><BODY><P>Just an update, I have another tool provided by Microsoft for testing dcerpc tcp 135 called portqry.</P><P></P><P>When I run this tool on the server located on the outside interface I get the following:</P><P>Deny TCP (no connection) from 192.168.254.10/50341 to 192.168.253.11/135 flags PSH ACK on interface outside</P><P></P><P>When I run this tool on the client located on the inside interface I get the following:</P><P>tcp flow from inside:192.168.253.11/58151 to outside:192.168.254.10/135 terminated by inspection engine, reason - proxy inspector disconnected, dropped packet.</P><P>Deny TCP (no connection) from 192.168.253.11/58173 to 192.168.254.10/135 flags PSH ACK on interface inside.</P><P></P><P>Any ideas?</P></BODY></HTML> Thu, 23 Jan 2014 11:14:14 GMT https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/2373435#M271781 tekgem123 2014-01-23T11:14:14Z https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/4028995#M271782 <P>Hi,</P><P>&nbsp;</P><P>i am experiencing the very same problem on a production network and i cannot find a solution. I wonder if you have solved your situation.</P><P>&nbsp;</P><P>Br,</P><P>&nbsp;</P> Thu, 13 Feb 2020 13:52:55 GMT https://community.cisco.com/t5/network-security/firewalling-microsoft-dcom/m-p/4028995#M271782 kadoo 2020-02-13T13:52:55Z