https://community.cisco.com/t5/network-security/fwsm-blocks-rpc-traffic/m-p/1908799#M458783 <P>Hello</P><P></P><P>I have a customer who has Microsoft SMS running on Windows 2008 server and agent is installed on all clients, server is in DMZ and the clients are in other dmz , other applications are running and using RPS with no problems but the SMS server is new and I found dropped packets by the inspection policy for the inspected SMS server as below</P><P></P><P><SPAN style="font-size: 8pt;">fwsm# sho service-policy</SPAN></P><P><SPAN style="font-size: 8pt;">Global policy: </SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp; Service-policy: global_policy</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp; Class-map: inspection_default</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: dns maximum-length 512, packet 358660, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: ftp, packet 1873, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: h323 h225, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: h323 ras, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: netbios, packet 224450, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: rsh, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: sip, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: skinny, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: sqlnet, packet 1265466, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: sunrpc, packet 68218, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: tftp, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: xdmcp, packet 72, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: dcerpc, packet 100362,<SPAN style="color: #ff0000;"> drop 18</SPAN>, reset-drop 0</SPAN></P><P></P><P></P><P></P><P>Also the output of " debug dcerpc events" gives this error <SPAN style="color: #ff0000;"> "DCERPC-ERR: Corrupted packet, incorrect scm reply header"</SPAN></P><P></P><P>Removing the DCREPC inspection interupts other application .</P><P></P><P>the FWSM version is 4.1(7) .</P><P></P><P>ANY IDEA ?</P><P></P><P></P><P></P><P></P> Mon, 11 Mar 2019 22:35:33 GMT eng.malak 2019-03-11T22:35:33Z https://community.cisco.com/t5/network-security/fwsm-blocks-rpc-traffic/m-p/1908799#M458783 <P>Hello</P><P></P><P>I have a customer who has Microsoft SMS running on Windows 2008 server and agent is installed on all clients, server is in DMZ and the clients are in other dmz , other applications are running and using RPS with no problems but the SMS server is new and I found dropped packets by the inspection policy for the inspected SMS server as below</P><P></P><P><SPAN style="font-size: 8pt;">fwsm# sho service-policy</SPAN></P><P><SPAN style="font-size: 8pt;">Global policy: </SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp; Service-policy: global_policy</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp; Class-map: inspection_default</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: dns maximum-length 512, packet 358660, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: ftp, packet 1873, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: h323 h225, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: h323 ras, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: netbios, packet 224450, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: rsh, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: sip, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: skinny, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: sqlnet, packet 1265466, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: sunrpc, packet 68218, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: tftp, packet 0, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: xdmcp, packet 72, drop 0, reset-drop 0</SPAN></P><P><SPAN style="font-size: 8pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspect: dcerpc, packet 100362,<SPAN style="color: #ff0000;"> drop 18</SPAN>, reset-drop 0</SPAN></P><P></P><P></P><P></P><P>Also the output of " debug dcerpc events" gives this error <SPAN style="color: #ff0000;"> "DCERPC-ERR: Corrupted packet, incorrect scm reply header"</SPAN></P><P></P><P>Removing the DCREPC inspection interupts other application .</P><P></P><P>the FWSM version is 4.1(7) .</P><P></P><P>ANY IDEA ?</P><P></P><P></P><P></P><P></P> Mon, 11 Mar 2019 22:35:33 GMT https://community.cisco.com/t5/network-security/fwsm-blocks-rpc-traffic/m-p/1908799#M458783 eng.malak 2019-03-11T22:35:33Z https://community.cisco.com/t5/network-security/fwsm-blocks-rpc-traffic/m-p/1908800#M458787 <HTML><HEAD></HEAD><BODY><P>Any hint experts ?</P></BODY></HTML> Tue, 28 Feb 2012 11:46:00 GMT https://community.cisco.com/t5/network-security/fwsm-blocks-rpc-traffic/m-p/1908800#M458787 eng.malak 2012-02-28T11:46:00Z