cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2129
Views
0
Helpful
1
Replies

DCE-RPC uuid oriented inspection ACL

Gizmo37QC
Level 1
Level 1

Hi all, did someone successfully applied ACL for MS-RPC service in an ASA or a FWSM ?   There is a lot of example but it seem to be generic parameter.

We are requested to do as some other manufacturer does, by specifying RPC access based on UUID . (ie, specify the RPC service authorized to pass through the firewall : Only Ms-Exchange Directory Service for exemple).

When i look to the last FWSM or ASA software guide, nowhere it is specified we can add or specify UUID. I also look at optionnal info in ASDM dce inspection protocol and nothing about UUID.

If someone have implemented it, is it possible to get additional documentation ?

Thanks,

Gizmo

1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

After 4.0 there was a dcerpc type policy-0map that was introduced http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/p.html#wp1705164

There you can set Pinhole Timeout, Endpoint-mapper, Endpoint-mapper service lookup, Endpoint-mapper service lookup timeout

I hope it helps.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: