Hi,
I am using Nagios to monitor our windows server using WMI. So I configure the DECRPC on our ASA 5520 firewall but i still see the deny on port > 1024.
Below is the configuration:
class-map MSRPC
match port tcp eq 135
!
policy-map type inspect dcerpc MSRPC-MAP
description dcerpc inspection for MAP and LOOKUP ops
parameters
endpoint-mapper lookup-operation
timeout pinhole 0:03:00
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect skinny
inspect icmp
inspect dcerpc
!
policy-map MSRPC
class MSRPC
inspect dcerpc MSRPC-MAP
!
service-policy global_policy global
service-policy MSRPC interface pci-management
service-policy MSRPC interface pci-external-svcs
!
ACL to allow tcp on port 135 is in place as well.
I also tried to use the policy parameter with epm only, and it doesn't work
I also tried to remove the inspection of dcerpc from global_policy and it's donig the same thing.
I also tried to only apply the policy-map on the Nagios interface, still the same thing
Can anyone help me out about this please?