Xdmcp Inspection Engine - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 13
Configuring Application Protocol Inspection
Detailed Information About Inspection Engines
XDMCP Inspection Engine
Enabled by default for UDP port 177
Not Configurable
The port assignment for the X Display Manager Control Protocol (XDMCP) is not configurable.
XDMCP is a protocol that uses UDP port 177 to negotiate X sessions, which use TCP when established.
For successful negotiation and as the start of an Xwindows session, the FWSM must allow the TCP back
connection. Once XDMCP negotiates the session, a single embryonic connection is created to handle the
initial TCP connection, after which the established rule is consulted.
During the X Windows session, the manager talks to the display's Xserver on the well-known port 6000
+ n. Each display has a separate connection to the Xserver as a result of the following terminal setting:
setenv DISPLAY Xserver:n
where n is the display number.
When XDMCP is used, the display is negotiated using IP addresses, which the FWSM can NAT if
needed. The XDCMP inspection engine does not support PAT.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
13-22
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
