DCERPC Inspection
Add/Edit DCERPC Policy Map
The Add/Edit DCERPC Policy Map pane lets you configure the security level and parameters for
DCERPC application inspection maps.
Fields
•
•
•
•
Modes
The following table shows the modes in which this feature is available:
Cisco ASA 5500 Series Configuration Guide using ASDM
40-4
Name—When adding a DCERPC map, enter the name of the DCERPC map. When editing a
DCERPC map, the name of the previously configured DCERPC map is shown.
Description—Enter the description of the DCERPC map, up to 200 characters in length.
Security Level—Select the security level (high, medium, or low).
Low
–
Pinhole timeout: 00:02:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: enabled
Endpoint mapper service lookup timeout: 00:05:00
Medium—Default.
–
Pinhole timeout: 00:01:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: disabled.
High
–
Pinhole timeout: 00:01:00
Endpoint mapper service: enforced
Endpoint mapper service lookup: disabled
–
Default Level—Sets the security level back to the default level of Medium.
Details—Shows the Parameters to configure additional settings.
Pinhole Timeout—Sets the pinhole timeout. Because a client may use the server information
–
returned by the endpoint mapper for multiple connections, the timeout value is configurable
based on the client application environment. Range is from 0:0:1 to 1193:0:0. Default is 2
minutes.
Enforce endpoint-mapper service—Enforces endpoint mapper service during binding.
–
Enable endpoint-mapper service lookup—Enables the lookup operation of the endpoint mapper
–
service. If disabled, the pinhole timeout is used.
Enforce Service Lookup Timeout—Enforces the service lookup timeout specified.
Service Lookup Timeout—Sets the timeout for pinholes from lookup operation.
Chapter 40
Configuring Inspection for Management Application Protocols
OL-20339-01