Pptp Inspection - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
PPTP Inspection
You can specify multiple class or match commands in the policy map. For information about the order
of class and match commands, see the
page
To configure parameters that affect the inspection engine, perform the following steps:
Step 6
a.
b.
The following example shows how to define a NETBIOS inspection policy map.
hostname(config)# policy-map type inspect netbios netbios_map
hostname(config-pmap)# protocol-violation drop log
hostname(config)# policy-map netbios_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect netbios netbios_map
PPTP Inspection
PPTP is a protocol for tunneling PPP traffic. A PPTP session is composed of one TCP channel and
usually two PPTP GRE tunnels. The TCP channel is the control channel used for negotiating and
managing the PPTP GRE tunnels. The GRE tunnels carries PPP sessions between the two hosts.
When enabled, PPTP application inspection inspects PPTP protocol packets and dynamically creates the
GRE connections and xlates necessary to permit PPTP traffic. Only Version 1, as defined in RFC 2637,
is supported.
PAT is only performed for the modified version of GRE [RFC 2637] when negotiated over the PPTP
TCP control channel. Port Address Translation is not performed for the unmodified version of GRE
[RFC 1701, RFC 1702].
Specifically, the security appliance inspects the PPTP version announcements and the outgoing call
request/response sequence. Only PPTP Version 1, as defined in RFC 2637, is inspected. Further
inspection on the TCP control channel is disabled if the version announced by either side is not Version
1. In addition, the outgoing-call request and reply sequence are tracked. Connections and xlates are
dynamic allocated as necessary to permit subsequent secondary GRE data traffic.
The PPTP inspection engine must be enabled for PPTP traffic to be translated by PAT. Additionally,
PAT is only performed for a modified version of GRE (RFC2637) and only if it is negotiated over the
PPTP TCP control channel. PAT is not performed for the unmodified version of GRE (RFC 1701 and
RFC 1702).
As described in RFC 2637, the PPTP protocol is mainly used for the tunneling of PPP sessions initiated
from a modem bank PAC (PPTP Access Concentrator) to the headend PNS (PPTP Network Server).
When used this way, the PAC is the remote client and the PNS is the server.
Cisco Security Appliance Command Line Configuration Guide
25-58
21-10.
To enter parameters configuration mode, enter the following command:
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
To check for NETBIOS protocol violations, enter the following command:
hostname(config-pmap-p)# protocol-violation [action [drop-connection | reset | log]]
Where the drop-connection action closes the connection. The reset action closes the connection
and sends a TCP reset to the client. The log action sends a system log message when this policy map
matches traffic.
Chapter 25
Configuring Application Layer Protocol Inspection
"Defining Actions in an Inspection Policy Map" section on
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
