Cisco Systems ASA 5580 Manual De Usuario

This chapter describes how to configure application layer protocol inspection. Inspection engines are 
required for services that embed IP addressing information in the user data packet or that open secondary 
channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection 
instead of passing the packet through the fast path. As a result, inspection engines can affect overall 
throughput.

Several common inspection engines are enabled on the ASA by default, but you might need to enable 
others depending on your network. 

This chapter includes the following sections:

This section describes the DCERPC inspection engine. This section includes the following topics:

DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows 
software clients to execute programs on a server remotely. 

This typically involves a client querying a server called the Endpoint Mapper listening on a well known 
port number for the dynamically allocated network information of a required service. The client then sets 
up a secondary connection to the server instance providing the service. The security appliance allows the 
appropriate port number and network address and also applies NAT, if needed, for the secondary 
connection.