Cisco Systems ASA 5580 Manual De Usuario
13-11
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Configuring Inspection for Management Application Protocols
XDMCP Inspection
ciscoasa(config-snmp-map)# deny version 2
XDMCP Inspection
XDMCP inspection is enabled by default; however, the XDMCP inspection engine is dependent upon
proper configuration of the established command.
proper configuration of the established command.
XDMCP is a protocol that uses UDP port 177 to negotiate X sessions, which use TCP when established.
For successful negotiation and start of an XWindows session, the ASA must allow the TCP back
connection from the Xhosted computer. To permit the back connection, use the established command
on the ASA. Once XDMCP negotiates the port to send the display, The established command is
consulted to verify if this back connection should be permitted.
connection from the Xhosted computer. To permit the back connection, use the established command
on the ASA. Once XDMCP negotiates the port to send the display, The established command is
consulted to verify if this back connection should be permitted.
During the XWindows session, the manager talks to the display Xserver on the well-known port 6000 |
n. Each display has a separate connection to the Xserver, as a result of the following terminal setting.
n. Each display has a separate connection to the Xserver, as a result of the following terminal setting.
setenv DISPLAY Xserver:n
where n is the display number.
When XDMCP is used, the display is negotiated using IP addresses, which the ASA can NAT if needed.
XDCMP inspection does not support PAT.
XDCMP inspection does not support PAT.