1-11
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection for Management Application Protocols
XDMCP Inspection
The following example denies SNMP Versions 1 and 2:
hostname(config)# snmp-map sample_map
hostname(config-snmp-map)# deny version 1
hostname(config-snmp-map)# deny version 2
XDMCP Inspection
XDMCP inspection is enabled by default; however, the XDMCP inspection engine is dependent upon
proper configuration of the established command.
XDMCP is a protocol that uses UDP port 177 to negotiate X sessions, which use TCP when established.
For successful negotiation and start of an XWindows session, the ASA must allow the TCP back
connection from the Xhosted computer. To permit the back connection, use the established command
on the ASA. Once XDMCP negotiates the port to send the display, The established command is
consulted to verify if this back connection should be permitted.
During the XWindows session, the manager talks to the display Xserver on the well-known port 6000 |
n. Each display has a separate connection to the Xserver, as a result of the following terminal setting.
setenv DISPLAY Xserver:n
where n is the display number.
When XDMCP is used, the display is negotiated using IP addresses, which the ASA can NAT if needed.
XDCMP inspection does not support PAT.
To Next Page
Loading...
Need help?
General