Encrypted RPC and firewalling

Lasse Birnbaum Jensen lasse at sdu.dk
Thu Nov 10 02:56:51 CST 2011

hi all

I would like to know how you guys handle encypted rpc across firewalls. 

We utilize an ASA platform and the DCERPC inspection cant handle encrypted RPC (which is standard in most windows 2008 and default in all communication in exchange 2010). Ciscos says: disable encryption or create "allow any" rules.

Do you limit the RPC port range on the windows systems and make "holes" in the firewall for these or do you disable RPC encryption ? 

Please share your knowledge in this area.

Best regards 

Lasse Birnbaum Jensen
Network administrator, IT-Service
University of Southern Denmark

Email: lasse at sdu.dk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1927 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111110/16a9ab22/attachment.bin>

More information about the NANOG mailing list