Remote Shell (RSH) was originally created for Unix systems as an easy-to-use remote console that doesn't need a login as its brother Telnet does. RSH is very insecure and should be replaced at all costs with more secure connections, such as SSH.
RSH is similar to standard mode in the FTP protocol. Two connections are required for complete communication ”one connection for commands and a second for standard error outputs. The client embeds the port number to which the server should send standard errors. The server then initiates the second connection that will not be in the connection table. If the fixup protocol rsh command is not enabled, the ASA rejects the server's request.
The fixup protocol rsh command inspects the RSH traffic for the embedded port requests needed on port 514. When a request for a port is sent, the ASA dynamically creates a connection slot to allow the server to send traffic back to the client. The following is the command syntax for RSH:
pixfirewall(config)# [no] fixup protocol rsh <port-[port]>
The following example enables RSH inspection on a range of additional ports:
pixfirewall(config)# fixup protocol rsh 2000-2003