Chapter 40
Configuring Inspection for Management Application Protocols
Fields
•
•
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
GTP Inspect Map
The GTP pane lets you view previously configured GTP application inspection maps. A GTP map lets
you change the default configuration values used for GTP application inspection.
GTP is a relatively new protocol designed to provide security for wireless connections to TCP/IP
networks, such as the Internet. You can use a GTP map to control timeout values, message sizes, tunnel
counts, and GTP versions traversing the security appliance.
Note
Fields
•
•
•
•
•
•
OL-20339-01
Use the default GTP inspection map—Specifies to use the default GTP map.
Select an GTP map for fine control over inspection—Lets you select a defined application inspection
map or add a new one.
Add—Opens the Add Policy Map dialog box for the inspection.
Security Context
Transparent Single
•
•
GTP inspection is not available without a special license.
GTP Inspect Maps—Table that lists the defined GTP inspect maps.
Add—Configures a new GTP inspect map. To edit a GTP inspect map, choose the GTP entry in the
GTP Inspect Maps table and click Customize.
Delete—Deletes the inspect map selected in the GTP Inspect Maps table.
Security Level—Security level low only.
Do not Permit Errors
–
Maximum Number of Tunnels: 500
–
–
GSN timeout: 00:30:00
–
Pdp-Context timeout: 00:30:00
–
Request timeout: 00:01:00
Signaling timeout: 00:30:00.
–
Tunnel timeout: 01:00:00.
–
T3-response timeout: 00:00:20.
–
Drop and log unknown message IDs.
–
IMSI Prefix Filtering—Opens the IMSI Prefix Filtering dialog box to configure IMSI prefix filters.
Customize—Opens the Add/Edit GTP Policy Map dialog box for additional settings.
Multiple
Context
System
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
GTP Inspection
40-7