Cisco FirePOWER ASA 5500 series Configuration Manual page 452
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
GTP Inspection
For example, the following command creates an object group named gsnpool32:
hostname(config)# object-group network gsnpool32
hostname(config-network)#
Use the network-object command to specify the load-balancing GSNs. You can do so with one
e.
network-object command per GSN, using the host keyword. You can also using network-object
command to identify whole networks containing GSNs that perform load balancing.
hostname(config-network)# network-object host IP-address
For example, the following commands create three network objects representing individual hosts:
hostname(config-network)# network-object host 192.168.100.1
hostname(config-network)# network-object host 192.168.100.2
hostname(config-network)# network-object host 192.168.100.3
hostname(config-network)#
To create an object to represent the SGSN that the load-balancing GSNs are permitted to respond
f.
to, perform the following steps:
To allow GTP responses from any GSN in the network object representing the GSN pool, defined
g.
in c., d, to the network object representing the SGSN, defined in c., f., enter the following
commands:
hostname(config)# gtp-map map_name
hostname(config-gtp-map)# permit response to-object-group SGSN-name from-object-group
GSN-pool-name
For example, the following command permits GTP responses from any host in the object group
named gsnpool32 to the host in the object group named sgsn32:
hostname(config-gtp-map)# permit response to-object-group sgsn32 from-object-group
gsnpool32
The following example shows how to support GSN pooling by defining network objects for the GSN
pool and the SGSN. An entire Class C network is defined as the GSN pool but you can identify
multiple individual IP addresses, one per network-object command, instead of identifying whole
networks. The example then modifies a GTP map to permit responses from the GSN pool to the
SGSN.
hostname(config)# object-group network gsnpool32
hostname(config-network)# network-object 192.168.100.0 255.255.255.0
hostname(config)# object-group network sgsn32
Cisco Security Appliance Command Line Configuration Guide
25-34
Use the object-group command to define a new network object group that will represent the
a.
SGSN that sends GTP requests to the GSN pool.
hostname(config)# object-group network SGSN-name
hostname(config-network)#
For example, the following command creates an object group named sgsn32:
hostname(config)# object-group network sgsn32
hostname(config-network)#
Use the network-object command with the host keyword to identify the SGSN.
b.
hostname(config-network)# network-object host IP-address
For example, the following command creates a network objects representing the SGSN:
hostname(config-network)# network-object host 192.168.50.100
hostname(config-network)#
Chapter 25
Configuring Application Layer Protocol Inspection
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
