Defaults For Gtp Inspection; Configure Gtp Inspection - Cisco ASA Series Configuration Manual

GTP Inspection
The SGSN is logically connected to a GGSN using GTP. GTP allows multiprotocol packets to be
tunneled through the GPRS backbone between GSNs. GTP provides a tunnel control and management
protocol that allows the SGSN to provide GPRS network access for a mobile station by creating,
modifying, and deleting tunnels. GTP uses a tunneling mechanism to provide a service for carrying user
data packets.
When using GTP with failover, if a GTP connection is established and the active unit fails before data
Note
is transmitted over the tunnel, the GTP data connection (with a "j" flag set) is not replicated to the
standby unit. This occurs because the active unit does not replicate embryonic connections to the standby
unit.

Defaults for GTP Inspection

GTP inspection is not enabled by default. However, if you enable it without specifying your own
inspection map, a default map is used which provides the following processing. You need to configure a
map only if you want different values.
•
•
•
•
•
•
•
•
•
•

Configure GTP Inspection

GTP inspection is not enabled by default. You must configure it if you want GTP inspection.
Procedure
Configure a GTP Inspection Policy Map, page
Step 1
Configure the GTP Inspection Service Policy, page
Step 2
(Optional) Configure RADIUS accounting inspection to protect against over-billing attacks. See
Step 3
Inspection, page
Cisco ASA Series Firewall CLI Configuration Guide
15-6
Errors are not permitted.
The maximum number of requests is 200.
The maximum number of tunnels is 500.
The GSN timeout is 30 minutes.
The PDP context timeout is 30 minutes.
The request timeout is 1 minute.
The signaling timeout is 30 minutes.
The tunneling timeout is 1 hour.
The T3 response timeout is 20 seconds.
Unknown message IDs are dropped and logged.
15-12.
Chapter 15 Inspection of Database, Directory, and Management Protocols
15-7.
15-9.
ILS