Configuring A Gtp Inspection Policy Map For Additional Inspection Control - Cisco PIX 500 Series Configuration Manual

GTP Inspection
Figure 25-3
The UMTS is the commercial convergence of fixed-line telephony, mobile, Internet and computer
technology. UTRAN is the networking protocol used for implementing wireless networks in this system.
GTP allows multi-protocol packets to be tunneled through a UMTS/GPRS backbone between a GGSN,
an SGSN and the UTRAN.
GTP does not include any inherent security or encryption of user data, but using GTP with the security
appliance helps protect your network against these risks.
The SGSN is logically connected to a GGSN using GTP. GTP allows multiprotocol packets to be
tunneled through the GPRS backbone between GSNs. GTP provides a tunnel control and management
protocol that allows the SGSN to provide GPRS network access for a mobile station by creating,
modifying, and deleting tunnels. GTP uses a tunneling mechanism to provide a service for carrying user
data packets.
When using GTP with failover, if a GTP connection is established and the active unit fails before data
Note
is transmitted over the tunnel, the GTP data connection (with a "j" flag set) is not replicated to the
standby unit. This occurs because the active unit does not replicate embryonic connections to the standby
unit.

Configuring a GTP Inspection Policy Map for Additional Inspection Control

If you want to enforce additional parameters on GTP traffic, create and configure a GTP map. If you do
not specify a map with the inspect gtp command, the security appliance uses the default GTP map,
which is preconfigured with the following default values:
•
•
•
•
Cisco Security Appliance Command Line Configuration Guide
25-32
GPRS Tunneling Protocol
Home PLMN
MS
SGSN
Roaming partner
(visited PLMN)
request-queue 200
timeout gsn 0:30:00
timeout pdp-context 0:30:00
timeout request 0:01:00
Chapter 25
Internet
Gn
Corporate
GGSN Gi
network 2
Gp
Corporate
network 1
GRX
Configuring Application Layer Protocol Inspection
OL-12172-03