Verifying And Monitoring Gtp Inspection - Cisco PIX 500 Series Configuration Manual

GTP Inspection
j.
The following example shows how to limit the number of tunnels in the network:
hostname(config)# policy-map type inspect gtp gmap
hostname(config-pmap)# parameters
hostname(config-pmap-p)# tunnel-limit 3000
hostname(config)# policy-map global_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect gtp gmap
hostname(config)# service-policy global_policy global

Verifying and Monitoring GTP Inspection

To display GTP configuration, enter the show service-policy inspect gtp command in privileged EXEC
mode. For the detailed syntax for this command, see the command page in the Cisco Security Appliance
Command Reference.
Use the show service-policy inspect gtp statistics command to show the statistics for GTP inspection.
The following is sample output from the show service-policy inspect gtp statistics command:
hostname# show service-policy inspect gtp statistics
GPRS GTP Statistics:
version_not_support
unknown_msg
unexpected_data_msg
mandatory_ie_missing
optional_ie_incorrect
ie_out_of_order
total_forwarded
signalling_msg_dropped
signalling_msg_forwarded
total created_pdp
total created_pdpmcb
pdp_non_existent
You can use the vertical bar (|) to filter the display. Type ?| for more display filtering options.
Cisco Security Appliance Command Line Configuration Guide
25-36
The request keyword specifies the maximum period of time allowed before beginning to receive the
GTP message.
The signaling keyword specifies the period of inactivity after which the GTP signaling will be
removed.
The tunnel keyword specifies the period of inactivity after which the GTP tunnel will be torn down.
The hh:mm:ss argument is the timeout where hh specifies the hour, mm specifies the minutes, and
ss specifies the seconds. The value 0 means never tear down.
To specify the maximum number of GTP tunnels allowed to be active on the security appliance,
enter the following command:
hostname(config-gtp-map)# tunnel-limit max_tunnels
where the max_tunnels argument is the maximum number of tunnels allowed, from 1 to
4294967295. The default is 500.
New requests will be dropped once the number of tunnels specified by this command is reached.
Chapter 25 Configuring Application Layer Protocol Inspection
0 msg_too_short
0 unexpected_sig_msg
0 ie_duplicated
0 mandatory_ie_incorrect
0 ie_unknown
0 ie_unexpected
0 total_dropped
0 data_msg_dropped
0 data_msg_forwarded
0 total deleted_pdp
0 total deleted_pdpmcb
0
0
0
0
0
0
0
0
0
0
0
0
OL-12172-03