Chapter 40
Configuring Inspection for Management Application Protocols
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit GTP Policy Map (Details)
The Add/Edit GTP Policy Map pane lets you configure the security level and additional settings for GTP
application inspection maps.
Fields
•
•
•
•
•
OL-20339-01
Pdp-Context timeout: 00:30:00
Request timeout: 00:01:00
Signaling timeout: 00:30:00.
Tunnel timeout: 01:00:00.
T3-response timeout: 00:00:20.
Drop and log unknown message IDs.
IMSI Prefix Filtering—Opens the IMSI Prefix Filtering dialog box to configure IMSI prefix
–
filters.
Default Level—Sets the security level back to the default.
–
Details—Shows the Parameters, IMSI Prefix Filtering, and Inspections tabs to configure additional
settings.
Security Context
Transparent Single
•
•
Name—When adding a GTP map, enter the name of the GTP map. When editing a GTP map, the
name of the previously configured GTP map is shown.
Description—Enter the description of the GTP map, up to 200 characters in length.
Security Level—Shows the security level and IMSI prefix filtering settings to configure.
Permit Parameters—Tab that lets you configure the permit parameters for the GTP inspect map.
Object Groups to Add
–
From object group—Specify an object group or use the browse button to open the Add Network
Object Group dialog box.
To object group—Specify an object group or use the browse button to open the Add Network
Object Group dialog box.
Add—Add the specified country code and network code to the IMSI Prefix table.
–
Delete—Deletes the specified country code and network code from the IMSI Prefix table.
–
Permit Errors—Lets any packets that are invalid or that encountered an error during inspection
–
to be sent through the adaptive security appliance instead of being dropped. By default, all
invalid packets or packets that failed during parsing are dropped.
General Parameters—Tab that lets you configure the general parameters for the GTP inspect map.
Multiple
Context
System
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
GTP Inspection
40-9