Cisco ASA 5506-X Configuration Manual page 242
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
GTP Inspection
Defaults for GTP Inspection
GTP inspection is not enabled by default. However, if you enable it without specifying your own
inspection map, a default map is used which provides the following processing. You need to configure a
map only if you want different values.
•
•
•
•
•
•
•
•
•
•
Configure GTP Inspection
GTP inspection is not enabled by default. You must configure it if you want GTP inspection.
Procedure
Configure a GTP Inspection Policy Map, page
Step 1
Configure the GTP Inspection Service Policy, page
Step 2
(Optional) Configure RADIUS accounting inspection to protect against over-billing attacks. See
Step 3
RADIUS Accounting Inspection, page
Configure a GTP Inspection Policy Map
If you want to enforce additional parameters on GTP traffic, and the default map does not meet your
needs, create and configure a GTP map.
Before You Begin
Some traffic matching options use regular expressions for matching purposes. If you intend to use one
of those techniques, first create the regular expression or regular expression class map.
Procedure
Create a GTP inspection policy map:
Step 1
hostname(config)# policy-map type inspect gtp policy_map_name
hostname(config-pmap)#
Cisco ASA Series Firewall CLI Configuration Guide
10-6
Errors are not permitted.
The maximum number of requests is 200.
The maximum number of tunnels is 500.
The GSN timeout is 30 minutes.
The PDP context timeout is 30 minutes.
The request timeout is 1 minute.
The signaling timeout is 30 minutes.
The tunneling timeout is 1 hour.
The T3 response timeout is 20 seconds.
Unknown message IDs are dropped and logged.
Chapter 10
Inspection for Management Application Protocols
10-6.
10-9.
10-11.
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
