Enabling And Configuring Gtp Inspection - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 22
Applying Application Layer Protocol Inspection
Table 22-4
Command
permit response
request-queue
timeout (gtp-map)
tunnel-limit
Enabling and Configuring GTP Inspection
GTP application inspection is disabled by default, so you need to complete the procedures described in
this section to enable GTP inspection.
GTP inspection requires a special license. If you enter GTP-related commands on a FWSM without the
Note
required license, the FWSM displays an error message.
To enable or change GTP configuration, perform the following steps:
Step 1
Define an access list with ACEs that identify the ports required for GTP traffic. The standard ports are
UDP ports 2123 and 3386. To create the access list, use the access-list extended command once for each
ACE, as follows.
hostname(config)# access-list acl-name permit {udp | tcp} any any eq port
where acl-name is the name you assign to the access list and port is the GTP port that the ACE identifies.
Create a class map or modify an existing class map to identify GTP traffic. Use the class-map command
Step 2
to do so, as follows.
hostname(config)# class-map class_map_name
hostname(config-cmap)#
where class_map_name is the name of the traffic class. When you enter the class-map command, the
CLI enters class map configuration mode.
Step 3
Use a match access-list command to identify GTP traffic with the access list you created in
hostname(config-cmap)# match access-list acl-name
(Optional) If you want to enforce additional parameters on GTP traffic, create and configure a GTP map.
Step 4
For more information about GTP maps and the default values enforced if you do not specify GTP map,
see
the following steps.
a.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
GTP Map Configuration Commands
"GTP Maps and Commands" section on page
Create a GTP map that will contain the additional parameters of GTP inspection. Use the gtp-map
command to do so, as follows.
hostname(config-cmap)# gtp-map map_name
hostname(config-gtp-map)#
where map_name is the name of the GTP map. The CLI enters GTP map configuration mode.
Description
Specifies an object group allowed to receive responses from another
object group.
Specifies the maximum requests allowed in the queue.
Specifies the idle timeout for the GSN, PDP context, requests,
signaling connections, and tunnels.
Specifies the maximum number of tunnels allowed.
22-36. To create and configure a GTP map, perform
GTP Inspection
Step
1.
22-37
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
