46-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter46 Configuring Inspection for Management Application Protocols
GTP Inspection
The following example shows how to define a DCERPC inspection policy map with the timeout
configured for DCERPC pinholes.
hostname(config)# policy-map type inspect dcerpc dcerpc_map
hostname(config-pmap)# timeout pinhole 0:10:00
hostname(config)# class-map dcerpc
hostname(config-cmap)# match port tcp eq 135
hostname(config)# policy-map global-policy
hostname(config-pmap)# class dcerpc
hostname(config-pmap-c)# inspect dcerpc dcerpc-map
hostname(config)# service-policy global-policy global
GTP Inspection
This section describes the GTP inspection engine. This section includes the following topics:
GTP Inspection Overview, page46-3
Configuring a GTP Inspection Policy Map for Additional Inspection Control, page46-4
Verifying and Monitoring GTP Inspection, page46-8
Note GTP inspection requires a special license. If you enter GTP-related commands on a ASA without the
required license, the ASA displays an error message.

GTP Inspection Overview

GPRS provides uninterrupted connectivity for mobile subscribers between GSM networks and corporate
networks or the Internet. The GGSN is the interface between the GPRS wireless data network and other
networks. The SGSN performs mobility, data session management, and data compression (See
Figure 46-1).