46-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter46 Configuring Inspection for Management Application Protocols
GTP Inspection
The request keyword specifies the maximum period of time allowed before beginning to receive the
GTP message.
The signaling keyword specifies the period of inactivity after which the GTP signaling will be
removed.
The tunnel keyword specifies the period of inactivity after which the GTP tunnel will be torn down.
The hh:mm:ss argument is the timeout where hh specifies the hour, mm specifies the minutes, and
ss specifies the seconds. The value 0 means never tear down.
j. To specify the maximum number of GTP tunnels allowed to be active on the ASA, enter the
following command:
hostname(config-gtp-map)# tunnel-limit max_tunnels
where the max_tunnels argument is the maximum number of tunnels allowed, from 1 to
4294967295. The default is 500.
New requests will be dropped once the number of tunnels specified by this command is reached.
The following example shows how to limit the number of tunnels in the network:
hostname(config)# policy-map type inspect gtp gmap
hostname(config-pmap)# parameters
hostname(config-pmap-p)# tunnel-limit 3000
hostname(config)# policy-map global_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect gtp gmap
hostname(config)# service-policy global_policy global
Verifying and Monitoring GTP Inspection
To display GTP configuration, enter the show service-policy inspect gtp command in privileged EXEC
mode. For the detailed syntax for this command, see the command page in the command reference.
Use the show service-policy inspect gtp statistics command to show the statistics for GTP inspection.
The following is sample output from the show service-policy inspect gtp statistics command:
hostname# show service-policy inspect gtp statistics
GPRS GTP Statistics:
version_not_support 0 msg_too_short 0
unknown_msg 0 unexpected_sig_msg 0
unexpected_data_msg 0 ie_duplicated 0
mandatory_ie_missing 0 mandatory_ie_incorrect 0
optional_ie_incorrect 0 ie_unknown 0
ie_out_of_order 0 ie_unexpected 0
total_forwarded 0 total_dropped 0
signalling_msg_dropped 0 data_msg_dropped 0
signalling_msg_forwarded 0 data_msg_forwarded 0
total created_pdp 0 total deleted_pdp 0
total created_pdpmcb 0 total deleted_pdpmcb 0
pdp_non_existent 0
You can use the vertical bar (|) to filter the display. Type ?| for more display filtering options.
The following is sample GSN output from the show service-policy inspect gtp statistics gsn command: