Cisco Systems ASA5515K9, ASA 5500 RADIUS Accounting Inspection

46-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter46 Configuring Inspection for Management Application Protocols

RADIUS Accounting Inspection

hostname# show service-policy inspect gtp statistics gsn 9.9.9.9

1 in use, 1 most used, timeout 0:00:00

GTP GSN Statistics for 9.9.9.9, Idle 0:00:00, restart counter 0

Tunnels Active 0Tunnels Created 0

Tunnels Destroyed 0

Total Messages Received 2

Signaling Messages Data Messages

total received 2 0

dropped 0 0

forwarded 2 0

Use the show service-policy inspect gtp pdp-context command to display PDP context-related

information. The following is sample output from the show service-policy inspect gtp pdp-context

command:

hostname# show service-policy inspect gtp pdp-context detail

1 in use, 1 most used, timeout 0:00:00

Version TID MS Addr SGSN Addr Idle APN

v1 1234567890123425 10.0.1.1 10.0.0.2 0:00:13 gprs.cisco.com

user_name (IMSI): 214365870921435 MS address: 1.1.1.1

primary pdp: Y nsapi: 2

sgsn_addr_signal: 10.0.0.2 sgsn_addr_data: 10.0.0.2

ggsn_addr_signal: 10.1.1.1 ggsn_addr_data: 10.1.1.1

sgsn control teid: 0x000001d1 sgsn data teid: 0x000001d3

ggsn control teid: 0x6306ffa0 ggsn data teid: 0x6305f9fc

seq_tpdu_up: 0 seq_tpdu_down: 0

signal_sequence: 0

upstream_signal_flow: 0 upstream_data_flow: 0

downstream_signal_flow: 0 downstream_data_flow: 0

RAupdate_flow: 0

The PDP context is identified by the tunnel ID, which is a combination of the values for IMSI and

NSAPI. A GTP tunnel is defined by two associated PDP contexts in different GSN nodes and is

identified with a Tunnel ID. A GTP tunnel is necessary to forward packets between an external packet

data network and a MS user.

You can use the vertical bar (|) to filter the display, as in the following example:

hostname# show service-policy gtp statistics | grep gsn

RADIUS Accounting Inspection

This section describes the IM inspection engine. This section includes the following topics:

•RADIUS Accounting Inspection Overview, page 46-9

•Configuring a RADIUS Inspection Policy Map for Additional Inspection Control, page46-10

One of the well known problems is the over-billing attack in GPRS networks. The over-billing attack

can cause consumers anger and frustration by being billed for services that they have not used. In this

case, a malicious attacker sets up a connection to a server and obtains an IP address from the SGSN.

When the attacker ends the call, the malicious server will still send packets to it, which gets dropped by