Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Add/Edit GTP Policy Map (Details)

14-8

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter14 Configuring Inspection for Management Application Protocols

GTP Inspection

Add/Edit GTP Policy Map (Details)

Configuration> Global Objects > Inspect Maps > GTP > GTP Inspect Map > Advanced View

The Add/Edit GTP Policy Map pane lets you configure the security level and additional settings for GTP

application inspection maps.

Fields

•Name—When adding a GTP map, enter the name of the GTP map. When editing a GTP map, the

name of the previously configured GTP map is shown.

•Description—Enter the description of the GTP map, up to 200 characters in length.

•Security Level—Shows the security level and IMSI prefix filtering settings to configure.

•Permit Parameters—Tab that lets you configure the permit parameters for the GTP inspect map.

–

Object Groups to Add

From object group—Specify an object group or use the browse button to open the Add Network

Object Group dialog box.

To object group—Specify an object group or use the browse button to open the Add Network

Object Group dialog box.

–

Add—Add the specified country code and network code to the IMSI Prefix table.

–

Delete—Deletes the specified country code and network code from the IMSI Prefix table.

–

Permit Errors—Lets any packets that are invalid or that encountered an error during inspection

to be sent through the ASA instead of being dropped. By default, all invalid packets or packets

that failed during parsing are dropped.

•General Parameters—Tab that lets you configure the general parameters for the GTP inspect map.

–

Maximum Number of Requests—Lets you change the default for the maximum request queue

size allowed. The default for the maximum request queue size is 200. Specifies the maximum

number of GTP requests that will be queued waiting for a response. The permitted range is from

1 to 9999999.

–

Maximum Number of Tunnels—Lets you change the default for the maximum number of

tunnels allowed. The default tunnel limit is 500. Specifies the maximum number of tunnels

allowed. The permitted range is from 1 to 9999999 for the global overall tunnel limit.

–

Timeouts

GSN timeout—Lets you change the default for the maximum period of inactivity before a GSN

is removed. The default is 30 minutes. Timeout is in the format hh:mm:ss, where hh specifies

the hour, mm specifies the minutes, and ss specifies the seconds. A value 0 means never tear

down.

PDP-Context timeout—Lets you change the default for the maximum period of inactivity before

receiving the PDP Context for a GTP session. The default is 30 minutes. Timeout is in the

format hh:mm:ss, where hh specifies the hour, mm specifies the minutes, and ss specifies the

seconds. A value 0 means never tear down.

Request Queue—Lets you change the default for the maximum period of inactivity before

receiving the GTP message during a GTP session. The default is 1 minute. Timeout is in the

format hh:mm:ss, where hh specifies the hour, mm specifies the minutes, and ss specifies the

seconds. A value 0 means never tear down.

Cisco Systems Add/Edit GTP Policy Map (Details)

Models: ASA 5545-X ASA 5555-X ASA 5580 ASA 5585-X ASA Services Module ASA 5505