Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Add/Edit GTP Map

14-9

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter14 Configuring Inspection for Management Application Protocols

GTP Inspection

Signaling—Lets you change the default for the maximum period of inactivity before a GTP

signaling is removed. The default is 30 minutes. Timeout is in the format hh:mm:ss, where hh

specifies the hour, mm specifies the minutes, and ss specifies the seconds. A value 0 means never

tear down.

Tunnel—Lets you change the default for the maximum period of inactivity for the GTP tunnel.

The default is 1 hour. Timeout is in the format hh:mm:ss, where hh specifies the hour, mm

specifies the minutes, and ss specifies the seconds. A value 0 means never tear down Request

timeout—Specifies the GTP Request idle timeout.

T3-Response timeout—Specifies the maximum wait time for a response before removing the

connection.

•IMSI Prefix Filtering—Tab that lets you configure the IMSI prefix filtering for the GTP inspect map.

–

Mobile Country Code—Defines the non-zero, three-digit value identifying the mobile country

code. One or two-digit entries will be prepended by 0 to create a three-digit value.

–

Mobile Network Code—Defines the two or three-digit value identifying the network code.

–

Add—Add the specified country code and network code to the IMSI Prefix table.

–

Delete—Deletes the specified country code and network code from the IMSI Prefix table.

•Inspections—Tab that lets you configure the GTP inspect maps.

–

Match Type—Shows the match type, which can be a positive or negative match.

–

Criterion—Shows the criterion of the GTP inspection.

–

Value—Shows the value to match in the GTP inspection.

–

Action—Shows the action if the match condition is met.

–

Log—Shows the log state.

–

Add—Opens the Add GTP Inspect dialog box to add an GTP inspection.

–

Edit—Opens the Edit GTP Inspect dialog box to edit an GTP inspection.

–

Delete—Deletes an GTP inspection.

–

Move Up—Moves an inspection up in the list.

–

Move Down—Moves an inspection down in the list.

Add/Edit GTP Map

Configuration> Global Objects > Inspect Maps > GTP > GTP Inspect Map > Add/Edit GTP Map

The Add/Edit GTP Inspect dialog box lets you define the match criterion and value for the GTP inspect

map.

Fields

•Match Type—Specifies whether traffic should match or not match the values.

For example, if No Match is selected on the string “example.com,” then any traffic that contains

“example.com” is excluded from the class map.

•Criterion—Specifies which criterion of GTP traffic to match.

–

Access Point Name—Match on access point name.

–

Message ID—Match on the message ID.

Cisco Systems Add/Edit GTP Map

Models: ASA 5545-X ASA 5555-X ASA 5580 ASA 5585-X ASA Services Module ASA 5505