50-10
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 50 Configuring Inspection for Management Application Protocols
GTP Inspection
–
Delete—Deletes the specified country code and network code from the IMSI Prefix table.
–
Permit Errors—Lets any packets that are invalid or that encountered an error during inspection
to be sent through the ASA instead of being dropped. By default, all invalid packets or packets
that failed during parsing are dropped.
• General Parameters—Tab that lets you configure the general parameters for the GTP inspect map.
–
Maximum Number of Requests—Lets you change the default for the maximum request queue
size allowed. The default for the maximum request queue size is 200. Specifies the maximum
number of GTP requests that will be queued waiting for a response. The permitted range is from
1 to 9999999.
–
Maximum Number of Tunnels—Lets you change the default for the maximum number of
tunnels allowed. The default tunnel limit is 500. Specifies the maximum number of tunnels
allowed. The permitted range is from 1 to 9999999 for the global overall tunnel limit.
–
Timeouts
GSN timeout—Lets you change the default for the maximum period of inactivity before a GSN
is removed. The default is 30 minutes. Timeout is in the format hh:mm:ss, where hh specifies
the hour, mm specifies the minutes, and ss specifies the seconds. A value 0 means never tear
down.
PDP-Context timeout—Lets you change the default for the maximum period of inactivity before
receiving the PDP Context for a GTP session. The default is 30 minutes. Timeout is in the
format hh:mm:ss, where hh specifies the hour, mm specifies the minutes, and ss specifies the
seconds. A value 0 means never tear down.
Request Queue—Lets you change the default for the maximum period of inactivity before
receiving the GTP message during a GTP session. The default is 1 minute. Timeout is in the
format hh:mm:ss, where hh specifies the hour, mm specifies the minutes, and ss specifies the
seconds. A value 0 means never tear down.
Signaling—Lets you change the default for the maximum period of inactivity before a GTP
signaling is removed. The default is 30 minutes. Timeout is in the format hh:mm:ss, where hh
specifies the hour, mm specifies the minutes, and ss specifies the seconds. A value 0 means never
tear down.
Tunnel—Lets you change the default for the maximum period of inactivity for the GTP tunnel.
The default is 1 hour. Timeout is in the format hh:mm:ss, where hh specifies the hour, mm
specifies the minutes, and ss specifies the seconds. A value 0 means never tear down Request
timeout—Specifies the GTP Request idle timeout.
T3-Response timeout—Specifies the maximum wait time for a response before removing the
connection.
• IMSI Prefix Filtering—Tab that lets you configure the IMSI prefix filtering for the GTP inspect map.
–
Mobile Country Code—Defines the non-zero, three-digit value identifying the mobile country
code. One or two-digit entries will be prepended by 0 to create a three-digit value.
–
Mobile Network Code—Defines the two or three-digit value identifying the network code.
–
Add—Add the specified country code and network code to the IMSI Prefix table.
–
Delete—Deletes the specified country code and network code from the IMSI Prefix table.
• Inspections—Tab that lets you configure the GTP inspect maps.
–
Match Type—Shows the match type, which can be a positive or negative match.
–
Criterion—Shows the criterion of the GTP inspection.
–
Value—Shows the value to match in the GTP inspection.