14-4
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 14 Configuring Inspection for Management Application Protocols
GTP Inspection
Endpoint mapper service: not enforced
Endpoint mapper service lookup: enabled
Endpoint mapper service lookup timeout: 00:05:00
–
Medium—Default.
Pinhole timeout: 00:01:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: disabled.
–
High
Pinhole timeout: 00:01:00
Endpoint mapper service: enforced
Endpoint mapper service lookup: disabled
–
Default Level—Sets the security level back to the default level of Medium.
• Details—Shows the Parameters to configure additional settings.
–
Pinhole Timeout—Sets the pinhole timeout. Because a client may use the server information
returned by the endpoint mapper for multiple connections, the timeout value is configurable
based on the client application environment. Range is from 0:0:1 to 1193:0:0. Default is 2
minutes.
–
Enforce endpoint-mapper service—Enforces endpoint mapper service during binding.
–
Enable endpoint-mapper service lookup—Enables the lookup operation of the endpoint mapper
service. If disabled, the pinhole timeout is used.
Enforce Service Lookup Timeout—Enforces the service lookup timeout specified.
Service Lookup Timeout—Sets the timeout for pinholes from lookup operation.
GTP Inspection
This section describes the GTP inspection engine. This section includes the following topics:
• GTP Inspection Overview, page 14-5
• “Select GTP Map” section on page 14-5
• “GTP Inspect Map” section on page 14-6
• “IMSI Prefix Filtering” section on page 14-7
• “Add/Edit GTP Policy Map (Security Level)” section on page 14-7
• “Add/Edit GTP Policy Map (Details)” section on page 14-8
• “Add/Edit GTP Map” section on page 14-9
Note GTP inspection requires a special license.