Filter
Top Products
24-86
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
Inspect Map Field Descriptions
Add/Edit GTP Policy Map (Details)
The Add/Edit GTP Policy Map pane lets you configure the security level and additional settings for GTP
application inspection maps.
Fields
• Name—When adding a GTP map, enter the name of the GTP map. When editing a GTP map, the
name of the previously configured GTP map is shown.
• Description—Enter the description of the GTP map, up to 200 characters in length.
• Security Level—Shows the security level and IMSI prefix filtering settings to configure.
• Permit Parameters—Tab that lets you configure the permit parameters for the GTP inspect map.
–
Object Groups to Add
From object group—Specify an object group or use the browse button to open the Add Network
Object Group dialog box.
To object group—Specify an object group or use the browse button to open the Add Network
Object Group dialog box.
–
Add—Add the specified country code and network code to the IMSI Prefix table.
–
Delete—Deletes the specified country code and network code from the IMSI Prefix table.
–
Permit Errors—Lets any packets that are invalid or that encountered an error during inspection
to be sent through the security appliance instead of being dropped. By default, all invalid
packets or packets that failed during parsing are dropped.
• General Parameters—Tab that lets you configure the general parameters for the GTP inspect map.
–
Maximum Number of Requests—Lets you change the default for the maximum request queue
size allowed. The default for the maximum request queue size is 200. Specifies the maximum
number of GTP requests that will be queued waiting for a response. The permitted range is from
1 to 9999999.
–
Maximum Number of Tunnels—Lets you change the default for the maximum number of
tunnels allowed. The default tunnel limit is 500. Specifies the maximum number of tunnels
allowed. The permitted range is from 1 to 9999999 for the global overall tunnel limit.
–
Timeouts
GSN timeout—Lets you change the default for the maximum period of inactivity before a GSN
is removed. The default is 30 minutes. Timeout is in the format hh:mm:ss, where hh specifies
the hour, mm specifies the minutes, and ss specifies the seconds. A value 0 means never tear
down.
PDP-Context timeout—Lets you change the default for the maximum period of inactivity before
receiving the PDP Context for a GTP session. The default is 30 minutes. Timeout is in the
format hh:mm:ss, where hh specifies the hour, mm specifies the minutes, and ss specifies the
seconds. A value 0 means never tear down.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • • •—