24-84
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
Inspect Map Field Descriptions
GTP Inspect Map
The GTP pane lets you view previously configured GTP application inspection maps. A GTP map lets
you change the default configuration values used for GTP application inspection.
GTP is a relatively new protocol designed to provide security for wireless connections to TCP/IP
networks, such as the Internet. You can use a GTP map to control timeout values, message sizes, tunnel
counts, and GTP versions traversing the security appliance.
Note GTP inspection is not available without a special license.
Fields
• GTP Inspect Maps—Table that lists the defined GTP inspect maps.
• Add—Configures a new GTP inspect map. To edit a GTP inspect map, select the GTP entry in the
GTP Inspect Maps table and click Customize.
• Delete—Deletes the inspect map selected in the GTP Inspect Maps table.
• Security Level—Security level low only.
–
Do not Permit Errors
–
Maximum Number of Tunnels: 500
–
GSN timeout: 00:30:00
–
Pdp-Context timeout: 00:30:00
–
Request timeout: 00:01:00
–
Signaling timeout: 00:30:00.
–
Tunnel timeout: 01:00:00.
–
T3-response timeout: 00:00:20.
–
Drop and log unknown message IDs.
• IMSI Prefix Filtering—Opens the IMSI Prefix Filtering dialog box to configure IMSI prefix filters.
• Customize—Opens the Add/Edit GTP Policy Map dialog box for additional settings.
• Default Level—Sets the security level back to the default.
Modes
The following table shows the modes in which this feature is available:
IMSI Prefix Filtering
The IMSI Prefix tab lets you define the IMSI prefix to allow within GTP requests.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • • •—
