Gtp inspection, Gtp inspection overview – Cisco ASA 5505 User Manual
Page 949
46-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 46 Configuring Inspection for Management Application Protocols
GTP Inspection
The following example shows how to define a DCERPC inspection policy map with the timeout
configured for DCERPC pinholes.
hostname(config)# policy-map type inspect dcerpc dcerpc_map
hostname(config-pmap)# timeout pinhole 0:10:00
hostname(config)# class-map dcerpc
hostname(config-cmap)# match port tcp eq 135
hostname(config)# policy-map global-policy
hostname(config-pmap)# class dcerpc
hostname(config-pmap-c)# inspect dcerpc dcerpc-map
hostname(config)# service-policy global-policy global
GTP Inspection
This section describes the GTP inspection engine. This section includes the following topics:
•
GTP Inspection Overview, page 46-3
•
Configuring a GTP Inspection Policy Map for Additional Inspection Control, page 46-4
•
Verifying and Monitoring GTP Inspection, page 46-8
Note
GTP inspection requires a special license. If you enter GTP-related commands on a ASA without the
required license, the ASA displays an error message.
GTP Inspection Overview
GPRS provides uninterrupted connectivity for mobile subscribers between GSM networks and corporate
networks or the Internet. The GGSN is the interface between the GPRS wireless data network and other
networks. The SGSN performs mobility, data session management, and data compression (See