1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection for Management Application Protocols
GTP Inspection
f.
To create an object to represent the SGSN that the load-balancing GSNs are permitted to respond to,
perform the following steps:
a.
Use the
object-group
command to define a new network object group that will represent the
SGSN that sends GTP requests to the GSN pool.
hostname(config)#
object-group network
SGSN-name
hostname(config-network)#
For example, the following command creates an object group named sgsn32:
hostname(config)#
object-group network sgsn32
hostname(config-network)#
b.
Use the
network-object
command with the
host
keyword to identify the SGSN.
hostname(config-network)#
network-object host
IP-address
For example, the following command creates a network objects representing the SGSN:
hostname(config-network)#
network-object host 192.168.50.100
hostname(config-network)#
g.
To allow GTP responses from any GSN in the network object representing the GSN pool, defined in
, to the network object representing the SGSN, defined in
, enter the following commands:
hostname(config)#
gtp-map
map_name
hostname(config-gtp-map)#
permit response
to-object-group
SGSN-name
from-object-group
GSN-pool-name
For example, the following command permits GTP responses from any host in the object group
named gsnpool32 to the host in the object group named sgsn32:
hostname(config-gtp-map)#
permit response
to-object-group sgsn32 from-object-group
gsnpool32
The following example shows how to support GSN pooling by defining network objects for the GSN
pool and the SGSN. An entire Class C network is defined as the GSN pool but you can identify
multiple individual IP addresses, one per
network-object
command, instead of identifying whole
networks. The example then modifies a GTP map to permit responses from the GSN pool to the
SGSN.
hostname(config)#
object-group network gsnpool32
hostname(config-network)#
network-object 192.168.100.0 255.255.255.0
hostname(config)#
object-group network sgsn32
hostname(config-network)#
network-object host 192.168.50.100
hostname(config)#
gtp-map gtp-policy
hostname(config-gtp-map)#
permit response to-object-group sgsn32 from-object-group
gsnpool32
h.
To specify the maximum number of GTP requests that will be queued waiting for a response, enter
the following command:
hostname(config-gtp-map)#
request-queue
max_requests
where the
max_requests
argument sets the maximum number of GTP requests that will be queued
waiting for a response, from 1 to 4294967295. The default is 200.
When the limit has been reached and a new request arrives, the request that has been in the queue
for the longest time is removed. The Error Indication, the Version Not Supported and the SGSN
Context Acknowledge messages are not considered as requests and do not enter the request queue
to wait for a response.
i.
To change the inactivity timers for a GTP session, enter the following command:
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......