Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 381

    Page 381 14-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols DCERPC Inspection DCERPC inspect maps inspect for native TCP communication between the EPM and client on well known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server can be located in any security zone. The embedded server IP address and Port number are received from the applicable EPM response messages. Because a client... 
     
14-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  DCERPC Inspection
DCERPC inspect maps inspect for native TCP communication between the EPM and client on well 
known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and server 
can be located in any security zone. The embedded server IP address and Port number are received from 
the applicable EPM response messages. Because a client...

    Page 382

    Page 382 14-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols GTP Inspection Endpoint mapper service: not enforced Endpoint mapper service lookup: enabled Endpoint mapper service lookup timeout: 00:05:00 –Medium—Default. Pinhole timeout: 00:01:00 Endpoint mapper service: not enforced Endpoint mapper service lookup: disabled. –High Pinhole timeout: 00:01:00 Endpoint mapper service: enforced Endpoint mapper service lookup:... 
     
14-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  GTP Inspection
Endpoint mapper service: not enforced
Endpoint mapper service lookup: enabled
Endpoint mapper service lookup timeout: 00:05:00
–Medium—Default.
Pinhole timeout: 00:01:00
Endpoint mapper service: not enforced
Endpoint mapper service lookup: disabled.
–High
Pinhole timeout: 00:01:00
Endpoint mapper service: enforced
Endpoint mapper service lookup:...

    Page 383

    Page 383 14-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols GTP Inspection GTP Inspection Overview GPRS provides uninterrupted connectivity for mobile subscribers between GSM networks and corporate networks or the Internet. The GGSN is the interface between the GPRS wireless data network and other networks. The SGSN performs mobility, data session management, and data compression (See Figure 14-1). Figure 14-1 GPRS... 
     
14-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  GTP Inspection
GTP Inspection Overview
GPRS provides uninterrupted connectivity for mobile subscribers between GSM networks and corporate 
networks or the Internet. The GGSN is the interface between the GPRS wireless data network and other 
networks. The SGSN performs mobility, data session management, and data compression (See 
Figure 14-1). 
Figure 14-1 GPRS...

    Page 384

    Page 384 14-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols GTP Inspection The Select GTP Map dialog box lets you select or create a new GTP map. A GTP map lets you change the configuration values used for GTP application inspection. The Select GTP Map table provides a list of previously configured maps that you can select for application inspection. NoteGTP inspection requires a special license. If you try to enable GTP... 
     
14-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  GTP Inspection
The Select GTP Map dialog box lets you select or create a new GTP map. A GTP map lets you change 
the configuration values used for GTP application inspection. The Select GTP Map table provides a list 
of previously configured maps that you can select for application inspection.
NoteGTP inspection requires a special license. If you try to enable GTP...

    Page 385

    Page 385 14-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols GTP Inspection Default Level—Sets the security level back to the default. IMSI Prefix Filtering Configuration > Global Objects > Inspect Maps > GTP > IMSI Prefix Filtering The IMSI Prefix tab lets you define the IMSI prefix to allow within GTP requests. Fields Mobile Country Code—Defines the non-zero, three-digit value identifying the mobile country code. One or... 
     
14-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  GTP Inspection
Default Level—Sets the security level back to the default.
IMSI Prefix Filtering
Configuration > Global Objects > Inspect Maps > GTP > IMSI Prefix Filtering
The IMSI Prefix tab lets you define the IMSI prefix to allow within GTP requests.
Fields
Mobile Country Code—Defines the non-zero, three-digit value identifying the mobile country code. 
One or...

    Page 386

    Page 386 14-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols GTP Inspection Add/Edit GTP Policy Map (Details) Configuration > Global Objects > Inspect Maps > GTP > GTP Inspect Map > Advanced View The Add/Edit GTP Policy Map pane lets you configure the security level and additional settings for GTP application inspection maps. Fields Name—When adding a GTP map, enter the name of the GTP map. When editing a GTP map, the name of... 
     
14-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  GTP Inspection
Add/Edit GTP Policy Map (Details)
Configuration > Global Objects  > Inspect Maps > GTP > GTP Inspect Map > Advanced View
The Add/Edit GTP Policy Map pane lets you configure the security level and additional settings for GTP 
application inspection maps.
Fields
Name—When adding a GTP map, enter the name of the GTP map. When editing a GTP map, the 
name of...

    Page 387

    Page 387 14-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols GTP Inspection Signaling—Lets you change the default for the maximum period of inactivity before a GTP signaling is removed. The default is 30 minutes. Timeout is in the format hh:mm:ss, where hh specifies the hour, mm specifies the minutes, and ss specifies the seconds. A value 0 means never tear down. Tunnel—Lets you change the default for the maximum period of... 
     
14-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  GTP Inspection
Signaling—Lets you change the default for the maximum period of inactivity before a GTP 
signaling is removed. The default is 30 minutes. Timeout is in the format hh:mm:ss, where hh 
specifies the hour, mm specifies the minutes, and ss specifies the seconds. A value 0 means never 
tear down.
Tunnel—Lets you change the default for the maximum period of...

    Page 388

    Page 388 14-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols RADIUS Accounting Inspection –Message Length—Match on the message length –Version—Match on the version. Access Point Name Criterion Values—Specifies an access point name to be matched. By default, all messages with valid APNs are inspected, and any APN is allowed. –Regular Expression—Lists the defined regular expressions to match. –Manage—Opens the Manage Regular... 
     
14-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  RADIUS Accounting Inspection
–Message Length—Match on the message length
–Version—Match on the version.
Access Point Name Criterion Values—Specifies an access point name to be matched. By default, all 
messages with valid APNs are inspected, and any APN is allowed.
–Regular Expression—Lists the defined regular expressions to match.
–Manage—Opens the Manage Regular...

    Page 389

    Page 389 14-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols RADIUS Accounting Inspection Select RADIUS Accounting Map, page 14-11 Add RADIUS Accounting Policy Map, page 14-11 RADIUS Inspect Map, page 14-12 RADIUS Inspect Map Host, page 14-12 RADIUS Inspect Map Other, page 14-13 RADIUS Accounting Inspection Overview One of the well known problems is the over-billing attack in GPRS networks. The over-billing attack can cause... 
     
14-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  RADIUS Accounting Inspection
Select RADIUS Accounting Map, page 14-11
Add RADIUS Accounting Policy Map, page 14-11
RADIUS Inspect Map, page 14-12
RADIUS Inspect Map Host, page 14-12
RADIUS Inspect Map Other, page 14-13
RADIUS Accounting Inspection Overview
One of the well known problems is the over-billing attack in GPRS networks.  The over-billing attack 
can cause...

    Page 390

    Page 390 14-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols RADIUS Accounting Inspection Fields Name—Enter the name of the previously configured RADIUS accounting map. Description—Enter the description of the RADIUS accounting map, up to 100 characters in length. Host Parameters tab: –Host IP Address—Specify the IP address of the host that is sending the RADIUS messages. –Key: (optional)—Specify the key. –Add—Adds the host... 
     
14-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  RADIUS Accounting Inspection
Fields
Name—Enter the name of the previously configured RADIUS accounting map. 
Description—Enter the description of the RADIUS accounting map, up to 100 characters in length. 
Host Parameters tab:
–Host IP Address—Specify the IP address of the host that is sending the RADIUS messages.
–Key: (optional)—Specify the key.
–Add—Adds the host...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals