Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring an SCTP Profile

This example shows how to configure an SCTP profile for policy-based inspection.

Requirements

Before you begin, understand the GPRS SCTP hierarchy and its options.

Overview

This configuration example shows how to create a GPRS SCTP profile and configure the limit rate and payload protocol parameters. You can use the SCTP profile to configure SCTP inspection. However, if the policy includes the nat-only option, the payload IP addresses are translated, but they will not be inspected.

Note: The SCTP commands can be applied only to the policy configured with an SCTP profile.

If you remove the SCTP profile from the policy, the packets are forwarded without any inspection, and the IP address list in the packet payload will not be translated, even if the related static NAT is configured.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

set security gprsset security gprs sctp profile roam2att set security gprs sctp profile roam2att limit rate address 10.1.1.0 set security gprs sctp profile roam2att drop set security gprs sctp profile roam2att drop payload-protocol all

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure a GPRS SCTP profile:

  1. Create a GPRS SCTP profile.
    [edit]user@host# set security gprs sctp profile roam2att
  2. Configure the limit rate parameter.

    Note: The limit rate is per association.

    [edit security gprs sctp profile roam2att]user@host# set limit rate address 10.1.1.0 sccp 100user@host# set limit rate address 10.1.1.0 ssp 10user@host# set limit rate address 10.1.1.0 sst 50
  3. Configure the payload protocol.
    [edit security gprs sctp profile roam2att]user@host# set drop[edit security gprs sctp profile roam2att drop]user@host# set drop payload-protocol all

Results

From configuration mode, confirm your configuration by entering the show security gprs command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

[edit]user@host# show security gprs
sctp {profile roam2att {drop {payload-protocol all;}limit {rate {address 10.1.1.0 {sccp 100;ssp 10;sst 50;}}}}}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying SCTP Profile Configuration

Purpose

Verify the SCTP profile configuration.

Action

From configuration mode, enter the show security gprs sctp command.

 

Related Documentation

 

Published: 2015-02-11

Previous Page Next Page