Aspf Configuration Example - 3Com MSR 50 Series Configuration Manual

ASPF Configuration
Example
To do...
View the configuration information
of a specific ASPF policy
View ASPF session information
View the port mapping information display port-mapping
Clear ASPF session
Network requirements
Configure an ASPF policy on Router A to detect the FTP and HTTP traffic flows
■
passing through Router A.
Requirement: Only return packets for FTP and HTTP connections initiated by
■
users on the internal network are permitted to pass through Router A and get
into the internal network, while all other types of packets are blocked. In
addition, this ASPF policy should be able to block Java applets carried in HTTP
packets from the server 2.2.2.2.
This example is suitable for a scenario where local users need to gain access to
■
remote servers.
Network diagram
Figure 523 Network diagram for ASPF configuration
Router A
Eth1 /0
Internal network
20 .1 .1.1/24
Host
20 .1 .1.2/32
Configuration procedure
# Enable the firewall function on Router A.
<RouterA> system-view
[RouterA] firewall enable
# Configure ACL 3111 to prohibit all IP packets from entering into the internal
network. The ASPF will create a TACL for packets permitted to pass the firewall.
[RouterA] acl number 3111
[RouterA-acl-adv-3111] rule deny ip
[RouterA-acl-adv-3111] quit
# Create ACL 2001 to block Java applets from the site 2.2.2.2.
Use the command...
display aspf policy
aspf-policy-number
display aspf session
[ verbose ]
[ application-name | port
port-number ]
reset aspf session
Router B
S 2/0
10 .1.1.1/24
PPP
External network
Configuring an ASPF
Remarks
Available in any view
Available in any view
Available in any view
Available in user view
Server host
2.2.2.2 /32
1801