3Com Router 3000 Ethernet Family
Configuration Guide
[3Com] acl number 3001
# Configuration rule permits specific host to access external network and permits
internal server to access external network.
[3Com-acl-adv-3001] rule permit ip source 129.38.1.4 0
[3Com-acl-adv-3001] rule permit ip source 129.38.1.1 0
[3Com-acl-adv-3001] rule permit ip source 129.38.1.2 0
[3Com-acl-adv-3001] rule permit ip source 129.38.1.3 0
[3Com-acl-adv-3001] rule deny ip
# Create ACL 3002.
[3Com] acl number 3002
# Configuration rule permits specific user to access internal server from external
network.
[3Com-acl-adv-3002]
202.38.160.1 0
# Configuration rule permits specific user to obtain data from external network (only
packets with ports bigger than 1024 are permitted.)
[3Com-acl-adv-3002]
destination-port gt 1024
# Act the rule 3001 on inbound packet from the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] firewall packet-filter 3001 inbound
# Act the rule 3002 on inbound packet from the interface Serial1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 3002 inbound
6.3 Configuring ASPF
ASPF configuration includes:
Enable firewall
Configure ACL
Define an ASPF policy
Apply the ASPF policy on specified interfaces
6.3.1 Enabling Firewall
This configuration task is the same as the configuration of packet filter.
6.3.2 Configuring ACL
To protect internal network, access control list should be configured on the router and
applied to external interface, permitting the internal hosts access external network and
prohibiting external hosts from accessing internal network.
rule
permit
tcp
rule
permit
tcp
3Com Corporation
6-11
Chapter 6 Firewall Configuration
source
202.39.2.3
destination
202.38.160.10
0
destination
0