Enabling Firewall; Configuring Acl; Configuring Aspf - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
[3Com] acl number 3001
# Configuration rule permits specific host to access external network and permits
internal server to access external network.
[3Com-acl-adv-3001] rule permit ip source 129.38.1.4 0
[3Com-acl-adv-3001] rule permit ip source 129.38.1.1 0
[3Com-acl-adv-3001] rule permit ip source 129.38.1.2 0
[3Com-acl-adv-3001] rule permit ip source 129.38.1.3 0
[3Com-acl-adv-3001] rule deny ip
# Create ACL 3002.
[3Com] acl number 3002
# Configuration rule permits specific user to access internal server from external
network.
[3Com-acl-adv-3002]
202.38.160.1 0
# Configuration rule permits specific user to obtain data from external network (only
packets with ports bigger than 1024 are permitted.)
[3Com-acl-adv-3002]
destination-port gt 1024
# Act the rule 3001 on inbound packet from the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] firewall packet-filter 3001 inbound
# Act the rule 3002 on inbound packet from the interface Serial1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 3002 inbound

6.3 Configuring ASPF

ASPF configuration includes:
Enable firewall
Configure ACL
Define an ASPF policy
Apply the ASPF policy on specified interfaces

6.3.1 Enabling Firewall

This configuration task is the same as the configuration of packet filter.

6.3.2 Configuring ACL

To protect internal network, access control list should be configured on the router and
applied to external interface, permitting the internal hosts access external network and
prohibiting external hosts from accessing internal network.
rule permit tcp
rule permit tcp
3Com Corporation
6-11
Chapter 6 Firewall Configuration
source 202.39.2.3
destination 202.38.160.10
0 destination
0