HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 240
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
5-20
If you wanted to configure the Secure Router OS to allow only Telnet traffic
and traffic to subnet 192.168.115.0 /24 to enter the Ethernet 0/1 interface, you
could create an extended ACL and apply it to this interface:
ProCurve(config)# ip access-list extended Outside
ProCurve(config-ext-nacl)# permit tcp any any eq telnet
ProCurve(config-ext-nacl)# permit tcp any 192.168.115.0 0.0.0.255
ProCurve(config-ext-nacl)# exit
ProCurve(config)# int eth 0/1
ProCurve(config-eth 0/1)# ip access-group Outside in
You may also want to create an ACL to control traffic to your company's two
Web servers: one is an Internet server, accessible to anyone on the Internet,
and one is an intranet server, accessible only to company users. You want to
permit all HTTP traffic to the Internet server, but for the intranet server, you
want to permit HTTP traffic only from the company's two private networks at
remote VPN sites. To do this, you would create an extended ACL, such as the
following:
ProCurve(config)# ip access-list extended webservers
ProCurve(config-ext-nacl)# permit tcp any host 192.168.1.12 eq www
ProCurve(config-ext-nacl)# permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.15 eq www
ProCurve(config-ext-nacl)# permit tcp 192.168.16.0 0.0.0.255 host 192.168.1.15 eq www
ProCurve(config-ext-nacl)# exit
In this ACL, the first entry permits HTTP traffic from any source to the Internet
server with the IP address 192.168.1.12. The second entry permits HTTP traffic
from the 192.168.1.0 /24 network to the intranet server with the IP address
192.168.1.15. Finally, the third entry permits HTTP traffic from the 192.168.15.0
/24 network to the intranet server with the IP address 192.168.1.15. After you
create the ACL, you must apply it to the appropriate interfaces.
For example, the PPP 1 interface connects to the Internet. Traffic both from
Internet users and users at the remote VPN sites arrives on this interface.
Enter:
ProCurve(config)# interface ppp 1
ProCurve(config-ppp 1)# ip access-group webservers in
Advertisement
Chapters
Table of Contents
Troubleshooting
