Aspf H.323 Application Inspection Configuration Example - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Verifying the configuration
# Display the configuration of ASPF policy 1.
<RouterA> display aspf policy 1
ASPF policy configuration:
Policy number: 1
Enable ICMP error message check
Enable TCP SYN packet check
Detect these protocols:
TCP
Router A can recognize faked ICMP error messages from external networks, and drop the non-SYN
packets that are the first packets to establish TCP connections.
ASPF H.323 application inspection configuration example
Network requirements
Figure 139
displays a typical H.323 application network. Gateway B on the external network needs to
access the H.323 Gatekeeper, and with the assistance of Gatekeeper, to establish a connection with
the H.323 Gateway A. Other protocol packets from the external network are dropped.
Configure a packet filter on Router A to permit only packets destined to the Gatekeeper. Configure an
ASPF policy on Router A to detect H.323 protocol packets so that return packets to the external
network can be passed through interface GigabitEthernet 2/0/1.
Figure 139 Network diagram
Configuration procedure
# Create ACL 3200 and configure two rules in the ACL: one to permit packets destined to
Gatekeeper to pass, and one to deny all IP packets.
<RouterA> system-view
[RouterA] acl advanced 3200
[RouterA-acl-ipv4-adv-3200] rule 0 permit ip destination 192.168.1.2 0
[RouterA-acl-ipv4-adv-3200] rule 5 deny ip
[RouterA-acl-ipv4-adv-3200] quit
# Create ASPF policy 1 for H.323 inspection.
[RouterA] aspf policy 1
[RouterA-aspf-policy-1] detect h323
[RouterA-aspf-policy-1] quit
447
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
