Controlling Ftp, Http, And Telnet Access To The Router - HP 7102dl - ProCurve Secure Router Configuration Manual

Procurve secure router 7000dl series - advanced management and configuration guide

Hide thumbs Also See for 7102dl - ProCurve Secure Router:

Reference manual (1455 pages)

Product end-of-life disassembly instructions (2 pages)

Advanced management and configuration manual (1005 pages)

Table of Contents

Applying Access Control to Router Interfaces

Using ACLs Alone to Configure Access Control

You may also want to create an ACL to control traffic to your company's two

Web servers: one is an Internet server, accessible to anyone on the Internet,

and one is an intranet server, accessible only to company users. You want to

permit all HTTP traffic to the Internet server, but for the intranet server, you

want to permit HTTP traffic only from the company's two private networks at

remote VPN sites. To do this, you would create an extended ACL, such as the

ProCurve(config)# ip access-list extended webservers

ProCurve(config-ext-nacl)# permit tcp any host 192.168.1.12 eq www

ProCurve(config-ext-nacl)# permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.15 eq www

ProCurve(config-ext-nacl)# permit tcp 192.168.16.0 0.0.0.255 host 192.168.1.15 eq www

ProCurve(config-ext-nacl)# exit

In this ACL, the first entry permits HTTP traffic from any source to the Internet

server with the IP address 192.168.1.12. The second entry permits HTTP traffic

from the 192.168.1.0 /24 network to the intranet server with the IP address

192.168.1.15. Finally, the third entry permits HTTP traffic from the 192.168.15.0

/24 network to the intranet server with the IP address 192.168.1.15. After you

create the ACL, you must apply it to the appropriate interfaces.

For example, the PPP 1 interface connects to the Internet. Traffic both from

Internet users and users at the remote VPN sites arrives on this interface.

ProCurve(config)# interface ppp 1

ProCurve(config-ppp 1)# ip access-group webservers in