HP 7102dl - ProCurve Secure Router Configuration Manual page 256
Procurve secure router 7000dl series - advanced management and configuration guide
Hide thumbs
Also See for 7102dl - ProCurve Secure Router:
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
N o t e
5-24
This section contains some sample ACLs to help you understand both the type
of ACLs that may be required for your network and the way you configure
them.
Block Telnet Traffic. To strengthen security on your WAN, you may want
to deny any Telnet traffic entering your WAN interfaces. You can control this
access by creating an extended ACL. Enter the following commands to
configure an extended ACL called Telnet that prohibits Telnet access:
ProCurve(config)# ip access-list extended Telnet
ProCurve(config-ext-nacl)# deny tcp any any eq telnet
You would then apply this ACL to all the WAN interfaces that are activated on
the router. Users would still be able to initiate a Telnet session from the
Ethernet interfaces.
You can also configure an ACL to restrict Telnet access to the router. For more
information, see "Restricting Telnet Access" on page 5-23.
Permit HTTP, Mail, and POP3 Traffic. Some companies may want to
restrict incoming traffic on a WAN interface to HTTP, Simple Mail Transfer
Protocol (SMTP), POP3, and FTP traffic. To do so, you must configure an
extended ACL, as shown below:
ProCurve(config)# ip access-list extended Internet
ProCurve(config-ext-nacl)# permit tcp any any eq www
ProCurve(config-ext-nacl)# permit tcp any any eq smtp
ProCurve(config-ext-nacl)# permit tcp any any eq pop3
ProCurve(config-ext-nacl)# permit tcp any any eq ftp
ProCurve(config-ext-nacl)# permit tcp any any eq ftp-data
If the Secure Router OS firewall and the FTP ALG are enabled, you do not
have to configure an entry to allow traffic on FTP data port (21). The FTP ALG
automatically allows the return traffic for established FTP sessions. For more
information about ALGs, see Chapter 4: ProCurve Secure Router OS Fire-
wall—Protecting the Internal, Trusted Network.
You may also want to permit Domain Name System (DNS) traffic on WAN
interfaces that are connected to the Internet. To permit DNS traffic, enter:
ProCurve(config-ext-nacl)# permit tcp any any eq domain
You would apply this ACL to the WAN interfaces on which you want to enforce
this access control.
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
