2.
Create an ACP for the primary WAN interface. From the global configu-
ration mode context, enter:
Syntax: ip policy-class <policyname>
3.
Allow the ACL that selects traffic permitted on the primary WAN interface.
From the policy class configuration mode context, enter:
Syntax: allow list <listname>
4.
Apply the ACP to the primary interface. Starting from the global configu-
ration mode context, enter:
Syntax: interface <interface ID>
Syntax: access-policy <policyname>
5.
Repeat steps 2 through 4 to create an ACP to allow traffic on the secondary
WAN interface.
6.
Create an ACP to perform NAT.
7.
Add a NAT statement that translates source addresses to the primary
interface's address. Specify the ACL that selects local traffic destined to
the Internet and the ACP applied to the primary interface. From the policy
class configuration mode context, enter:
Syntax: nat source list <listname> [address <primary IP address> | interface
<primary interface ID>] overload policy <policyname>
8.
Add a NAT statement that translates source addresses to the secondary
interface's address. Specify the ACL that selects local traffic destined to
the Internet and the ACP applied to the secondary interface.
9.
Apply the NAT ACP to the interface on which local traffic arrives.
Example
The following commands configure NAT for a ProCurve Secure Router that
has a primary Internet connection through a cable modem (connected to
Ethernet interface 0/2) and uses demand routing for backup:
ProCurve(config)# ip firewall
ProCurve(config)# ip access-list standard MatchPrimary
ProCurve(config-std-nacl)# permit any
ProCurve(config-std-nacl)# ip access-list standard MatchSecondary
ProCurve(config-std-nacl)# permit any
ProCurve(config-std-nacl)# ip access-list standard MatchLocal
ProCurve(config-std-nacl)# permit 192.168.1.0 0.0.0.255
ProCurve(config-std-nacl)# exit
ProCurve(config)# ip policy-class Primary
Network Monitoring
Configuring Network Monitoring
9-39