HP 7102dl - ProCurve Secure Router Configuration Manual page 469

If you have not set up NAT, you must complete these steps:
1. Create ACLs:
• one ACL to select traffic permitted on the primary interface
• one ACL to select traffic permitted on the secondary interface
• alternatively, one ACL that permits all traffic
See Chapter 5: Applying Access Control to Router Interfaces for instruc-
tions on configuring ACLs.
2. Create ACPs:
• one ACP to control traffic incoming on the primary interface
• one ACP to control traffic incoming on the secondary interface
Allow the appropriate ACL. See Chapter 5: Applying Access Control to
Router Interfaces for instructions on configuring ACPs.
3. Disable the RPF check on the ACPs.
Enter this command from the global configuration mode context:
Syntax: no ip policy-class <policyname> rpf-check
4. Apply the ACPs to the primary and backup interfaces. The firewall should
be enabled.
For example, enter these commands:
ProCurve(config)# ip access-list standard MatchPrimary
ProCurve(config-std-nacl)# permit any
ProCurve(config-std-nacl)# exit
ProCurve(config)# ip access-list standard MatchSecondary
ProCurve(config-std-nacl)# permit any
ProCurve(config-std-nacl)# exit
ProCurve(config)# ip policy-class Primary
ProCurve(config-policy-class)# allow list MatchPrimary
ProCurve(config-policy-class)# exit
ProCurve(config)# no ip policy-class Primary rpf-check
ProCurve(config)# ip policy-class Backup
ProCurve(config-policy-class)# allow list MatchSecondary
ProCurve(config-policy-class)# exit
ProCurve(config)# no ip policy-class Backup rpf-check
ProCurve(config)# ip firewall
ProCurve(config)# interface atm 1.1
ProCurve(config-atm 1.1)# access-policy Primary
ProCurve(config-atm 1.1)# interface demand 1
ProCurve(config-demand 1)# access-policy Backup
Network Monitoring
Configuring Network Monitoring
9-41