HP 7102dl - ProCurve Secure Router Configuration Manual page 493

19. Create an ACL to select incoming traffic permitted on the primary con-
nection. From the global configuration mode context, enter:
Syntax: ip access-list standard <listname>
Syntax: [permit | deny] [any | host {<A.B.C.D> | hostname <hostname>} |
<A.B.C.D> <wildcard bits>]
Syntax: ip access-list extended <listname>
Syntax: [permit | deny] <protocol> <source address> <source port> <destination
address> <destination port> [<packet bits>] [log | log-input]
20. Create another ACL to select incoming traffic permitted on the backup
connection.
21. Create an ACP to allow the primary connection ACL. Starting from the
global configuration mode context, enter:
Syntax: ip policy-class <policyname>
Syntax: allow list <listname>
22. Create a second ACP to allow the secondary connection ACL.
23. Apply the ACPs to the corresponding interfaces. Starting from the global
configuration mode context, enter these commands:
Syntax: interface <primary interface ID>
Syntax: access-policy <primary policyname>
Syntax: interface <backup interface ID>
Syntax: access-policy <backup policyname>
24. Create an ACP for NAT.
Syntax: ip policy-class <policyname>
25. Create a NAT statement:
• Specify the ACL that you configured for local traffic.
• Specify the primary WAN interface or an IP address valid for the
primary connection.
• Specify the ACP for traffic on the primary interface.
Syntax: nat source list <listname> [address <A.B.C.D> | interface <interface>]
overload policy <policyname>
Network Monitoring
Quick Start
9-65