Matching The Interesting Traffic - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Spoofing. After you configure an IP address for the demand interface, its
status should change to "up (spoofing)," and it should be listed as a directly
connected interface in the routing table. To check the status of the demand
interface, enter:
ProCurve(config-demand 1)# do show interface demand 1
To view the routing table, enter:
ProCurve(config-demand 1)# do show ip route
Figure 3-6 shows a routing table that includes demand interface 1, a directly
connected interface.
C
10.2.2.0/30 is directly connected, ppp 1
C
10.3.3.0/30 is directly connected, demand 1
C
192.168.20.0/24 is directly connected, eth 0/1
Figure 3-6. A Routing Table That Includes a Demand Interface
Matching the Interesting Traffic
To finish defining the interesting traffic that will trigger a dial-up connection,
you must associate the ACL you created with the demand interface. From the
demand interface configuration mode context, enter:
Syntax: match-interesting [list | reverse list] <listname > [in | out]
Include the list option if you want the ProCurve Secure Router to use standard
matching logic for the ACL. That is, the router will try to match the packet's
source address to the source address that is defined in the extended ACL.
Likewise, the router will try to match the packet's destination address with
the destination address that is defined in the extended ACL.
Include the reverse list option if you want the ProCurve Secure Router to
use reverse matching logic when processing the ACL. This option eliminates
the need to create another ACL for return traffic. The router will try to match
the packet's source address with the destination address that is defined in the
ACL. The router will then try to match the packet's destination address with
the source address that is defined in the ACL.
Replace <listname> with the ACL that you created to define the interesting
traffic. You can specify only extended ACLs.
Configuring Backup WAN Connections
Configuring Demand Routing for Backup Connections
3-23
Advertisement
Chapters
Table of Contents
Troubleshooting
