HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 275
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
N o t e
You can also clear a particular policy session. For example, if you enter the
show ip policy-sessions command and determine that an existing session
should be terminated, you can use one of the following commands:
Syntax: clear ip policy-sessions <policyname> [ahp | esp | gre | icmp | tcp | udp | <protocol
number>] <source A.B.C.D> <source port> <destination A.B.C.D> <destination port>
or
Syntax: clear ip policy-sessions <policyname> [ahp | esp | gre | icmp | tcp | udp | <protocol
number>] <source A.B.C.D> <source port> <destination A.B.C.D> <destination port>
[destination | source] <nat A.B.C.D> <nat port>
Enter the command as follows:
Replace <policyname> with the name of the policy class (ACP) associ-
ated with that IP policy session.
Specify the protocol: ahp, esp, gre, icmp, tcp, udp, or a protocol number.
Replace <source A.B.C.D> with the source IP address.
Replace <source port> with the port specified by the source. Use hexa-
decimal format for ahp, esp, and gre; use the decimal format for all other
protocols.
Replace <destination A.B.C.D> with the destination IP address.
Replace <destination port> with the destination port. Use hexadecimal
format for AHP, ESP, and GRE; use the decimal format for all other
protocols.
The remaining options apply only to NAT:
Include the destination option to select a NAT session that is based on
the destination address. Include the source option to select a NAT session
that is based on the source IP address.
Replace <nat A.B.C.D> with the NAT IP address that replaced the
original IP address.
Replace <nat port> with the port used by NAT. Use hexadecimal format
for AHP, ESP, and GRE; use decimal format for all other protocols.
Rather than input this entire command, you can enter the show ip policy-
sessions command to display the current sessions and then copy the second
part of the command, beginning with the source IP address, from the display.
(See Figure 5-20.)
Applying Access Control to Router Interfaces
Troubleshooting
5-55
Advertisement
Chapters
Table of Contents
Troubleshooting
