Routing Traffic To A Caching Server - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring Policy-Based Routing
13-144
How should the router forward the student traffic?
The router must send the student traffic to the university's IDS. You could
configure the IDS appliance's IP address as the next-hop address, or the
interface that connects to the IDS as the forwarding interface, or both.
If the router could also reach the IDS through a backup connection, you
could specify this backup route by adding a secondary next-hop address
or forwarding interface to the set command entered for the route map.
In this example, the ProCurve Secure Router uses a default route to
forward external traffic. Because you want the router to apply PBR only
to external student traffic, you would the route map as a default policy.
That is, if a packet from a student host has a local destination, for which
the router has an explicit route in its routing table, the router will not apply
PBR to the packet. This allows student hosts to communicate directly with
local network servers, which have other security devices protecting them.
You would enter these commands to configure PBR:
ProCurve(config)# ip access-list standard students
ProCurve(config-std-nacl)# permit 192.168.24.0 0.0.7.255
ProCurve(config-std-nacl)# route-map Internet 10
ProCurve(config-route-map)# match ip address students
ProCurve(config-route-map)# set default interface eth 0/2
ProCurve(config-route-map)# exit
ProCurve(config)# interface eth 0/1
ProCurve(config-eth 0/1)# ip policy route-map Internet
Routing Traffic to a Caching Server
Your organization may place a caching server between its ProCurve Secure
Router and its ISP. A caching server stores frequently requested Web pages to
increase performance: hosts can receive the Web page directly from the
caching server instead of from a remote server.
You can use PBR to forward some of your network's Internet traffic to such a
server. First, decide which types of traffic should be sent to the caching server.
For example, you might want to select external traffic from particular subnets.
Configure an ACL to select the traffic and match the ACL to a route map with
commands such as those illustrated in "Routing Traffic to a Security Appli-
ance" on page 13-142. Then specify a route to the caching server. For example,
enter:
ProCurve(config-route-map)# set ip default next-hop 10.1.1.2
Advertisement
Chapters
Table of Contents
Troubleshooting
