R3303-HP HSR6800 Routers Security Configuration Guide

352

# Create ACL 2001 to block Java applets from site 2.2.2.11.

[RouterA] acl number 2001

[RouterA-acl-basic-2001] rule deny source 2.2.2.11 0

[RouterA-acl-basic-2001] rule permit

[RouterA-acl-basic-2001] quit

# Create ASPF policy1.

[RouterA] aspf-policy 1

[RouterA-aspf-policy-1] icmp-error drop

[RouterA-aspf-policy-1] tcp syn-check

[RouterA-aspf-policy-1] quit

# Apply ACL 3111 and the ASPF policy to the interface Serial 2/1/1.

[RouterA] interface serial 2/1/1

[RouterA-Serial2/1/1] firewall aspf 1 outbound

[RouterA-Serial2/1/1] firewall packet-filter 3111 inbound