R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

361

362

363

364

365

366

367

368

369

370

355

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable ALG.

alg { all | dns | ftp | gtp | h323 | ils |

msn | nbt | pptp | qq | rtsp | sccp |

sip | sqlnet | tftp }

Optional.

By default, ALG is enabled for all

protocols.

FTP ALG configuration example

The example describes only ALG configuration, assuming other required configurations on the server

and client have been done.

Network requirements

As shown in Figure 118, a company uses the private network segment 192.168.1.0/24, and has four

public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. The company wants to provide FTP

services to the outside.

Configure NAT and ALG on the router so that hosts on the external network can access the FTP server on

the internal network.

Figure 118 Network diagram

Configuration procedure

# Configure the address pool and ACL.

<Router> system-view

[Router] nat address-group 1 5.5.5.9 5.5.5.11

[Router] acl number 2001

[Router-acl-basic-2001] rule permit

[Router-acl-basic-2001] quit

# Enable ALG for FTP.

[Router] alg ftp

# Configure NAT.

[Router] interface gigabitethernet 3/0/1

[Router-GigabitEthernet3/0/1] nat outbound 2001 address-group 1

# Configure internal FTP server.

[Router-GigabitEthernet3/0/1] nat server protocol tcp global 5.5.5.10 ftp inside

192.168.1.2 ftp