Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
551552553554555556557558559560
532
Figure 305 Network diagram
Configuration procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Run OSPF on AS 200 so that Firewall A and Firewall B can reach each other. Configure OSPF to
redistribute routes from BGP on Firewall A. (Details not shown.)
3. Configure BGP on Firewall A:
# Establish two IBGP connections to Firewall B, and specify Firewall A as the next hop for routes
sent to the IBGP peers.
<FirewallA> system-view
[FirewallA] bgp 200
[FirewallA-bgp] peer 3.0.2.2 as-number 200
[FirewallA-bgp] peer 2.0.2.2 as-number 200
[FirewallA-bgp] peer 3.0.2.2 next-hop-local
[FirewallA-bgp] peer 2.0.2.2 next-hop-local
# Configure BGP to redistribute routes from OSPF.
[FirewallA-bgp] import-route ospf
[FirewallA-bgp] quit
# Create ACL 2000 to permit 1.1.1.0/24 to pass.
[FirewallA] acl number 2000
[FirewallA-acl-basic-2000] rule permit source 1.1.1.0 0.0.0.255
[FirewallA-acl-basic-2000] quit
# Create two route policies, apply_med_50 and apply_med_100. Policy apply_med_50 sets the
MED for route 1.1.1.0/24 to 50. Policy apply_med_100 sets that to 100.
[FirewallA] route-policy apply_med_50 permit node 10
[FirewallA-route-policy] if-match acl 2000
[FirewallA-route-policy] apply cost 50
[FirewallA-route-policy] quit
[FirewallA] route-policy apply_med_100 permit node 10
[FirewallA-route-policy] if-match acl 2000
[FirewallA-route-policy] apply cost 100
[FirewallA-route-policy] quit
# Apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing
policy apply_med_100 to routes outgoing to peer 2.0.2.2.