Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
554
Configuring interface PBR based on packet type
1. Network requirements
As shown in Figure 319, configure interfac
e PBR on Firewall to forward all TCP packets received on
GigabitEthernet 0/3 via GigabitEthernet 0/1. Firewall forwards other packets according to the routing
table.
Figure 319 Network diagram
2. Configuration procedure
a. Configure Firewall:
# Configure ACL 3101 to match TCP packets.
<Firewall> system-view
[Firewall] acl number 3101
[Firewall-acl-adv-3101] rule permit tcp
[Firewall-acl-adv-3101] quit
# Configure Node 5 for policy aaa to forward TCP packets via GigabitEthernet 0/1.
[Firewall] policy-based-route aaa permit node 5
[Firewall-pbr-aaa-5] if-match acl 3101
[Firewall-pbr-aaa-5] apply ip-address next-hop 1.1.2.2
[Firewall-pbr-aaa-5] quit
# Configure interface PBR by applying the policy aaa on GigabitEthernet 0/3.
[Firewall] interface gigabitethernet 0/3
[Firewall-GigabitEthernet0/3] ip address 10.110.0.10 255.255.255.0
[Firewall-GigabitEthernet0/3] ip policy-based-route aaa
[Firewall-GigabitEthernet0/3] quit
# Configure IP addresses for the GigabitEthernet interfaces.
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ip address 1.1.2.1 255.255.255.0
Firewall
GE0/3
10.110.0.10/24
GE0/1
1.1.2.1/24
GE0/2
1.1.3.1/24
Subnet
10.110.0.0/24
GE0/1
1.1.2.2/24
GE0/2
1.1.3.2/24
Router B Router A
Host A Host B
10.110.0.20/24
Gateway: 10.110.0.10