HP VPN Firewall Appliances Network Management Configuration Guide

558

Pinging 10.1.1.1 with 200 bytes of data:

Reply from 10.1.1.1: bytes=200 time<1ms TTL=255

Ping statistics for 10.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

The debugging information about PBR displayed on Firewall is as follows:

*Jun 7 12:06:47:631 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing

success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2

*Jun 7 12:06:48:630 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing

success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2

*Jun 7 12:06:49:627 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing

success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2

*Jun 7 12:06:50:627 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing

success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2

The preceding information shows that Firewall sets the next hop for the received packets to

151.1.1.2 according to PBR. The packets are forwarded via GigabitEthernet 0/2.

Configuring local PBR to specify output interface and next hop

1. Network requirements

As shown in Figure 321:

• The downlink port

of the Firewall is connected to the hosts, and its uplink port GigabitEthernet 0/1

is connected to the Internet.

• The subinterface GigabitEthernet 0/1.1 obtains its IP address through DHCP.

Configure local PBR so that the router forward SNMP packets and SNMP traps through the subinterface

GigabitEthernet 0/1.1.

Figure 321 Network diagram

2. Configuration procedure

# Configure the subinterface GigabitEthernet 0/1.1 to obtain its IP address through DHCP.