Manualshelf

Configuration Guide for A7000 dl T1 and E1 WAN Interfaces 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP 1-port Serial dl Module
11121314151617181920
Access List and Access Policy Example Understanding SROS Queuing Methods
20 5991-3823
nat source list <access list names> address <IP address> overload policy <access policy name>
All packets permitted by the access list(s) will be modified to replace the source IP address with the
entered IP address. The overload keyword allows multiple source IP addresses to be replaced with the
single IP address entered. This hides private IP addresses from outside the local network. This function is
also known as “many-to-one NAT.” The optional policy keyword specifies that all packets passed by the
access list(s) and destined for the interface using the listed access policy will be modified to replace the
source IP address with the entered IP address.
nat source list <access list names> interface <interface> overload policy <access policy name>
All packets permitted by the access list(s) entered will be modified to replace the source IP address with
the primary IP address of the listed interface. The overload keyword allows multiple source IP addresses
to be replaced with the single IP address of the specified interface. This hides private IP addresses from
outside the local network. This function is also known as “many-to-one NAT.” The optional policy
keyword specifies that all packets passed by the access list(s) and destined for the interface using the listed
access policy will be modified to replace the source IP address with the entered IP address.
Access List and Access Policy Example
Let’s review the following example to illustrate the ACL and ACP creation process.
For our example, evaluate the incoming and outgoing traffic on the WAN and local Ethernet interfaces.
Use ACLs and ACPs to provide connectivity for traffic between the private LANs (branch site 10.10.4.0
network and corporate HQ 10.25.15.0 network), grant access to the public internet connection for all users
(branch site and corporate HQ), and hide private IP addresses for all traffic transmitted to the public
domain over the PPP connection (to protect the network). The following table outlines our traffic concerns:
Caution
Before applying an access control policy to an interface, verify your Telnet connection will
not be affected by the policy. If a policy is applied to the interface you are connecting
through and it does not allow Telnet traffic, your connection will be lost.
Interface Traffic to Select
Connection to
Branch Office
traffic from remote LAN (10.10.4.0/24) destined for the local LAN (10.25.15.0/24)
traffic from remote LAN (10.10.4.0/24) to the Internet through the PPP interface
Local Network
(Ethernet Interface)
traffic destined for the remote LAN (10.10.4.0/24)
traffic to the Internet through the PPP interface
Internet
PPP
10.25.15.0/24
10.10.4.0/24
68.22.15.2/30
ProCurve
Secure Router 7203dl
ProCurve
Secure Router 7203dl