ProCurve VPN Client and ProCurve Secure Router 7000dl Series - Application Note

c) An allow statement must be added to the TRUSTED policy class allowing vpn-traffic

through the firewall to be encrypted. NOTE: Policy-class names are case sensitive.

The policy-class names below may need to be changed based on the current

policy-class nomencalature. If a nat source list MATCHALL statement is in the

policy-class be sure to remove it by using the no form of the command. Re-enter

the nat source list MATCHALL statement after entering new statements. The

policy-class TRUSTED is attached to interface ethernet 0/1 interface.

Figure 13 Allow traffic specified by ACL into TRUSTED interface

d) Finally, the UNTRUSTED policy class must be attached to the ppp 1 interface.

SecureSiteRouter

(

config)#

ip policy

class TRUSTED

SecureSiteRouter(config-policy-class)# no nat source list MATCHALL interface ppp 1 overload

SecureSiteRouter(config-policy-class)# allow list vpn_traffic

SecureSiteRouter(config-policy-class)# nat source list MATCHALL interface ppp 1 overload

SecureSiteRouter

(config)#

interface ppp 1

SecureSiteRouter(config-ppp 1)# access-policy UNTRUSTED