Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
76
Enable virtual fragment reassembly on the trusted zone of Firewall, and configure one-to-one NAT
on GigabitEthernet 0/2.
Figure 62 Network diagram for virtual fragment reassembly
Configuration procedure
1. Configure Firewall.
# Configure a static NAT binding.
Select Firewall > NAT Policy > Static NAT from the navigation tree, and then click Add in the Static
Address Mapping area.
Typ e 1.1.1.1 f o r Internal IP Address.
Type 2.2.2.3 for Global IP Address.
Click Apply.
# Enable static NAT on GigabitEthernet 0/2.
In the Interface Static Translation area, click Add.
Select interface GigabitEthernet0/2.
Click Apply.
# Configure virtual fragment reassembly.
Select Firewall > Session Table > Advanced from the navigation tree. The virtual fragment
reassembly configuration page is displayed by default.
Select Trust for Security Zone.
Select the Enable Virtual Fragment Reassembly check box.
Type 64 for the max number of concurrent reassemblies.
Type 16 for the max number of fragments per reassembly.
Type 3 for the timeout value of the datagram being reassembled.
Click Apply.
2. Configure Route
# Configure a static route.
Select Network > Routing Management > Static Routing from the navigation tree, and then click
Add.
Typ e 1.1.1.0 fo r Destination IP Address.
Type 255.255.255.0 for Mask.
Type 2.2.2.2 for Next Hop.
Click Apply.