Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
401402403404405406407408409410
392
[Router-GigabitEthernet0/1] quit
[Router] interface GigabitEthernet 0/2
[Router-GigabitEthernet0/2] ip address 151.1.1.2 255.255.255.0
[Router-GigabitEthernet0/2] quit
# Configure the loopback interface address.
[Router] interface loopback 0
[Router-LoopBack0] ip address 10.1.1.1 32
3. Verification
# Run the debugging ip policy-based-route command on Firewall.
<Firewall> debugging ip policy-based-route
<Firewall> terminal debugging
<Firewall> terminal monitor
Configure the IP address of Host A as 192.1.1.3/24 and the gateway as 192.1.1.1.
# Ping Loopback 0 of Router from Host A, and set the data section length to 50 bytes.
C:\>ping -l 50 10.1.1.1
Pinging 10.1.1.1 with 50 bytes of data:
Reply from 10.1.1.1: bytes=50 time<1ms TTL=255
Reply from 10.1.1.1: bytes=50 time<1ms TTL=255
Reply from 10.1.1.1: bytes=50 time<1ms TTL=255
Reply from 10.1.1.1: bytes=50 time<1ms TTL=255
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The debugging information about PBR displayed on Firewall is as follows:
<Firewall>
*Jun 7 12:04:33:519 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 10, next-hop : 150.1.1.2
*Jun 7 12:04:34:518 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 10, next-hop : 150.1.1.2
*Jun 7 12:04:35:518 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 10, next-hop : 150.1.1.2
*Jun 7 12:04:36:518 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 10, next-hop : 150.1.1.2
The preceding information shows that Firewall sets the next hop for the received packets to 150.1.1.2
according to PBR. The packets are forwarded via Serial 2/0.
# Ping Loopback 0 of Router from Host A, and set the data section length to 200 bytes.
C:\>ping -l 200 10.1.1.1
Pinging 10.1.1.1 with 200 bytes of data:
Reply from 10.1.1.1: bytes=200 time<1ms TTL=255