Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
10
Table 4 Virtual fragment reassembly configuration items
Item Descri
p
tion
Security Zone Specify a security zone to be configured with virtual fragment reassembly.
Enable Virtual Fragment
Reassembly
Select the check box to enable the virtual fragment reassembly feature.
Specify max number of
concurrent reassemblies
Specify the maximum number of concurrent reassemblies. When this value is
reached, the LB module discards all subsequent packets and sends a syslog
message.
This option is available after the virtual fragment reassembly feature is enabled.
Specify max number of
fragments per reassembly
Specify the maximum number of fragments in each reassembly. When this
value is reached, the LB module discards all subsequent fragments of the
reassembly and sends a syslog.
This option is available after the virtual fragment reassembly feature is enabled.
Specify timeout value of the
datagram being
reassembled
Set the aging time for each reassembly. If the fragments of a datagram (in a
reassembly) are not reassembled within this time, all the fragments of the
datagram are discarded.
This option is available after the virtual fragment reassembly feature is enabled.
Drop all the incoming
fragments
Select the check box to discard all incoming fragments.
This option is available after the virtual fragment reassembly feature is enabled.
Virtual fragment reassembly configuration example
Network requirements
As shown in Figure 10, Host accesses Router through the LB module and NAT is enabled on interface
Ten-GigabitEthernet 0/0.2 of the LB module. It is required to enable virtual fragment reassembly for
security zone Trust on the LB module to ensure secure and efficient NAT.
Figure 10 Network diagram for virtual fragment reassembly configuration
Configuration procedure
1. Configure Host
# On Host, configure a static route to Router. (Omitted)
2. Configure the LB module.
# Configure IP addresses for the interfaces and assign the interfaces to security zones. (Omitted)
# Configure a static address mapping.