R3721-F3210-F3171-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Table Of Contents

471

Figure 289 Network diagram

Device Interface IP address

Device

Interface IP address

Firewall A GE0/5 200.1.1.1/24 Firewall D GE0/1 10.1.5.1/24

GE0/1 10.1.2.1/24

GE0/2 10.1.3.2/24

GE0/2 10.1.3.1/24

Firewall

E

GE0/1 10.1.5.2/24

GE0/3 10.1.4.1/24 GE0/2 10.1.4.2/24

GE0/4 10.1.1.1/24

Firewall

F

GE0/1 9.1.1.1/24

Firewall B GE0/1 10.1.1.2/24

GE0/2 200.1.1.2/24

Firewall C GE0/1 10.1.2.2/24

Configuration procedure

1. Configure IP addresses for interfaces. (Details not shown)

2. Configure the BGP confederation:

# Configure Firewall A.

<FirewallA> system-view

[FirewallA] bgp 65001

[FirewallA-bgp] router-id 1.1.1.1

[FirewallA-bgp] confederation id 200

[FirewallA-bgp] confederation peer-as 65002 65003

[FirewallA-bgp] peer 10.1.1.2 as-number 65002

[FirewallA-bgp] peer 10.1.1.2 next-hop-local

[FirewallA-bgp] peer 10.1.2.2 as-number 65003

[FirewallA-bgp] peer 10.1.2.2 next-hop-local

[FirewallA-bgp] quit

# Configure Firewall B.

<FirewallB> system-view

[FirewallB] bgp 65002

[FirewallB-bgp] router-id 2.2.2.2

[FirewallB-bgp] confederation id 200

[FirewallB-bgp] confederation peer-as 65001 65003

[FirewallB-bgp] peer 10.1.1.1 as-number 65001

[FirewallB-bgp] quit

# Configure Firewall C.

Firewall F

Firewall A

Firewall D

Firewall E

AS 200

AS 100

GE0/1

Firewall B

Firewall C

AS 65002

AS 65003

GE0/2

GE0/5

GE0/4

GE0/1

GE0/1

GE0/1

GE0/2

GE0/2

GE0/2

GE0/3

GE0/1

GE0/1

AS 65001