R3721-F3210-F3171-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

831

832

833

834

835

836

837

838

839

840

Table Of Contents

816

Figure 391 Network diagram

Configuration procedure

1. Configure Firewall A:

# Define ACL 3001 to match TCP packets.

<FirewallA> system-view

[FirewallA] ipv6

[FirewallA] acl ipv6 number 3001

[FirewallA-acl6-adv-3001] rule permit tcp

[FirewallA-acl6-adv-3001] quit

# Define Node 5 of policy aaa, so that TCP packets are forwarded via GigabitEthernet 0/1.

[FirewallA] ipv6 policy-based-route aaa permit node 5

[FirewallA-pbr6-aaa-5] if-match acl6 3001

[FirewallA-pbr6-aaa-5] apply ipv6-address next-hop 1::2

[FirewallA-pbr6-aaa-5] quit

# Apply policy aaa to Firewall A.

[FirewallA] ipv6 local policy-based-route aaa

# Configure the IPv6 addresses of GigabitEthernet 0/1 and GigabitEthernet 0/2.

[FirewallA] interface gigabitethernet 0/1

[FirewallA-GigabitEthernet0/1] ipv6 address 1::1 64

[FirewallA-GigabitEthernet0/1] quit

[FirewallA] interface gigabitethernet 0/2

[FirewallA-GigabitEthernet0/2] ipv6 address 2::1 64

2. Configure Firewall B:

# Configure the IPv6 address for GigabitEthernet 0/1.

<FirewallB> system-view

[FirewallB] ipv6

[FirewallB] interface gigabitethernet 0/1

[FirewallB-GigabitEthernet0/1] ipv6 address 1::2 64

[FirewallB-GigabitEthernet0/1] quit

3. Configure Firewall C:

# Configure the IPv6 address for GigabitEthernet 0/2.

<FirewallC> system-view

[FirewallC] ipv6

[FirewallC] interface gigabitethernet 0/2

[FirewallC-GigabitEthernet0/2] ipv6 address 2::2 64

[FirewallC-GigabitEthernet0/2] quit

4. Verify the configuration:

# Telnet to Firewall B (1::2/64) from Firewall A. The operation succeeds.