Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
12345678910
viii
Password authentication enabled Stelnet server configuration example ······················································ 337
Publickey authentication enabled Stelnet server configuration example ······················································· 339
Password authentication enabled Stelnet client configuration example ························································ 345
Publickey authentication enabled Stelnet client configuration example ························································ 348
SFTP configuration examples ······································································································································ 350
Password authentication enabled SFTP server configuration example ·························································· 350
Publickey authentication enabled SFTP client configuration example ··························································· 352
SCP file transfer with password authentication ········································································································· 355
Network requirements ········································································································································· 356
Configuration procedure ···································································································································· 356
Configuring SSL ······················································································································································· 358
Overview ······································································································································································· 358
SSL security services ············································································································································ 358
SSL protocol stack ··············································································································································· 358
FIPS compliance ··························································································································································· 359
Security strength ··························································································································································· 359
SSL configuration task list ············································································································································ 359
Configuring an SSL server policy ······························································································································· 359
Configuring an SSL client policy ································································································································ 361
Displaying and maintaining SSL ································································································································· 362
Configuring ASPF ···················································································································································· 363
Overview ······································································································································································· 363
ASPF basic concepts ··········································································································································· 363
ASPF inspections·················································································································································· 364
ASPF configuration task list ········································································································································· 366
Configuring an ASPF policy ········································································································································ 366
Applying an ASPF policy to an interface ·················································································································· 366
Displaying and maintaining ASPF ······························································································································ 367
ASPF configuration examples ····································································································································· 367
ASPF FTP application inspection configuration example ················································································ 367
ASPF TCP application inspection configuration example ··············································································· 369
ASPF H.323 application inspection configuration example ·········································································· 370
Configuring APR ······················································································································································ 372
Overview ······································································································································································· 372
PBAR ····································································································································································· 372
Group-based application recognition ··············································································································· 372
Configuring PBAR ························································································································································ 373
Configuring application groups ································································································································· 373
Enabling application statistics on an interface ········································································································· 374
Displaying and maintaining APR ································································································································ 375
APR configuration example ········································································································································· 375
Network requirements ········································································································································· 375
Configuration procedure ···································································································································· 375
Verifying the configuration ································································································································· 376
Managing sessions ················································································································································· 377
Overview ······································································································································································· 377
Session management operation ························································································································· 377
Session management functions ·························································································································· 377
Session management task list ····································································································································· 378
Setting the session aging time for different protocol states ····················································································· 378
Setting the session aging time for different application layer protocols ································································ 379
Specifying persistent sessions ····································································································································· 380