HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

131

132

133

134

135

136

137

138

139

140

130

Ste

Command

Remarks

3. Create a security zone

and enter security zone

view.

zone name zone-name [ id zone-id ] N/A

4. Enter interface view.

interface interface-type interface-number N/A

5. Enable IP virtual fragment

reassembly.

ip virtual-reassembly [ drop-fragments |

max-fragments number | max-reassemblies

number | timeout seconds ] *

By default, the feature is

enabled.

6. Display fragment

information in the security

zone.

display ip virtual-reassembly vd vd-name

[ zone zone-name ] [ | { begin | exclude |

include } regular-expression ]

Optional.

Configuration example

Network requirements

As shown in Figure 105, configure devices as follows:

• NAT is enabled on GigabitEthernet0/2 of the firewall.

• Configure IP virtual fragment reassembly on GigabitEthernet0/2 of the firewall.

Figure 105 Network diagram

Configuration procedure

1. Assign IP addresses to the interfaces as shown in the figure. (Details not shown.)

2. Configure the host:

# Configure a route so that the Host, Firewall, and Router can communicate with each other.

(Details not shown.)

3. Configure the firewall:

# Configure NAT and IP virtual fragment reassembly.

<Firewall> system-view

[Firewall] nat static 10.1.1.1 11.2.2.3

[Firewall] interface gigabitethernet0/2

[Firewall-GigabitEthernet0/2] nat outbound static

[Firewall-GigabitEthernet0/2] quit

# Configure IP virtual fragment reassembly.

[Firewall] zone name trust

[Firewall-zone-trust] ip virtual-reassembly