Owners Manual
Page 3
ProCurve Secure Router 7000dl Series Advanced Management and Configuration Guide November 2006 J06_03
ProCurve Secure Router 7000dl Series Advanced Management and Configuration Guide November 2006 J06_03
Owners Manual
Page 4
...-3822 November 2006 Applicable Products ProCurve Secure Router 7102 dl ProCurve Secure Router 7203 dl (J8752A) (J8753A) Trademark Credits Microsoft, Windows, Windows NT, and Windows XP are set forth in the express warranty statements accompanying such products and services. The only warranties for technical or editorial errors or omissions contained herein. HP shall not be photocopied, reproduced...
...-3822 November 2006 Applicable Products ProCurve Secure Router 7102 dl ProCurve Secure Router 7203 dl (J8752A) (J8753A) Trademark Credits Microsoft, Windows, Windows NT, and Windows XP are set forth in the express warranty statements accompanying such products and services. The only warranties for technical or editorial errors or omissions contained herein. HP shall not be photocopied, reproduced...
Owners Manual
Page 5
... Convention 1-5 Quick Start Sections 1-6 Obtaining Additional Information 1-6 Downloading Software Updates 1-7 Interface Management Options 1-9 CLI 1-9 Web Browser Interface 1-9 Accessing the Web Browser Interface 1-10 Using the ProCurve Web Browser Interface 1-11 CLI Tools 1-13 Help Tools 1-13 CLI Help Commands 1-13 Editing Commands 1-14 Basic Commands 1-15 no 1-15 do 1-15 exit...
... Convention 1-5 Quick Start Sections 1-6 Obtaining Additional Information 1-6 Downloading Software Updates 1-7 Interface Management Options 1-9 CLI 1-9 Web Browser Interface 1-9 Accessing the Web Browser Interface 1-10 Using the ProCurve Web Browser Interface 1-11 CLI Tools 1-13 Help Tools 1-13 CLI Help Commands 1-13 Editing Commands 1-14 Basic Commands 1-15 no 1-15 do 1-15 exit...
Owners Manual
Page 7
... WAN Connections Contents 3-1 Backing Up Primary WAN Connections 3-5 Analog Backup Connections 3-5 ISDN-Backup Connections 3-6 BRI ISDN 3-7 Electrical Specifications for BRI ISDN 3-9 Backup Modules for the ProCurve Secure Router 3-9 Standards 3-10 Data Link Layer Protocols 3-11 Determining a Backup Method 3-11 Using Demand Routing for Backup Connections 3-12 Using Persistent Backup Connections 3-14 Comparing Demand...
... WAN Connections Contents 3-1 Backing Up Primary WAN Connections 3-5 Analog Backup Connections 3-5 ISDN-Backup Connections 3-6 BRI ISDN 3-7 Electrical Specifications for BRI ISDN 3-9 Backup Modules for the ProCurve Secure Router 3-9 Standards 3-10 Data Link Layer Protocols 3-11 Determining a Backup Method 3-11 Using Demand Routing for Backup Connections 3-12 Using Persistent Backup Connections 3-14 Comparing Demand...
Owners Manual
Page 11
4 ProCurve Secure Router OS Firewall-Protecting the Internal, Trusted Network Contents 4-1 Overview 4-3 Advantages of an Integrated Firewall 4-3 Stateful-Inspection Firewalls 4-4 Packet-Filtering Firewall 4-4 Circuit-level Gateway 4-6 Application-level Gateway 4-7 Attack Checking 4-9 SYN-flood Attacks 4-10 WinNuke Attacks 4-11 Reflexive Traffic 4-12 Event Logging 4-12 Configuring Attack Checking 4-14 Enabling the Secure Router OS Firewall 4-14 Enabling...
4 ProCurve Secure Router OS Firewall-Protecting the Internal, Trusted Network Contents 4-1 Overview 4-3 Advantages of an Integrated Firewall 4-3 Stateful-Inspection Firewalls 4-4 Packet-Filtering Firewall 4-4 Circuit-level Gateway 4-6 Application-level Gateway 4-7 Attack Checking 4-9 SYN-flood Attacks 4-10 WinNuke Attacks 4-11 Reflexive Traffic 4-12 Event Logging 4-12 Configuring Attack Checking 4-14 Enabling the Secure Router OS Firewall 4-14 Enabling...
Owners Manual
Page 12
... Contents 5-1 Access Control for Interfaces on the ProCurve Secure Router 5-3 Access Control Mechanisms 5-4 Using ACLs Alone to Configure Access Control 5-6 Configure ACLs 5-6 ACL Entries 5-6 Types of ACLs 5-7 Creating an ACL 5-9 Creating a Standard ACL 5-9 Creating an ... ACL 5-18 Applying the ACL to an Interface 5-19 Selecting the Packet and Controlling the Action 5-20 Controlling FTP, HTTP, and Telnet Access to the Router 5-21 Restricting FTP Access 5-22 Restricting HTTP Access 5-22 Restricting Telnet Access 5-23 Examples of Applying ACLs 5-23 Using ACPs to Control Access to...
... Contents 5-1 Access Control for Interfaces on the ProCurve Secure Router 5-3 Access Control Mechanisms 5-4 Using ACLs Alone to Configure Access Control 5-6 Configure ACLs 5-6 ACL Entries 5-6 Types of ACLs 5-7 Creating an ACL 5-9 Creating a Standard ACL 5-9 Creating an ... ACL 5-18 Applying the ACL to an Interface 5-19 Selecting the Packet and Controlling the Action 5-20 Controlling FTP, HTTP, and Telnet Access to the Router 5-21 Restricting FTP Access 5-22 Restricting HTTP Access 5-22 Restricting Telnet Access 5-23 Examples of Applying ACLs 5-23 Using ACPs to Control Access to...
Owners Manual
Page 14
6 Configuring Network Address Translation Contents 6-1 NAT Services on the ProCurve Secure Router 6-2 Many-to-One NAT for Outbound Traffic 6-2 Using NAT with PAT 6-3 One-to-One NAT for Inbound Traffic 6-5 One-to-One NAT with Port Translation 6-6 ...
6 Configuring Network Address Translation Contents 6-1 NAT Services on the ProCurve Secure Router 6-2 Many-to-One NAT for Outbound Traffic 6-2 Using NAT with PAT 6-3 One-to-One NAT for Inbound Traffic 6-5 One-to-One NAT with Port Translation 6-6 ...
Owners Manual
Page 15
...-Related Use of the Internet 7-2 Web Content Filtering on the ProCurve Secure Router 7000dl Series 7-3 The Role of the Websense Enterprise Solution 7-3 The Role of the ProCurve Secure Router 7-4 Configuring Web Content Filtering 7-5 Creating a Filter on the ProCurve Secure Router 7-5 Specifying the Websense Server's IP Address 7-6 Applying a Filter to a Router Interface 7-6 Specifying Behavior When the Server Is Unreachable 7-8 Defining Exclusive...
...-Related Use of the Internet 7-2 Web Content Filtering on the ProCurve Secure Router 7000dl Series 7-3 The Role of the Websense Enterprise Solution 7-3 The Role of the ProCurve Secure Router 7-4 Configuring Web Content Filtering 7-5 Creating a Filter on the ProCurve Secure Router 7-5 Specifying the Websense Server's IP Address 7-6 Applying a Filter to a Router Interface 7-6 Specifying Behavior When the Server Is Unreachable 7-8 Defining Exclusive...
Owners Manual
Page 16
8 Setting Up Quality of Service Contents 8-1 Overview 8-4 Evaluating Traffic on Your Network 8-4 QoS Mechanisms on the ProCurve Secure Router 8-5 ToS Field 8-6 First In, First Out 8-10 WFQ 8-11 CBWFQ 8-11 LLQ 8-11 FRF.12 8-12 QoS Maps 8-12 Configuring WFQ 8-14 Overview 8-14 Conversations 8-...
8 Setting Up Quality of Service Contents 8-1 Overview 8-4 Evaluating Traffic on Your Network 8-4 QoS Mechanisms on the ProCurve Secure Router 8-5 ToS Field 8-6 First In, First Out 8-10 WFQ 8-11 CBWFQ 8-11 LLQ 8-11 FRF.12 8-12 QoS Maps 8-12 Configuring WFQ 8-14 Overview 8-14 Conversations 8-...
Owners Manual
Page 21
Configuring a VPN Using IPSec 10-15 Configuring IPSec with IKE 10-15 Configuring IPSec with Manual Keying 10-19 How the ProCurve Secure Router Processes IKE Policies and Crypto Maps 10-20 Configuration Tasks 10-23 Enabling Crypto Commands 10-23 Configuring IKE Policies 10-23 Peer ID ... Restricting Specified Hosts 10-36 Permitting Local and Remote Networks 10-37 Applying the ACL to a Crypto Map 10-38 Example Configuration 10-39 Enabling Router Traffic to Servers at a Remote VPN Site . . . . 10-39 Configuring IPSec SA Parameters 10-40 Transform Sets 10-40 Crypto Maps 10-42 Applying ...
Configuring a VPN Using IPSec 10-15 Configuring IPSec with IKE 10-15 Configuring IPSec with Manual Keying 10-19 How the ProCurve Secure Router Processes IKE Policies and Crypto Maps 10-20 Configuration Tasks 10-23 Enabling Crypto Commands 10-23 Configuring IKE Policies 10-23 Peer ID ... Restricting Specified Hosts 10-36 Permitting Local and Remote Networks 10-37 Applying the ACL to a Crypto Map 10-38 Example Configuration 10-39 Enabling Router Traffic to Servers at a Remote VPN Site . . . . 10-39 Configuring IPSec SA Parameters 10-40 Transform Sets 10-40 Crypto Maps 10-42 Applying ...
Owners Manual
Page 27
15 IP Routing-Configuring RIP, OSPF, BGP, and PBR Contents 15-1 Overview 15-6 Routing Protocols 15-6 Dynamic Routing Protocols Supported on the ProCurve Secure Router 15-7 How Routing Protocols Work 15-7 Advantages and Disadvantages of Routing Protocols 15-10 Load Sharing 15-11 Configuring RIP 15-12 RIP Process 15-...
15 IP Routing-Configuring RIP, OSPF, BGP, and PBR Contents 15-1 Overview 15-6 Routing Protocols 15-6 Dynamic Routing Protocols Supported on the ProCurve Secure Router 15-7 How Routing Protocols Work 15-7 Advantages and Disadvantages of Routing Protocols 15-10 Load Sharing 15-11 Configuring RIP 15-12 RIP Process 15-...
Owners Manual
Page 32
...-20 Web Access Configuration 16-22 Increasing Bandwidth 16-24 Configuring MLPPP 16-24 Configuring MLFR 16-26 Backup Modules 16-27 Configuring the ProCurve Secure Router OS Firewall 16-27 Enabling Attack Checking 16-29 Enabling Event Logging 16-30 Enabling Email Forwarding 16-32 Enabling Syslog Forwarding 16-33 Display ...
...-20 Web Access Configuration 16-22 Increasing Bandwidth 16-24 Configuring MLPPP 16-24 Configuring MLFR 16-26 Backup Modules 16-27 Configuring the ProCurve Secure Router OS Firewall 16-27 Enabling Attack Checking 16-29 Enabling Event Logging 16-30 Enabling Email Forwarding 16-32 Enabling Syslog Forwarding 16-33 Display ...
Owners Manual
Page 33
... 16-50 Configuring One-to-One NAT 16-51 Configuring Policies to Control Management Access to the ProCurve Secure Router 16-53 Customizing Your Policies 16-53 Changing the Order of Policies 16-57 Assigning the Security Zone (the ACP) to an Interface 16-57 Configuring Quality of Service 16-58 Configuring WFQ 16...
... 16-50 Configuring One-to-One NAT 16-51 Configuring Policies to Control Management Access to the ProCurve Secure Router 16-53 Customizing Your Policies 16-53 Changing the Order of Policies 16-57 Assigning the Security Zone (the ACP) to an Interface 16-57 Configuring Quality of Service 16-58 Configuring WFQ 16...
Owners Manual
Page 35
... Convention 1-5 Quick Start Sections 1-6 Obtaining Additional Information 1-6 Downloading Software Updates 1-7 Interface Management Options 1-9 CLI 1-9 Web Browser Interface 1-9 Accessing the Web Browser Interface 1-10 Using the ProCurve Web Browser Interface 1-11 CLI Tools 1-13 Help Tools 1-13 CLI Help Commands 1-13 Editing Commands 1-14 Basic Commands 1-15 no 1-15 do 1-15 exit...
... Convention 1-5 Quick Start Sections 1-6 Obtaining Additional Information 1-6 Downloading Software Updates 1-7 Interface Management Options 1-9 CLI 1-9 Web Browser Interface 1-9 Accessing the Web Browser Interface 1-10 Using the ProCurve Web Browser Interface 1-11 CLI Tools 1-13 Help Tools 1-13 CLI Help Commands 1-13 Editing Commands 1-14 Basic Commands 1-15 no 1-15 do 1-15 exit...
Owners Manual
Page 37
...two models: ■ ProCurve Secure Router 7102dl ■ ProCurve Secure Router 7203dl Both this guide and the ProCurve Secure Router Basic Management and Configuration Guide describe how to use the command line interface (CLI) and the Web browser interface to use the ProCurve Secure Router 7000dl series in a...bandwidth for E1- Overview Using This Guide Using This Guide The ProCurve Secure Router Advanced Management and Configuration Guide describes how to configure, manage, monitor, and troubleshoot router operation. The Advanced Management and Configuration Guide describes how to ...
...two models: ■ ProCurve Secure Router 7102dl ■ ProCurve Secure Router 7203dl Both this guide and the ProCurve Secure Router Basic Management and Configuration Guide describe how to use the command line interface (CLI) and the Web browser interface to use the ProCurve Secure Router 7000dl series in a...bandwidth for E1- Overview Using This Guide Using This Guide The ProCurve Secure Router Advanced Management and Configuration Guide describes how to configure, manage, monitor, and troubleshoot router operation. The Advanced Management and Configuration Guide describes how to ...
Owners Manual
Page 38
..., a part of the command in which you replace with the name of a particular access control list (ACL) configured on your router. ■ Vertical bars ( | ) separate alternative, mutually exclusive elements. ■ Square brackets ( [ ] ) are included in the.... You can either replace with information that you may optionally add the information specific to your router or WAN. When entering the command, you can include the optional element in the command, but... in the first command above , you enter information specific to your ProCurve Secure Router, the CLI prompt indicates the...
..., a part of the command in which you replace with the name of a particular access control list (ACL) configured on your router. ■ Vertical bars ( | ) separate alternative, mutually exclusive elements. ■ Square brackets ( [ ] ) are included in the.... You can either replace with information that you may optionally add the information specific to your router or WAN. When entering the command, you can include the optional element in the command, but... in the first command above , you enter information specific to your ProCurve Secure Router, the CLI prompt indicates the...
Owners Manual
Page 39
... /24 Interface Numbering Convention When configuring a WAN connection, you might need to assign an IP address to a logical interface on the ProCurve Secure Router, or you will need to enter an IP address to specify the slot and port of a command. The syntax for specifying an interface..., Chapter 1: Overview. IP Address Convention You must use one of the router. For example, you might need to be filtered by changing the router's hostname. For example, for ADSL interfaces you have a ProCurve Secure Router 7203dl, the wide module is providing the connection. If you would use e1...
... /24 Interface Numbering Convention When configuring a WAN connection, you might need to assign an IP address to a logical interface on the ProCurve Secure Router, or you will need to enter an IP address to specify the slot and port of a command. The syntax for specifying an interface..., Chapter 1: Overview. IP Address Convention You must use one of the router. For example, you might need to be filtered by changing the router's hostname. For example, for ADSL interfaces you have a ProCurve Secure Router 7203dl, the wide module is providing the connection. If you would use e1...
Owners Manual
Page 40
...thoroughly understand how to quickly configure your ProCurve Secure Router. When the document file opens, click the disk icon in the bar on the Internet. Access the ProCurve Networking Web site at http://www.procurve.com. 2. The first time you perform a task, ProCurve Networking strongly recommends that provides the .... 1-6 Click Technical support in the Acrobat® toolbar and save product documentation that you need to manage the ProCurve Secure Router. Quick Start Sections Each chapter includes a Quick Start section that you read the entire chapter so you want . 5.
...thoroughly understand how to quickly configure your ProCurve Secure Router. When the document file opens, click the disk icon in the bar on the Internet. Access the ProCurve Networking Web site at http://www.procurve.com. 2. The first time you perform a task, ProCurve Networking strongly recommends that provides the .... 1-6 Click Technical support in the Acrobat® toolbar and save product documentation that you need to manage the ProCurve Secure Router. Quick Start Sections Each chapter includes a Quick Start section that you read the entire chapter so you want . 5.
Owners Manual
Page 41
... the sidebar). (See Figure 1-2.) 3. The ProCurve Technical Support Web Page Downloading Software Updates ProCurve Networking periodically updates the router software to view documentation that you have saved. Access the ProCurve Networking Web site at http://www.procurve.com. 2. To download software, complete the following steps: 1. Under Latest software, click Secure Router 7000dl Series. 1-7 You can download software...
... the sidebar). (See Figure 1-2.) 3. The ProCurve Technical Support Web Page Downloading Software Updates ProCurve Networking periodically updates the router software to view documentation that you have saved. Access the ProCurve Networking Web site at http://www.procurve.com. 2. To download software, complete the following steps: 1. Under Latest software, click Secure Router 7000dl Series. 1-7 You can download software...
Owners Manual
Page 43
...Terminal on your workstation to the console port on your workstation, and set up the terminal session with the ProCurve Secure Router. Web Browser Interface You can also manage the ProCurve Secure Router through the CLI. Even if you are a dedicated CLI user, you should try this easy-to-use a... private networks (VPNs). (See Figure 1-3.) In fact, the Web browser interface provides wizards to help you configure VPNs, the router's built-in the ProCurve Secure Router Basic Management and Configuration Guide.) CLI To initially access the CLI, connect the COM port on the front panel of the...
...Terminal on your workstation to the console port on your workstation, and set up the terminal session with the ProCurve Secure Router. Web Browser Interface You can also manage the ProCurve Secure Router through the CLI. Even if you are a dedicated CLI user, you should try this easy-to-use a... private networks (VPNs). (See Figure 1-3.) In fact, the Web browser interface provides wizards to help you configure VPNs, the router's built-in the ProCurve Secure Router Basic Management and Configuration Guide.) CLI To initially access the CLI, connect the COM port on the front panel of the...