Owners Manual
Page 3
ProCurve Secure Router 7000dl Series Advanced Management and Configuration Guide November 2006 J06_03
ProCurve Secure Router 7000dl Series Advanced Management and Configuration Guide November 2006 J06_03
Owners Manual
Page 4
... Rights Reserved. Publication Number 5991-3822 November 2006 Applicable Products ProCurve Secure Router 7102 dl ProCurve Secure Router 7203 dl (J8752A) (J8753A) Trademark Credits Microsoft, Windows, Windows NT, and Windows XP are set forth in connection with the product. The information contained herein is subject to your HP Sales and Service Office or authorized dealer. © Copyright...
... Rights Reserved. Publication Number 5991-3822 November 2006 Applicable Products ProCurve Secure Router 7102 dl ProCurve Secure Router 7203 dl (J8752A) (J8753A) Trademark Credits Microsoft, Windows, Windows NT, and Windows XP are set forth in connection with the product. The information contained herein is subject to your HP Sales and Service Office or authorized dealer. © Copyright...
Owners Manual
Page 7
... WAN Connections Contents 3-1 Backing Up Primary WAN Connections 3-5 Analog Backup Connections 3-5 ISDN-Backup Connections 3-6 BRI ISDN 3-7 Electrical Specifications for BRI ISDN 3-9 Backup Modules for the ProCurve Secure Router 3-9 Standards 3-10 Data Link Layer Protocols 3-11 Determining a Backup Method 3-11 Using Demand Routing for Backup Connections 3-12 Using Persistent Backup Connections 3-14 Comparing Demand...
... WAN Connections Contents 3-1 Backing Up Primary WAN Connections 3-5 Analog Backup Connections 3-5 ISDN-Backup Connections 3-6 BRI ISDN 3-7 Electrical Specifications for BRI ISDN 3-9 Backup Modules for the ProCurve Secure Router 3-9 Standards 3-10 Data Link Layer Protocols 3-11 Determining a Backup Method 3-11 Using Demand Routing for Backup Connections 3-12 Using Persistent Backup Connections 3-14 Comparing Demand...
Owners Manual
Page 11
4 ProCurve Secure Router OS Firewall-Protecting the Internal, Trusted Network Contents 4-1 Overview 4-3 Advantages of an Integrated Firewall 4-3 Stateful-Inspection Firewalls 4-4 Packet-Filtering Firewall 4-4 Circuit-level Gateway 4-6 Application-level Gateway 4-7 Attack Checking 4-9 SYN-flood Attacks 4-10 WinNuke Attacks 4-11 Reflexive Traffic 4-12 Event Logging 4-12 Configuring Attack Checking 4-14 Enabling the Secure Router OS Firewall 4-14 Enabling...
4 ProCurve Secure Router OS Firewall-Protecting the Internal, Trusted Network Contents 4-1 Overview 4-3 Advantages of an Integrated Firewall 4-3 Stateful-Inspection Firewalls 4-4 Packet-Filtering Firewall 4-4 Circuit-level Gateway 4-6 Application-level Gateway 4-7 Attack Checking 4-9 SYN-flood Attacks 4-10 WinNuke Attacks 4-11 Reflexive Traffic 4-12 Event Logging 4-12 Configuring Attack Checking 4-14 Enabling the Secure Router OS Firewall 4-14 Enabling...
Owners Manual
Page 12
... Contents 5-1 Access Control for Interfaces on the ProCurve Secure Router 5-3 Access Control Mechanisms 5-4 Using ACLs Alone to Configure Access Control 5-6 Configure ACLs 5-6 ACL Entries 5-6 Types of ACLs 5-7 Creating an ACL 5-9 Creating a Standard ACL 5-9 Creating an ... ACL 5-18 Applying the ACL to an Interface 5-19 Selecting the Packet and Controlling the Action 5-20 Controlling FTP, HTTP, and Telnet Access to the Router 5-21 Restricting FTP Access 5-22 Restricting HTTP Access 5-22 Restricting Telnet Access 5-23 Examples of Applying ACLs 5-23 Using ACPs to Control Access to...
... Contents 5-1 Access Control for Interfaces on the ProCurve Secure Router 5-3 Access Control Mechanisms 5-4 Using ACLs Alone to Configure Access Control 5-6 Configure ACLs 5-6 ACL Entries 5-6 Types of ACLs 5-7 Creating an ACL 5-9 Creating a Standard ACL 5-9 Creating an ... ACL 5-18 Applying the ACL to an Interface 5-19 Selecting the Packet and Controlling the Action 5-20 Controlling FTP, HTTP, and Telnet Access to the Router 5-21 Restricting FTP Access 5-22 Restricting HTTP Access 5-22 Restricting Telnet Access 5-23 Examples of Applying ACLs 5-23 Using ACPs to Control Access to...
Owners Manual
Page 14
6 Configuring Network Address Translation Contents 6-1 NAT Services on the ProCurve Secure Router 6-2 Many-to-One NAT for Outbound Traffic 6-2 Using NAT with PAT 6-3 One-to-One NAT for Inbound Traffic 6-5 One-to-One NAT with Port Translation 6-6 ...
6 Configuring Network Address Translation Contents 6-1 NAT Services on the ProCurve Secure Router 6-2 Many-to-One NAT for Outbound Traffic 6-2 Using NAT with PAT 6-3 One-to-One NAT for Inbound Traffic 6-5 One-to-One NAT with Port Translation 6-6 ...
Owners Manual
Page 15
...-Related Use of the Internet 7-2 Web Content Filtering on the ProCurve Secure Router 7000dl Series 7-3 The Role of the Websense Enterprise Solution 7-3 The Role of the ProCurve Secure Router 7-4 Configuring Web Content Filtering 7-5 Creating a Filter on the ProCurve Secure Router 7-5 Specifying the Websense Server's IP Address 7-6 Applying a Filter to a Router Interface 7-6 Specifying Behavior When the Server Is Unreachable 7-8 Defining Exclusive...
...-Related Use of the Internet 7-2 Web Content Filtering on the ProCurve Secure Router 7000dl Series 7-3 The Role of the Websense Enterprise Solution 7-3 The Role of the ProCurve Secure Router 7-4 Configuring Web Content Filtering 7-5 Creating a Filter on the ProCurve Secure Router 7-5 Specifying the Websense Server's IP Address 7-6 Applying a Filter to a Router Interface 7-6 Specifying Behavior When the Server Is Unreachable 7-8 Defining Exclusive...
Owners Manual
Page 16
8 Setting Up Quality of Service Contents 8-1 Overview 8-4 Evaluating Traffic on Your Network 8-4 QoS Mechanisms on the ProCurve Secure Router 8-5 ToS Field 8-6 First In, First Out 8-10 WFQ 8-11 CBWFQ 8-11 LLQ 8-11 FRF.12 8-12 QoS Maps 8-12 Configuring WFQ 8-14 Overview 8-14 Conversations 8-...
8 Setting Up Quality of Service Contents 8-1 Overview 8-4 Evaluating Traffic on Your Network 8-4 QoS Mechanisms on the ProCurve Secure Router 8-5 ToS Field 8-6 First In, First Out 8-10 WFQ 8-11 CBWFQ 8-11 LLQ 8-11 FRF.12 8-12 QoS Maps 8-12 Configuring WFQ 8-14 Overview 8-14 Conversations 8-...
Owners Manual
Page 21
Configuring a VPN Using IPSec 10-15 Configuring IPSec with IKE 10-15 Configuring IPSec with Manual Keying 10-19 How the ProCurve Secure Router Processes IKE Policies and Crypto Maps 10-20 Configuration Tasks 10-23 Enabling Crypto Commands 10-23 Configuring IKE Policies 10-23 Peer ID ... Restricting Specified Hosts 10-36 Permitting Local and Remote Networks 10-37 Applying the ACL to a Crypto Map 10-38 Example Configuration 10-39 Enabling Router Traffic to Servers at a Remote VPN Site . . . . 10-39 Configuring IPSec SA Parameters 10-40 Transform Sets 10-40 Crypto Maps 10-42 Applying ...
Configuring a VPN Using IPSec 10-15 Configuring IPSec with IKE 10-15 Configuring IPSec with Manual Keying 10-19 How the ProCurve Secure Router Processes IKE Policies and Crypto Maps 10-20 Configuration Tasks 10-23 Enabling Crypto Commands 10-23 Configuring IKE Policies 10-23 Peer ID ... Restricting Specified Hosts 10-36 Permitting Local and Remote Networks 10-37 Applying the ACL to a Crypto Map 10-38 Example Configuration 10-39 Enabling Router Traffic to Servers at a Remote VPN Site . . . . 10-39 Configuring IPSec SA Parameters 10-40 Transform Sets 10-40 Crypto Maps 10-42 Applying ...
Owners Manual
Page 27
15 IP Routing-Configuring RIP, OSPF, BGP, and PBR Contents 15-1 Overview 15-6 Routing Protocols 15-6 Dynamic Routing Protocols Supported on the ProCurve Secure Router 15-7 How Routing Protocols Work 15-7 Advantages and Disadvantages of Routing Protocols 15-10 Load Sharing 15-11 Configuring RIP 15-12 RIP Process 15-...
15 IP Routing-Configuring RIP, OSPF, BGP, and PBR Contents 15-1 Overview 15-6 Routing Protocols 15-6 Dynamic Routing Protocols Supported on the ProCurve Secure Router 15-7 How Routing Protocols Work 15-7 Advantages and Disadvantages of Routing Protocols 15-10 Load Sharing 15-11 Configuring RIP 15-12 RIP Process 15-...
Owners Manual
Page 32
...-20 Web Access Configuration 16-22 Increasing Bandwidth 16-24 Configuring MLPPP 16-24 Configuring MLFR 16-26 Backup Modules 16-27 Configuring the ProCurve Secure Router OS Firewall 16-27 Enabling Attack Checking 16-29 Enabling Event Logging 16-30 Enabling Email Forwarding 16-32 Enabling Syslog Forwarding 16-33 Display ...
...-20 Web Access Configuration 16-22 Increasing Bandwidth 16-24 Configuring MLPPP 16-24 Configuring MLFR 16-26 Backup Modules 16-27 Configuring the ProCurve Secure Router OS Firewall 16-27 Enabling Attack Checking 16-29 Enabling Event Logging 16-30 Enabling Email Forwarding 16-32 Enabling Syslog Forwarding 16-33 Display ...
Owners Manual
Page 33
... 16-50 Configuring One-to-One NAT 16-51 Configuring Policies to Control Management Access to the ProCurve Secure Router 16-53 Customizing Your Policies 16-53 Changing the Order of Policies 16-57 Assigning the Security Zone (the ACP) to an Interface 16-57 Configuring Quality of Service 16-58 Configuring WFQ 16...
... 16-50 Configuring One-to-One NAT 16-51 Configuring Policies to Control Management Access to the ProCurve Secure Router 16-53 Customizing Your Policies 16-53 Changing the Order of Policies 16-57 Assigning the Security Zone (the ACP) to an Interface 16-57 Configuring Quality of Service 16-58 Configuring WFQ 16...
Owners Manual
Page 37
...service (QoS) ■ configure multicast protocols ■ select and implement a dynamic routing protocol Refer to use the ProCurve Secure Router 7000dl series in a network environment. or T1-carrier lines ■ Data Link Layer protocols ■ Asymmetric Digital...Protocol (DHCP) server and client functions 1-3 Specifically, it focuses on two models: ■ ProCurve Secure Router 7102dl ■ ProCurve Secure Router 7203dl Both this guide and the ProCurve Secure Router Basic Management and Configuration Guide describe how to the Basic Management and Configuration Guide if you ...
...service (QoS) ■ configure multicast protocols ■ select and implement a dynamic routing protocol Refer to use the ProCurve Secure Router 7000dl series in a network environment. or T1-carrier lines ■ Data Link Layer protocols ■ Asymmetric Digital...Protocol (DHCP) server and client functions 1-3 Specifically, it focuses on two models: ■ ProCurve Secure Router 7102dl ■ ProCurve Secure Router 7203dl Both this guide and the ProCurve Secure Router Basic Management and Configuration Guide describe how to the Basic Management and Configuration Guide if you ...
Owners Manual
Page 38
...displays the context as y. ■ Italics indicate an element that you enter information specific to your router or WAN to your ProCurve Secure Router, the CLI prompt indicates the router model: ProCurveSR7102dl> ProCurveSR7203dl> You can either replace with information that you may optionally add the information ... | deny] [any or host or . • They indicate an optional element. When entering the command, you first boot up your router or WAN. For example, in which you must replace with the name of commands are used for simulations of actual keys. When examples of...
...displays the context as y. ■ Italics indicate an element that you enter information specific to your router or WAN to your ProCurve Secure Router, the CLI prompt indicates the router model: ProCurveSR7102dl> ProCurveSR7203dl> You can either replace with information that you may optionally add the information ... | deny] [any or host or . • They indicate an optional element. When entering the command, you first boot up your router or WAN. For example, in which you must replace with the name of commands are used for simulations of actual keys. When examples of...
Owners Manual
Page 39
... Syntax: ip address 192.168.1.1 255.255.255.0 ■ IP address with the name of the interface. The syntax for ADSL interfaces you have a ProCurve Secure Router 7203dl, the wide module is installed in which the module is inserted. The port number is /. If you would use bri. For example, for E1....1.1 /24 Interface Numbering Convention When configuring a WAN connection, you might need to right. The left to specify the slot and port of the router. For more instructions on the ProCurve Secure Router, or you will need to enter an IP address to the right is slot 2.
... Syntax: ip address 192.168.1.1 255.255.255.0 ■ IP address with the name of the interface. The syntax for ADSL interfaces you have a ProCurve Secure Router 7203dl, the wide module is installed in which the module is inserted. The port number is /. If you would use bri. For example, for E1....1.1 /24 Interface Numbering Convention When configuring a WAN connection, you might need to right. The left to specify the slot and port of the router. For more instructions on the ProCurve Secure Router, or you will need to enter an IP address to the right is slot 2.
Owners Manual
Page 40
... support in the Acrobat® toolbar and save product documentation that contains the explanation you need to quickly configure your ProCurve Secure Router. Access the ProCurve Networking Web site at the end of each chapter. On the resulting Web page, double-click the document that you... configure the left side of the screen, and then click Product manuals. (See Figure 1-1.) 3. Designed for that chapter to manage the ProCurve Secure Router. If you begin to use the Quick Start instructions and find that you want . 5. Obtaining Additional Information You can view, print, and...
... support in the Acrobat® toolbar and save product documentation that contains the explanation you need to quickly configure your ProCurve Secure Router. Access the ProCurve Networking Web site at the end of each chapter. On the resulting Web page, double-click the document that you... configure the left side of the screen, and then click Product manuals. (See Figure 1-1.) 3. Designed for that chapter to manage the ProCurve Secure Router. If you begin to use the Quick Start instructions and find that you want . 5. Obtaining Additional Information You can view, print, and...
Owners Manual
Page 41
... Support Web Page Downloading Software Updates ProCurve Networking periodically updates the router software to view documentation that you have saved. Under Latest software, click Secure Router 7000dl Series. 1-7 Overview Using This Guide You will need the Adobe Acrobat Reader to include new... features. You can download software updates and the corresponding release notes from ProCurve Networking's Web site as described below. ...
... Support Web Page Downloading Software Updates ProCurve Networking periodically updates the router software to view documentation that you have saved. Under Latest software, click Secure Router 7000dl Series. 1-7 Overview Using This Guide You will need the Adobe Acrobat Reader to include new... features. You can download software updates and the corresponding release notes from ProCurve Networking's Web site as described below. ...
Owners Manual
Page 43
... networks (VPNs). (See Figure 1-3.) In fact, the Web browser interface provides wizards to help you configure VPNs, the router's built-in the ProCurve Secure Router Basic Management and Configuration Guide.) CLI To initially access the CLI, connect the COM port on your workstation, and set ...up the terminal session with the ProCurve Secure Router. Web Browser Interface You can also manage the ProCurve Secure Router through the Web browser interface, which allows you to manage it especially helpful for VoIP. 1-9 Even if...
... networks (VPNs). (See Figure 1-3.) In fact, the Web browser interface provides wizards to help you configure VPNs, the router's built-in the ProCurve Secure Router Basic Management and Configuration Guide.) CLI To initially access the CLI, connect the COM port on your workstation, and set ...up the terminal session with the ProCurve Secure Router. Web Browser Interface You can also manage the ProCurve Secure Router through the Web browser interface, which allows you to manage it especially helpful for VoIP. 1-9 Even if...
Owners Manual
Page 44
Configuring ACPs Using the Web Browser Interface Accessing the Web Browser Interface To access the Web browser interface, you can establish an HTTP session with the router. You must first establish a CLI session and configure at least one interface through which you must also enable the HTTP server or the HTTP over Secure Socket Layer (HTTPS) server and configure a password for HTTP access. Overview Interface Management Options Figure 1-3. From the global configuration mode context, enter: ProCurve(config)# ip http server or ProCurve(config)# ip https server 1-10
Configuring ACPs Using the Web Browser Interface Accessing the Web Browser Interface To access the Web browser interface, you can establish an HTTP session with the router. You must first establish a CLI session and configure at least one interface through which you must also enable the HTTP server or the HTTP over Secure Socket Layer (HTTPS) server and configure a password for HTTP access. Overview Interface Management Options Figure 1-3. From the global configuration mode context, enter: ProCurve(config)# ip http server or ProCurve(config)# ip https server 1-10
Owners Manual
Page 851
... it monitors traffic from both external and internal users for PBR include: ■ Enforcing security You can configure the router to send certain traffic to a security appliance such as untrusted. Overview By default, routers forward packets according to the same next hop. When a packet arrives on characteristics of ... RIP, OSPF, BGP, and PBR Configuring Policy-Based Routing Configuring Policy-Based Routing Policy-based routing (PBR) on the ProCurve Router allows you to implement basic traffic engineering: you may want different types of that selects traffic from these hosts, the...
... it monitors traffic from both external and internal users for PBR include: ■ Enforcing security You can configure the router to send certain traffic to a security appliance such as untrusted. Overview By default, routers forward packets according to the same next hop. When a packet arrives on characteristics of ... RIP, OSPF, BGP, and PBR Configuring Policy-Based Routing Configuring Policy-Based Routing Policy-based routing (PBR) on the ProCurve Router allows you to implement basic traffic engineering: you may want different types of that selects traffic from these hosts, the...