- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Configuring 7102dl
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2007 07:21 PM
тАО01-17-2007 07:21 PM
Configuring 7102dl
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2007 08:25 PM
тАО01-17-2007 08:25 PM
Re: Configuring 7102dl
Your scenario will be like this:
- Create a DMZ in security Zones.
- Configure the T1 interface for internet access.
- Configure DMZ to have one of the Ethernet interfaces.
- Configure the other Ethernet interface for your LAN.
You need now to configure firewall polices for these 3 Zones, so from LAN to Internet you can use the wizard.
I'm not sure if you can configure DMZ access through the firewall wizard also, so i think you should do it from the CLI.
I believe that VPN to DMZ can be configured by the VPN wizard.
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2007 03:43 AM
тАО01-19-2007 03:43 AM
Re: Configuring 7102dl
Typically, you would use NAT to grant your "inside, secure" network access to the outside world. Using NAT (network address translation), only addresses from the inside network can access the outside (Internet). If you want people from the outside accessing servers on the inside, you have to create DMZs. Look at the documentation below for some examples.
ftp://ftp.hp.com/pub/networking/software/ProCurve-SR-IP-Firewall-Config-Guide.pdf.
The DMZ will allow users from the Internet to access your servers, but they cannot get to your internal network. Typically mail and webserver would be in a DMZ.
Hope this helps,
Olaf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2007 06:26 AM
тАО01-19-2007 06:26 AM
Re: Configuring 7102dl
"...If you want people from the outside accessing servers on the inside, you have to create DMZs"
Q1) can you not just allow, via one to one nat ACLs that allow particular ports to forward to particular internal IPs (ie: hit 207.1.1.15 on port 80 and you get 10.1.1.15 on the 'lan'
i ask b/c i have a question, i'll post seperately, and not hijack this one, but that part is pertinent to both (ie: if he want's to set up vpn or rdp to his 'lan')
thanks.
Fernando
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2007 07:11 AM
тАО01-19-2007 07:11 AM
Re: Configuring 7102dl
"have to" was maybe too strong. "Should" is better.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2007 09:18 AM
тАО01-25-2007 09:18 AM
Re: Configuring 7102dl
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended self
remark Traffic to ProCurve SR
permit ip any any log
!
ip access-list extended wizard-pfwd-1
remark Port Forward 1
permit tcp any host xx.xxx.xxx.106 eq www log
!
ip access-list extended wizard-pfwd-2
remark Port Forward 2
permit tcp any host xx.xxx.xxx.106 eq ftp log
!
ip policy-class Private
allow list self self
nat source list wizard-ics interface ppp 1 overload
!
ip policy-class Public
nat destination list wizard-pfwd-1 address 192.168.1.xxx
nat destination list wizard-pfwd-2 address 192.168.1.xxx
!
!
!
ip route 0.0.0.0 0.0.0.0 ppp 1
ip route 0.0.0.0 0.0.0.0 xx.xxx.xxx.105
!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2007 09:34 AM
тАО01-25-2007 09:34 AM
Re: Configuring 7102dl
The firewall wizard created two zones, a Public and a Private. Eventually I will create another zone (DMZ). But I just wanted to make sure that www requests are allowed in and forwarded to our web server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2007 12:51 PM
тАО01-25-2007 12:51 PM
Re: Configuring 7102dl
sample:
ProCurve University San Francisco Network
192.168.1.0/24
Outbound public address: 16.1.1.1
Inbound HTTP global address: 16.1.1.2
config:
interface eth 0/1
ip address 192.168.1.1 255.255.255.0
access-policy Inside
interface ppp 1
ip address 16.1.1.1 255.255.255.248
access-policy Outside
ip policy-class Inside
nat source list MatchAll interface PPP 1 overload
ip policy-class Outside
nat destination list InWeb address 192.168.1.10
discard list MatchAll
ip access-list standard MatchAll
permit any
ip access-list extended InWeb
permit tcp any host 16.1.1.2 eq 80