Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Newly purchased Procurve SR7102dl firewall router... Configuration help!!!

SOLVED
Go to solution
Andrew Kececi
Occasional Advisor

Newly purchased Procurve SR7102dl firewall router... Configuration help!!!

Hi all,

As the subject say we have newly purchased a Procurve SR7102dl and i am needing to configure the the unit... At first i was very very confused and confronted with reading the huge manuals.. However i got over the shock...

I have started to configure the unit starting with the example adsl annex a configuration provided on the HP procurve website...

I have updated the SROS.biz and the J08_03.biz
ProCurve#show version
ProCurve Secure Router 7102dl
SROS Version: J08.03
Checksum: 7730B0F6, built on: Fri Jul 20 09:41:03 2007
Boot ROM version J06.06
Checksum: C50D, built on: Wed Feb 07 09:32:23 2007
Copyright (c) 2007-2005, Hewlett-Packard, Co.
Platform: ProCurve Secure Router 7102dl
Serial number serial number for unit
Flash: 33554432 bytes DRAM: 134217727 bytes

System uptime is 0 days, 0 hours, 20 minutes, 11 seconds

Current system image: "SROS.BIZ"
Current configuration-file: "startup-config"
Configured system image path:
Primary: "SROS.BIZ"
Backup: "J08_03.biz"
Configured configuration-file path:
Primary: "startup-config"
Backup: "startup-config.bak"
ProCurve#

I have the console connected and putty opened

This is what i have so far....

Building configuration...
!
!
!
hostname "ProCurve"
enable password ***
!
!
!
clock timezone +10-Sydney
!
!
!
ip subnet-zero
ip classless
ip default-gateway xxx.xxx.xxx.xxx
ip routing
!
!
!
ip name-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
!
!
event-history on
no logging forwarding
no logging email
logging email priority-level info
!
no service password-encryption
!
username "xxx" password "xxx"
!
!
!
ip firewall
!
!
!
ip dhcp-server pool "pool-for-lan"
network xxx.xxx.xxx.xxx 255.255.255.0
!
!
!
domain-name "telstra.net"
dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx1
netbios-node-type h-node
default-router xxx.xxx.xxx.xxx
lease 1
!
!
interface eth 0/1
ip address xxx.xxx.xxx.xxx 255.255.255.0
no shutdown
!
!
!
no ip tftp server
no ip tftp server overwrite
ip http server
no shutdown
no ip http secure-server
no ip snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no shutdown
no ip scp server
no ip sntp server
!
!
!
access-policy FROM-LAN
no shutdown
!
!
!
interface eth 0/2
no ip address
shutdown
!
!
!
interface adsl 1/1
training-mode multi-mode
no shutdown
!
!
!
interface atm 1 point-to-point
no shutdown
!
!
!
bind 1 adsl 1/1 atm 1
!
!
!
interface atm 1.1 point-to-point
no shutdown
!
!
!
pvc 8/35
no ip address
!
!
!
interface ppp 1
!
!
!
ip address negotiated
no fair-queue
!
!
!
ppp chap hostname provider username
ppp chap password provider password
no shutdown
!
!
!
bind 2 atm 1.1 ppp 1
!
!
!
ip access-list extended lan-acl
remark used for Nat
permit ip any any
!
!
!
ip policy-class FROM-LAN
nat source list lan-acl interface ppp 1 overload
!
!
!
end



I connected the unit to our adsl line and it goes up fine....

What i am wanting to learn is as follows:

I need to configure for a internal webserver/emailserver/dnsserver/ftpserver etc... I would think this requires port forwarding to the internal ip address of the server...

I need to configure for NAT loopback so our websites etc can be accessed from inside the network...

I need to configure VPN... At this stage its VPN passthrough to the domain server inside our network...

At this stage this would what i require for configuration...

Next will be the 1700-24 managed switch and VLANS on the switch..

Any help would be much appreciated...

Regards
Andrew Kececi
4 REPLIES
Andrew Kececi
Occasional Advisor

Re: Newly purchased Procurve SR7102dl firewall router... Configuration help!!!

I also have noticed with this configuration...

The http-server and the ftp-server offered in the router are inaccessable...

Regards
Andrew Kececi
Olaf Borowski
Respected Contributor
Solution

Re: Newly purchased Procurve SR7102dl firewall router... Configuration help!!!

Andrew,
Use the WEB-GUI to configure these features if you are not a CLI-Junky.
HTTP is enabled as far as I can see so you should be able to get to the router from the inside network. Then use the firewall-wizard to configure the NATting you need.
Andrew Kececi
Occasional Advisor

Re: Newly purchased Procurve SR7102dl firewall router... Configuration help!!!

Olaf firstly thankyou for your reply...

As you said... i accessed the unit using the web interface.. and did some of the port forwarding... This i hope is going to work when i actually hook the unit up... (Avoiding and complaints that the internet isnt working @#$% company employees) Anyway...

I am under the assumption that one i have done this confiruation using the web interface i can download the startup-config file and see what it has written as rules for the firewall for port forwarding...

Once again thank you for the suggestion...

My next goal is to setup NAT loopbak and a VPN passthrough...

If you or anyone can help me with this it would be much appreciated...

Regards
Andrew Kececi
Andrew Kececi
Occasional Advisor

Re: Newly purchased Procurve SR7102dl firewall router... Configuration help!!!

I have tried the following config file however i cant seem to get access to the internal webserver/emailserver/dnsserver/ftpserver

I have tried port forwarding the ports i need..

Here is the config...
_____________________________________________
!
!
! ProCurve Secure Router 7102dl SROS version J08.03
! Boot ROM version J06.06
! Platform: ProCurve Secure Router 7102dl, part number J8752A
! Serial number Serial
! Flash: 33554432 bytes DRAM: 134217727 bytes
! Date/Time: Mon Sep 14 2009, 16:14:40 EST
!
!
hostname "ProCurve"
enable password password
!
clock timezone +10-Canberra
!
ip subnet-zero
ip classless
ip domain-proxy
ip default-gateway xxx.xxx.xxx.xxx
ip routing
!
event-history on
no logging forwarding
no logging email
logging email priority-level info
!
no service password-encryption
!
username "username" password "password"
!
!
ip firewall
ip firewall stealth
no ip firewall alg msn
no ip firewall alg h323
!
!
!
!
!
!
no autosynch-mode
no safe-mode
!
!
!
!
!
ip dhcp-server pool "pool-for-lan"
network xxx.xxx.xxx.xxx 255.255.255.0
domain-name "providers domain"
dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
netbios-node-type h-node
default-router xxx.xxx.xxx.xxx
!
!
!
!
!
!
!
!
interface eth 0/1
ip address xxx.xxx.xxx.xxx 255.255.255.0
access-policy Private
no shutdown
!
!
interface eth 0/2
no ip address
shutdown
!
!
!
interface adsl 1/1
description "Description"
no shutdown
!
!
interface atm 1 point-to-point
no shutdown
bind 1 adsl 1/1 atm 1
!
interface atm 1.1 point-to-point
no shutdown
pvc 8/35
no ip address
!
interface ppp 1
ip address negotiated
access-policy Public
ppp multilink
no fair-queue
ppp chap hostname provider username
ppp chap password provider password
no shutdown
bind 2 atm 1.1 ppp 1
!
!
!
!
!
!
!
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended self
remark Traffic to ProCurve SR
permit ip any any log
!
ip access-list extended web-acl-13
remark Port Forward 8 port 81
permit tcp any eq 81 any eq 81 log
!
ip access-list extended web-acl-14
remark Port Forward 9 port 10000
permit tcp any eq 10000 any eq 10000 log
!
ip access-list extended web-acl-15
remark Port Forward 10 port 53
permit udp any eq domain any eq domain log
!
ip access-list extended web-acl-16
remark Port Forward 11 Port 22
permit tcp any any eq echo
!
ip access-list extended web-acl-17
remark Port Forward 12 Port 88
permit tcp any eq 88 any eq 88 log
!
ip access-list extended web-acl-18
remark Port Forward 13 Port 123
permit tcp any eq 123 any eq 123 log
!
ip access-list extended web-acl-19
remark Port Forward 14 Port 514
permit tcp any eq syslog any eq syslog log
!
ip access-list extended web-acl-20
remark Port Forward 15 Port 993
permit tcp any eq 993 any eq 993 log
!
ip access-list extended web-acl-21
remark Port Forward 16 Port 995
permit tcp any any eq 995 log
!
ip access-list extended web-acl-22
remark Port Forward 17 Port 989/990
permit tcp any any eq 989 log
permit tcp any any eq 990 log
!
ip access-list extended web-acl-24
remark Port Forward 18 Port 1723/500
permit tcp any eq 1723 any eq 1723 log
permit udp any eq isakmp any eq isakmp log
!
ip access-list extended web-acl-25
remark Port Forward 19 Port 1701/500
permit tcp any eq 1701 any eq 1701 log
permit udp any eq isakmp any eq isakmp log
!
ip access-list extended web-acl-26
remark Port Forward 20 Port 500
permit udp any eq isakmp any eq isakmp log
!
ip access-list extended wizard-pfwd-1
remark Port Forward 1 port 80
permit tcp any eq www any eq www log
!
ip access-list extended wizard-pfwd-2
remark Port Forward 2 Port 21
permit tcp any eq ftp any eq ftp log
!
ip access-list extended wizard-pfwd-3
remark Port Forward 3 Port 25
permit tcp any eq smtp any eq smtp log
!
ip access-list extended wizard-pfwd-4
remark Port Forward 4 Port 53
permit tcp any eq domain any eq domain log
!
ip access-list extended wizard-pfwd-5
remark Port Forward 5 Port 20
permit tcp any eq ftp-data any eq ftp-data log
!
ip access-list extended wizard-pfwd-6
remark Port Forward 6 Port 443
permit tcp any eq https any eq https log
!
ip access-list extended wizard-pfwd-7
remark Port Forward 7 Port 110
permit tcp any eq pop3 any eq pop3 log
!
ip policy-class Private
allow list self self
nat source list wizard-ics interface ppp 1 overload
!
ip policy-class Public
nat destination list wizard-pfwd-1 address xxx.xxx.xxx.xxx
nat destination list wizard-pfwd-2 address xxx.xxx.xxx.xxx
nat destination list wizard-pfwd-3 address xxx.xxx.xxx.xxx
nat destination list wizard-pfwd-4 address xxx.xxx.xxx.xxx
nat destination list wizard-pfwd-5 address xxx.xxx.xxx.xxx
nat destination list wizard-pfwd-6 address xxx.xxx.xxx.xxx
nat destination list wizard-pfwd-7 address xxx.xxx.xxx.xxx
nat destination list web-acl-13 address xxx.xxx.xxx.xxx
nat destination list web-acl-14 address xxx.xxx.xxx.xxx
nat destination list web-acl-15 address xxx.xxx.xxx.xxx
discard list web-acl-16
nat destination list web-acl-17 address xxx.xxx.xxx.xxx
nat destination list web-acl-18 address xxx.xxx.xxx.xxx
nat destination list web-acl-19 address xxx.xxx.xxx.xxx
nat destination list web-acl-20 address xxx.xxx.xxx.xxx
nat destination list web-acl-21 address xxx.xxx.xxx.xxx
nat destination list web-acl-22 address xxx.xxx.xxx.xxx
nat destination list web-acl-24 address xxx.xxx.xxx.xxx
nat destination list web-acl-25 address xxx.xxx.xxx.xxx
nat destination list web-acl-26 address xxx.xxx.xxx.xxx
!
!
!
no ip tftp server
no ip tftp server overwrite
ip http server
no ip http secure-server
no ip snmp agent
ip ftp server
ip ftp server default-filesystem flash
no ip scp server
ip sntp server
!
!
!
!
!
!
!

ip sip

ip sip proxy

!

!

!
line con 0
no login
!
line telnet 0 4
login
shutdown
line ssh 0 4
login local-userlist
shutdown
!
sntp server time.nist.gov
!
end
__________________________________

ALso what im trying to do is setup Local Loopback or NAT Loopback and VPN Passthrough.

However i have had no success so far...

Please help.... Any hits would be appreciated.

regards
Andrew Kececi