- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Procurve 7102
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2010 03:03 PM
тАО04-29-2010 03:03 PM
Procurve 7102
This also causes problems with people using Phones on WiFi, trying to hit my Webmail server. DNS reports external IP address, but they cannot hit it because they are internal. If I change the DNS to use the internal IP of the server, it is causing a cert error.
This is probably a simple fix, but its been several months since I worked with these routers, and I don't see where I can set this security setting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2010 12:55 AM
тАО04-30-2010 12:55 AM
Re: Procurve 7102
Just an idea ... why not just change the secure management web server port number ?
ADSL-7102(config)#ip http secure-server
HTH
Gerhard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2010 06:13 AM
тАО04-30-2010 06:13 AM
Re: Procurve 7102
It is still not redirecting all web traffic I direct to my router.
I'll call Procurve support, see if they can solve this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2010 07:50 AM
тАО04-30-2010 07:50 AM
Re: Procurve 7102
They recommended setting up an ACL, blocking SSL traffic from hitting my external IP address, but I am afraid that will stop people from being able to browse SSL websites.
I think what I need to do is setup a static route, for all internal traffic directed to my external IP, send it to the gateway for my external IP, then let it come back.
Anyone have any thoughts or better ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2010 04:38 PM
тАО04-30-2010 04:38 PM
Re: Procurve 7102
It is all a matter of the access policy. For your port-forwarding, it is applied to the external interface meaning, when a packet is coming in from an external network, this policy gets applied. You are coming in from the inside, where a different policy is applied (probably NAT or self). You would have to modify the access policy (self or NAT) to port-forward (or route) to your 443 port instead of the router (self hits the router). Look at the output of the command "show ip policy-session" to see which policy hit when you use SSL to access your server. I suspect "self".
Olaf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-03-2010 07:50 AM
тАО05-03-2010 07:50 AM
Re: Procurve 7102
I setup a port forward on the Access Policy bound to my internal interface, now SSL traffic bound for my external IP just seems to die if I have it before my NAT policy, and doesn't do anything if it is after my NAT policy.
Doesn't show up at all in the show ip policy-sessions that I can find, whether I have port forwarding turned on or not.
Early on I tried to setup a second external IP address to segregate traffic between outgoing and incoming, but it wouldn't let me have two interfaces on the same VLAN (I require external VLAN tagging).
If I change the SSL management port, it still doesn't redirect. I have gone into my NAT settings, and told it to NOT NAT traffic that is destined for my external IP address, but still no dice.
I know it has to be possible, but I'll be damned if I can find the right combination.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-03-2010 11:18 PM
тАО05-03-2010 11:18 PM
Re: Procurve 7102
Here is a snippet of my config
interface eth 0/1
ip address x.y.z.130 255.255.255.240
ip address x.y.z.131 255.255.255.240 secondary
ip address x.y.z.132 255.255.255.240 secondary
access-policy Public
.... (NOTE FOR BELOW i USE TAGGING INTERNALLY)
interface eth 0/2.1
description Production Network
vlan-id 1
no shutdown
ip address 192.168.1.254 255.255.255.0
access-policy Private
ip access-list extended Linux1
remark Port Forward MRV-1
permit tcp any host 82.94.126.131 eq ssh log
!
ip access-list extended Linux2
remark Port Forward MRV-2
permit tcp any host x.y.z.132 eq ssh log
!
....
ip policy-class Public
nat destination list Linux1 address 192.168.1.1
nat destination list Linux2 address 192.168.1.2
Seems the key here is ... That they all point to secondary addresses.
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-04-2010 09:11 AM
тАО05-04-2010 09:11 AM
Re: Procurve 7102
My internet connection is setup so that, any traffic on a specific VLAN routes to the internet. If it is not on a VLAN, or on a different one, then it is routed between my sites without leaving the telco's backbone. Makes things very fast between sites, but I worked with Procurve and couldn't come up with a way to have multiple external IP addresses on the same VLAN and subnet.