MSR Series
ASPF configuration
Keywords: MSR; ASPF; Firewall
1. Customer requirements
Customer chooses a MSR as his Internet gateway, and he want only the LAN resident FTP client being able to access the Internet’s FTP server, all other traffic to be denied.
Devices list: 1 MSR routers, 2 PCs
2. Topology
3. Active configurations
MSR configuration
#
// Open the firewall function, which is closed by default.
firewall enable
#
// Create the aspf-policy and its sequence number is 1
aspf-policy 1
// Specify to detect the FTP connection, and its aging time is 300 seconds.
detect ftp aging-time 300
#
// Define an advance ACL with number 3000, which deny all ip traffic
acl number 3000
rule 0 deny ip
#
// The interface connects to Internet
interface GigabitEthernet0/0
port link-mode route
// Enable the firewall to deny all input traffic
firewall packet-filter 3000 inbound
// Apply the ASPF policy to permit the opposite traffic specified by the policy.
firewall aspf 1 outbound
ip address 1.1.1.1 255.0.0.0
#
// The interface connects to LAN
interface GigabitEthernet0/1
port link-mode route
ip address 2.2.2.2 255.0.0.0
#
4. Some advice
1) When you are in the view of some interface, be clear the direction to be denied and to be permitted.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作