346
• General port mapping—Refers to a mapping of a user-defined port number to an application
layer protocol. If port 8080 is mapped to HTTP, for example, all TCP packets the destination
port of which is port 8080 are regarded as HTTP packets.
• Host port mapping—Refers to a mapping of a user-defined port number to an application
layer protocol for packets to some specific hosts. For example, you can establish a host port
mapping so that all TCP packets using port 8080 sent to the network segment 10.110.0.0 are
regarded as HTTP packets. The address range of hosts can be specified by means of a basic
ACL.
To configure port mapping:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure mapping between
the port and the application
protocol.
port-mapping
application-name
port
port-number [
acl
acl-number ]
Not configured by default.
The application layer protocols
supported by this function include
FTP, H323, HTTP, HTTPS, IKE,
RTSP, SMTP, SSH, and VAM.
Displaying and maintaining ASPF
Task Command Remarks
Display all ASPF policy and
session information.
display
aspf
all
[ | {
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display the ASPF policy
configuration applied the
interface.
display
aspf
interface
[ | {
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display the configuration
information of a specific ASPF
policy.
display
aspf
policy
aspf-policy-number [ |
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display ASPF session
information.
display
aspf
session
[
verbose
] [ | {
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display the port mapping
information.
display
port-mapping
[ application-name |
port
port-number ] [ | {
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Clear ASPF session.
reset aspf session
Available in user view.
ASPF configuration example
Network requirements
Configure an ASPF policy on Router A to inspect the FTP and HTTP traffic flows passing through
Router A.
Only return packets for FTP and HTTP connections initiated by users on the internal network are
permitted to pass through Router A and get into the internal network. All other types of packets are
blocked. In addition, this ASPF policy should be able to block Java applets carried in HTTP packets
from the server 2.2.2.11.
This example is suitable for a scenario where local users need to gain access to remote servers.
To Next Page
Loading...
Need help?
General
