P Series router: Pattern filter example to prevent IP access between remote networks

Issue:
I have a central site router and 2 remote site routers which we will call SITEA and SITEB.  I only want my remote Sites A & B to be able to access the Central site. How do create a IP pattern filter to prevent SITEA from being able to access SITEB and vice versa. 

Solution:

CENTRAL SITE Router network address 192.168.1
SITEA Router network address 197.200.2 and Remote site alias 'SITEA'
SITEB Router network address 204.99.3 and Remote site alias 'SITEB'

Based on the above information, the pattern filters should be configured on the CENTRAL site router. Select the following menus and options:

Configuration menu
Packet Services menu
Filter Setup menu
IP pattern filters
Add Pattern

Add a Pattern filter for 'SITEA' router as follows:

For the Remote site alias, enter 'SITEA'.

For the pattern Filter, enter 12-cc6303

Note: 12 is the starting octet position for the source address in an IP Routed TCP/IP Frame, followed by a seperator, followed by the network address of SITEB 204.99.3 (in hexadecimal format 204=cc, 99=63, 3=03).

For the Pattern ID number, enter '1'.

Next add a pattern filter for SITEB as follows:

Add Pattern

For the Remote site alias, enter 'SITEB'.

For the Pattern Filter, enter 12-c5c802

Note: 12 is the starting octet position for the source address in an IP Routed TCP/IP Frame, followed by a seperator, followed by the network address of SITEA 197.200.2 (in hexadecimal format 197=c5, 200=c8, 2=02)

For the Pattern ID number, enter '2'.

Done.

Select the "Show pattern" option then select 'all' to verify that your pattern filter exists and has been correctly entered.


Article ID:
314
Published:
4/1/2003 5:40:45 PM
Last Modified:
9/8/2003 9:57:40 AM
Issue Type:
Configuration