Configuring an ASPF 1801ASPF ConfigurationExampleNetwork requirements■ Configure an ASPF policy on Router A to detect the FTP and HTTP traffic flowspassing through Router A.■ Requirement: Only return packets for FTP and HTTP connections initiated byusers on the internal network are permitted to pass through Router A and getinto the internal network, while all other types of packets are blocked. Inaddition, this ASPF policy should be able to block Java applets carried in HTTPpackets from the server 2.2.2.2.■ This example is suitable for a scenario where local users need to gain access toremote servers.Network diagramFigure 523 Network diagram for ASPF configurationConfiguration procedure# Enable the firewall function on Router A. system-view[RouterA] firewall enable# Configure ACL 3111 to prohibit all IP packets from entering into the internalnetwork. The ASPF will create a TACL for packets permitted to pass the firewall.[RouterA] acl number 3111[RouterA-acl-adv-3111] rule deny ip[RouterA-acl-adv-3111] quit# Create ACL 2001 to block Java applets from the site 2.2.2.2.View the configuration informationof a specific ASPF policydisplay aspf policyaspf-policy-numberAvailable in any viewView ASPF session information display aspf session[ verbose ]Available in any viewView the port mapping information display port-mapping[ application-name | portport-number ]Available in any viewClear ASPF session reset aspf session Available in user viewTo do... Use the command... RemarksRouter A Router BInternal network External networkS 2/010 .1.1.1/24Eth1 /020 .1 .1.1/24Host20 .1 .1.2/32Server host2.2.2.2 /32PPP