[index] AT-AR1050V コマンドリファレンス 5.5.4
ISP接続用ユーザー名 | user@ispA |
ISP接続用パスワード | isppasswdA |
PPPoEサービス名 | 指定なし |
WAN側IPアドレス | 172.16.0.1/32 |
WAN側物理インターフェース | eth1 |
WAN側(ppp0)IPアドレス | 172.16.0.1/32 |
LAN側(vlan1)IPアドレス | 192.168.1.1/24 |
LAN側(vlan2)IPアドレス | 192.168.2.1/24 |
拠点間VPNゲートウェイ(NIFCLOUD) | 172.17.0.1(実際のIPアドレス確認方法) |
IKEバージョン | IKEv2 |
アルゴリズム | AES128 / SHA1 / Group2 |
SA有効期間 | 8時間 |
アルゴリズム | AES128 / SHA1 |
SA有効期間 | 1時間 |
interface eth1 encapsulation ppp 0
interface ppp0 keepalive ppp username user@ispA ppp password isppasswdA ip address 172.16.0.1/32 ip tcp adjust-mss 1414
vlan database vlan 2 state enable
interface port1.0.5-1.0.8 switchport access vlan 2
interface vlan1 ip address 192.168.1.1/24 interface vlan2 ip address 192.168.2.1/24
zone private network lan ip subnet 10.0.0.0/16 ip subnet 192.168.1.0/24 ip subnet 192.168.2.0/24
zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 172.16.0.1
application esp protocol 50
application isakmp protocol udp sport 500 dport 500
application nat-t protocol udp dport 4500
firewall rule 10 permit any from public.wan.ppp0 to public.wan rule 20 permit isakmp from public.wan to public.wan.ppp0 rule 30 permit esp from public.wan to public.wan.ppp0 rule 40 permit any from private to private rule 50 permit any from private to public rule 60 permit nat-t from public.wan to public.wan.ppp0 protect
nat rule 10 masq any from private to public enable
crypto isakmp key secret address 172.17.0.1
crypto ipsec profile nifcloud-ipsec lifetime seconds 3600 transform 1 protocol esp integrity SHA1 encryption AES128
crypto isakmp profile nifcloud-isakmp version 2 lifetime 28800 dpd-interval 15 dpd-timeout 90 transform 1 integrity SHA1 encryption AES128 group 2
crypto isakmp peer address 172.17.0.1 profile nifcloud-isakmp
interface tunnel0 mtu 1300 tunnel source ppp0 tunnel destination 172.17.0.1 tunnel protection ipsec profile nifcloud-ipsec tunnel mode ipsec ipv4 ip address 172.30.0.1/32 ip tcp adjust-mss 1260
ip route 0.0.0.0/0 ppp0 ip route 10.0.0.0/16 tunnel0 ip route 10.0.0.0/16 Null 254
end
copy running-config startup-config
」の書式で実行します。awplus# copy running-config startup-config ↓ Building configuration... [OK]
awplus# write memory ↓ Building configuration... [OK]
awplus(config)# log buffered level informational facility local5 ↓
awplus# show log | include Firewall ↓
Note詳細はNIFCLOUDのドキュメントをご参照ください。
Note画面には現在拠点間VPNGWに適用されている自動作成のルートテーブルIDが表示されています。
! interface eth1 encapsulation ppp 0 ! interface ppp0 keepalive ppp username user@ispA ppp password isppasswdA ip address 172.16.0.1/32 ip tcp adjust-mss 1414 ! vlan database vlan 2 state enable ! interface port1.0.5-1.0.8 switchport access vlan 2 ! interface vlan1 ip address 192.168.1.1/24 interface vlan2 ip address 192.168.2.1/24 ! zone private network lan ip subnet 10.0.0.0/16 ip subnet 192.168.1.0/24 ip subnet 192.168.2.0/24 ! zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 172.16.0.1 ! application esp protocol 50 ! application isakmp protocol udp sport 500 dport 500 ! application nat-t protocol udp dport 4500 ! firewall rule 10 permit any from public.wan.ppp0 to public.wan rule 20 permit isakmp from public.wan to public.wan.ppp0 rule 30 permit esp from public.wan to public.wan.ppp0 rule 40 permit any from private to private rule 50 permit any from private to public rule 60 permit nat-t from public.wan to public.wan.ppp0 protect ! nat rule 10 masq any from private to public enable ! crypto isakmp key secret address 172.17.0.1 ! crypto ipsec profile nifcloud-ipsec lifetime seconds 3600 transform 1 protocol esp integrity SHA1 encryption AES128 ! crypto isakmp profile nifcloud-isakmp version 2 lifetime 28800 dpd-interval 15 dpd-timeout 90 transform 1 integrity SHA1 encryption AES128 group 2 ! crypto isakmp peer address 172.17.0.1 profile nifcloud-isakmp ! interface tunnel0 mtu 1300 tunnel source ppp0 tunnel destination 172.17.0.1 tunnel protection ipsec profile nifcloud-ipsec tunnel mode ipsec ipv4 ip address 172.30.0.1/32 ip tcp adjust-mss 1260 ! ip route 0.0.0.0/0 ppp0 ip route 10.0.0.0/16 tunnel0 ip route 10.0.0.0/16 Null 254 ! end
(C) 2019 - 2024 アライドテレシスホールディングス株式会社
PN: 613-002735 Rev.AD