## CentreCOM AR260S V2 設定例集 3.3.3
##  10 PPPoE接続環境におけるIPsec VPN冗長構成
##  ルーターA（AR550S）のコンフィグ
##
## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。

add user=secoff password=secoff priv=sec
cre ppp=0 over=eth0-any
set ppp=0 over=eth0-any user=user1@example password=password lqr=off bap=off echo=on
ena ip
add ip int=vlan1 ip=192.168.10.2 mask=255.255.255.0
add ip int=ppp0 ip=10.10.10.2 mask=255.255.255.255
add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0
add ip dns int=ppp0
ena ip dnsrelay
ena vrrp
cre vrrp=1 over=vlan1 ipaddress=192.168.10.1 priority=101
add vrrp=1 monitoredinterface=ppp0 newpriority=99
add ping poll=1 ip=192.168.20.1 sipa=192.168.10.2
cre trigger=1 module=ping event=devicedown poll=1 scr=pingdown.scp
cre trigger=2 module=ping event=deviceup poll=1 scr=pingup.scp
ena ping poll=1
ena trigger
ena fire
cre fire poli=net
ena fire poli=net icmp_f=unreach,ping
dis fire poli=net identproxy
add fire poli=net int=vlan1 type=private
add fire poli=net int=ppp0 type=public
add fire poli=net nat=enhanced int=vlan1 gblint=ppp0
add fire poli=net ru=1 ac=allow int=ppp0 prot=udp po=500 gblpo=500 ip=10.10.10.2 gblip=10.10.10.2
add fire poli=net ru=2 ac=nonat int=ppp0 prot=all ip=192.168.10.1-192.168.10.254 encap=ipsec
add fire poli=net ru=5 ac=nonat int=vlan1 prot=all ip=192.168.10.1-192.168.10.254
set fire poli=net ru=5 remoteip=192.168.20.1-192.168.20.254
# create enco key=1 type=gene value="secret-ac"
cre isakmp poli="ike_ac" peer=any key=1 mode=aggressive sendn=true encalg=3desouter hash=sha group=2
set isakmp poli="ike_ac" remoteid=vpn_ac expirys=3600
set isakmp poli="ike_ac" heartbeat=both
cre ipsec sas=1 key=isakmp prot=esp enc=3desouter hasha=sha
cre ipsec bundle=1 key=isakmp string=1 expirys=3600
cre ipsec poli="isa" int=ppp0 ac=permit lport=500 rport=500 transport=udp
cre ipsec poli="vpn_ac" int=ppp0 ac=ipsec keyman=isakmp bundle=1 peer=dynamic
set ipsec poli="vpn_ac" lad=192.168.10.0 lma=255.255.255.0 rad=192.168.20.0 rma=255.255.255.0
cre ipsec poli="inet" int=ppp0 ac=permit
ena ipsec
ena isakmp
# login secoff
# enable system security_mode