## CentreCOM AR260S V2 設定例集 3.3.3 ## 14 NAT機器をはさむ2点間IPsec VPN(NAT-Traversal、対向AR550S) ## ルーターB(AR550S)のコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 add user=secoff pass=secoff priv=securityOfficer create ppp=0 over=eth0-any set ppp=0 bap=off username=user1@example password=password set ppp=0 over=eth0-any lqr=off echo=10 enable ip add ip int=vlan1 ip=192.168.10.1 mask=255.255.255.0 add ip int=ppp0 ip=10.10.10.1 mask=255.255.255.255 add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0 enable firewall create firewall policy=net enable firewall policy=net icmp_f=unre,ping disable firewall policy=net identproxy add firewall policy=net int=vlan1 type=private add firewall policy=net int=ppp0 type=public add firewall poli=net nat=enhanced int=vlan1 gblin=ppp0 add firewall poli=net ru=1 ac=allo int=ppp0 prot=udp po=500 ip=10.10.10.1 gblip=10.10.10.1 gblp=500 add firewall poli=net ru=2 ac=allo int=ppp0 prot=udp po=4500 ip=10.10.10.1 gblip=10.10.10.1 gblp=4500 add firewall poli=net ru=3 ac=non int=vlan1 prot=ALL ip=192.168.10.1-192.168.10.254 set firewall poli=net ru=3 rem=192.168.20.1-192.168.20.254 add firewall poli=net ru=4 ac=non int=ppp0 prot=ALL ip=192.168.10.1-192.168.10.254 enc=ips # create enco key=1 type=general VALUE="secret" cre isakmp poli=ike peer=any key=1 mode=aggressive sendn=true encalg=3desouter hash=sha group=2 nattraversal=true set isakmp poli=ike remoteid="vpn" expirys=3600 set isakmp poli=ike heartbeat=both cre ipsec sas=1 key=isakmp prot=esp enc=3desouter hasha=sha cre ipsec bundle=1 key=isakmp string=1 expirys=3600 create ipsec pol=isa int=ppp0 ac=permit set ipsec pol=isa lp=500 tra=UDP create ipsec pol=nat int=ppp0 ac=permit set ipsec pol=nat lp=4500 tra=UDP create ipsec pol=vpn int=ppp0 ac=ipsec key=isakmp bund=1 peer=DYNAMIC set ipsec pol=vpn lad=192.168.10.0 lma=255.255.255.0 rad=192.168.20.0 rma=255.255.255.0 create ipsec pol=inet int=ppp0 ac=permit enable ipsec enable isakmp # login secoff # enable system security_mode