## CentreCOM AR260S V2 設定例集 3.3.3 ## 8 PPPoE接続環境における3点間IPsec VPN(支社間通信は本社経由。1支店のみアドレス不定) ## ルーターA(AR550S)のコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 add user=secoff password=secoff priv=sec cre ppp=0 over=eth0-any set ppp=0 over=eth0-any user=user1@example password=password lqr=off bap=off echo=on ena ip add ip int=vlan1 ip=192.168.10.1 mask=255.255.255.0 add ip int=ppp0 ip=10.0.0.1 mask=255.255.255.255 add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0 add ip dns int=ppp0 ena ip dnsrelay ena fire cre fire poli=net ena fire poli=net icmp_f=unreach,ping dis fire poli=net identproxy add fire poli=net int=vlan1 type=private add fire poli=net int=ppp0 type=public add fire poli=net nat=enhanced int=vlan1 gblint=ppp0 add fire poli=net ru=1 ac=allow int=ppp0 prot=udp po=500 gblpo=500 ip=10.0.0.1 gblip=10.0.0.1 add fire poli=net ru=2 ac=nonat int=ppp0 prot=all ip=192.168.10.1-192.168.10.254 encap=ipsec add fire poli=net ru=3 ac=nonat int=ppp0 prot=all ip=192.168.20.1-192.168.20.254 encap=ipsec add fire poli=net ru=4 ac=nonat int=ppp0 prot=all ip=192.168.30.1-192.168.30.254 encap=ipsec add fire poli=net ru=5 ac=nonat int=vlan1 prot=all ip=192.168.10.1-192.168.10.254 set fire poli=net ru=5 remoteip=192.168.20.1-192.168.20.254 add fire poli=net ru=6 ac=nonat int=vlan1 prot=all ip=192.168.10.1-192.168.10.254 set fire poli=net ru=6 remoteip=192.168.30.1-192.168.30.254 ena dhcp cre dhcp poli=base lease=7200 add dhcp poli=base subnet=255.255.255.0 add dhcp poli=base router=192.168.10.1 dnss=192.168.10.1 cre dhcp range=lan poli=base ip=192.168.10.10 num=245 probe=ARP # create enco key=1 type=gene value="secret-ab" # create enco key=2 type=gene value="secret-ac" cre isakmp poli="ike_ab" peer=10.0.0.2 key=1 sendn=true encalg=3desouter hashalg=sha group=2 cre isakmp poli="ike_ac" peer=any key=2 sendn=true encalg=3desouter hashalg=sha group=2 mode=aggressive remoteid="vpn_ac" set isakmp poli="ike_ab" heartbeat=both set isakmp poli="ike_ac" heartbeat=both cre ipsec sas=1 keyman=isakmp prot=esp encalg=3desouter hashalg=sha cre ipsec bundle=1 keyman=isakmp string="1" cre ipsec poli="isa" int=ppp0 ac=permit lport=500 rport=500 transport=udp cre ipsec poli="vpn_ab" int=ppp0 ac=ipsec keyman=isakmp bundle=1 peer=10.0.0.2 set ipsec poli="vpn_ab" lad=192.168.10.0 lma=255.255.255.0 rad=192.168.20.0 rma=255.255.255.0 cre ipsec poli="vpn_cb" int=ppp0 ac=ipsec keyman=isakmp bundle=1 peer=10.0.0.2 set ipsec poli="vpn_cb" lad=192.168.30.0 lma=255.255.255.0 rad=192.168.20.0 rma=255.255.255.0 cre ipsec poli="vpn_ac" int=ppp0 ac=ipsec keyman=isakmp bundle=1 peer=dynamic set ipsec poli="vpn_ac" lad=192.168.10.0 lma=255.255.255.0 rad=192.168.30.0 rma=255.255.255.0 cre ipsec poli="vpn_bc" int=ppp0 ac=ipsec keyman=isakmp bundle=1 peer=dynamic set ipsec poli="vpn_bc" lad=192.168.20.0 lma=255.255.255.0 rad=192.168.30.0 rma=255.255.255.0 cre ipsec poli="inet" int=ppp0 ac=permit ena ipsec ena isakmp # login secoff # enable system security_mode