## CentreCOM AR260S V2 設定例集 3.3.3 ## 9 CUGサービス(端末型)における3点間IPsec VPN(インターネットアクセス・支社間通信は本社経由) ## ルーターA(AR550S)のコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 add user=secoff password=secoff priv=sec cre ppp=0 over=eth0-any set ppp=0 over=eth0-any user=user1@example password=password iprequest=on lqr=off bap=off echo=on cre ppp=1 over=eth0-any set ppp=1 over=eth0-any user=router1 password=password lqr=off bap=off echo=on ena ip ena ip remote add ip int=vlan1 ip=192.168.10.1 mask=255.255.255.0 add ip int=ppp0 ip=0.0.0.0 add ip int=ppp1 ip=172.16.0.1 mask=255.255.255.255 add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0 add ip rou=172.16.0.2 mask=255.255.255.255 int=ppp1 next=0.0.0.0 add ip rou=172.16.0.3 mask=255.255.255.255 int=ppp1 next=0.0.0.0 add ip rou=192.168.20.0 mask=255.255.255.0 int=ppp1 next=0.0.0.0 add ip rou=192.168.30.0 mask=255.255.255.0 int=ppp1 next=0.0.0.0 add ip dns int=ppp0 ena ip dnsrelay ena fire cre fire poli=net ena fire poli=net icmp_f=unreach,ping dis fire poli=net identproxy add fire poli=net int=vlan1 type=private add fire poli=net int=ppp0 type=public add fire poli=net int=ppp1 type=private add fire poli=net nat=enhanced int=vlan1 gblint=ppp0 add fire poli=net nat=enhanced int=ppp1 gblint=ppp0 ena dhcp cre dhcp poli=base lease=7200 add dhcp poli=base subnet=255.255.255.0 add dhcp poli=base router=192.168.10.1 dnss=192.168.10.1 cre dhcp range=lan poli=base ip=192.168.10.10 num=245 probe=ARP # create enco key=1 type=gene value="secret-ab" # create enco key=2 type=gene value="secret-ac" cre isakmp poli="ike_ab" peer=172.16.0.2 key=1 sendn=true encalg=3desouter hashalg=sha group=2 cre isakmp poli="ike_ac" peer=172.16.0.3 key=2 sendn=true encalg=3desouter hashalg=sha group=2 set isakmp poli="ike_ab" heartbeat=both set isakmp poli="ike_ac" heartbeat=both cre ipsec sas=1 keyman=isakmp prot=esp encalg=3desouter hashalg=sha cre ipsec bundle=1 keyman=isakmp string="1" cre ipsec poli="isa" int=ppp1 ac=permit lport=500 rport=500 transport=udp cre ipsec poli="vpn_ab" int=ppp1 ac=ipsec keyman=isakmp bundle=1 peer=172.16.0.2 set ipsec poli="vpn_ab" lad=0.0.0.0 rad=192.168.20.0 rma=255.255.255.0 cre ipsec poli="vpn_ac" int=ppp1 ac=ipsec keyman=isakmp bundle=1 peer=172.16.0.3 set ipsec poli="vpn_ac" lad=0.0.0.0 rad=192.168.30.0 rma=255.255.255.0 cre ipsec poli="inet" int=ppp0 ac=permit ena ipsec ena isakmp # login secoff # enable system security_mode