## CentreCOM AR550S ݒW 2.9
##  124 BGP-4FZ^[ɑ΂}`z[iMEDlɂ镉וUj
##  [^[̃RtBO
##
## u#vŎn܂śAR\[͂ȂƈӖȂR}hłB

add user=secoff password=PasswordS privilege=securityofficer
enable l2tp
enable l2tp server=both
set l2tp password=l2tpA
add l2tp call=remote1 remote=remote1 ip=172.16.0.2 type=virtual precedence=out password=l2tpB
add l2tp call=remote2 remote=remote2 ip=172.16.1.2 type=virtual precedence=out password=l2tpC
create ppp=0 over=eth0-any
set ppp=0 over=eth0-any user=userA@isp1 password=isppasswdA lqr=off bap=off echo=on
create ppp=1 over=eth1-any
set ppp=1 over=eth1-any user=userB@isp2 password=isppasswdB lqr=off bap=off echo=on
create ppp=11 over=TNL-remote1 lqr=off bap=off echo=on
create ppp=12 over=TNL-remote2 lqr=off bap=off echo=on
create vlan=vlan10 vid=10
create vlan=vlan20 vid=20
add vlan=vlan10 port=1-2
add vlan=vlan20 port=3-4
enable ip
add ip int=vlan10 ip=192.168.10.1
add ip int=vlan20 ip=192.168.20.1
add ip int=ppp0 ip=172.16.0.1 mask=255.255.255.255
add ip int=ppp11 ip=192.168.100.1 mask=255.255.255.0
add ip int=ppp1 ip=172.16.1.1 mask=255.255.255.255
add ip int=ppp12 ip=192.168.110.1 mask=255.255.255.0
add ip route=172.16.0.2 mask=255.255.255.255 int=ppp0 next=0.0.0.0
add ip route=172.16.1.2 mask=255.255.255.255 int=ppp1 next=0.0.0.0
set ip auto=65020
add bgp peer=192.168.100.2 remoteas=65010
add bgp peer=192.168.110.2 remoteas=65010
add ip routemap=prefix10 entry=1 set community=65020:10
add bgp network=192.168.10.0/24 routemap=prefix10
add ip routemap=prefix20 entry=1 set community=65020:20
add bgp network=192.168.20.0/24 routemap=prefix20
add ip communitylist=1 include=65020:10
add ip communitylist=2 include=65020:20
set bgp med=10
add ip routemap=set_med_ppp11 entry=1 match community=2 action=include
add ip routemap=set_med_ppp11 entry=1 set med=300
add ip routemap=set_med_ppp12 entry=1 match community=1 action=include
add ip routemap=set_med_ppp12 entry=1 set med=300
set bgp peer=192.168.100.2 outroutemap=set_med_ppp11 sendcommunity=yes
set bgp peer=192.168.110.2 outroutemap=set_med_ppp12 sendcommunity=yes
enable bgp peer=192.168.100.2
enable bgp peer=192.168.110.2
# create enco key=1 type=general value=secret-ab
# create enco key=2 type=general value=secret-ac
create isakmp policy=i_B peer=172.16.0.2 key=1 sendn=true heartbeatmode=both
create isakmp policy=i_C peer=172.16.1.2 key=2 sendn=true heartbeatmode=both
create ipsec saspec=1 keyman=isakmp protocol=esp encalg=des hashalg=sha
create ipsec bundle=1 keyman=isakmp string=1
create ipsec policy=isa_B int=ppp0 action=permit lport=500 rport=500 transport=UDP
create ipsec policy=vpn_B int=ppp0 action=ipsec keyman=isakmp bundle=1 peer=172.16.0.2
set ipsec policy=vpn_B lad=172.16.0.1 lport=1701 rad=172.16.0.2 rport=1701
create ipsec policy=isa_C int=ppp1 action=permit lport=500 rport=500 transport=UDP
create ipsec policy=vpn_C int=ppp1 action=ipsec keyman=isakmp bundle=1 peer=172.16.1.2
set ipsec policy=vpn_C lad=172.16.1.1 lport=1701 rad=172.16.1.2 rport=1701
enable ipsec
enable isakmp
# login secoff
# enable system security_mode
