## CentreCOM AR550S ݒW 2.9
##  179 {ДF؃T[o[𗘗pA[gItBXł̃[U[F؁iIEEE 802.1Xj
##  [^[ÃRtBO
##
## u#vŎn܂śAR\[͂ȂƈӖȂR}hłB

add user=secoff password=PasswordS privilege=securityofficer
create ppp=0 over=eth0-any
set ppp=0 over=eth0-any user=userA@isp password=isppasswdA bap=off lqr=off echo=on
enable ip
add ip int=vlan1 ip=192.168.10.1
add ip int=ppp0 ip=172.16.0.1 mask=255.255.255.255
add ip route=0.0.0.0 mask=0.0.0.0 int=ppp0 nexthop=0.0.0.0
enable firewall
create firewall policy=net
enable firewall policy=net icmp_f=ping,unreach
disable firewall policy=net identproxy
add firewall policy=net int=vlan1 type=private
add firewall policy=net int=ppp0 type=public
add firewall policy=net nat=enhanced int=vlan1 gblint=ppp0
add firewall policy=net rule=1 ac=allow int=ppp0 prot=udp po=500 ip=172.16.0.1 gblip=172.16.0.1 gblp=500
add firewall policy=net rule=2 ac=nonat int=vlan1 prot=all ip=192.168.10.1-192.168.10.254
set firewall policy=net rule=2 remoteip=192.168.20.1-192.168.20.254
add firewall policy=net rule=3 ac=nonat int=ppp0 prot=all ip=192.168.10.1-192.168.10.254 encap=ipsec
# create enco key=1 type=general value=secret
create isakmp policy=i peer=any key=1 sendn=true remoteid=client mode=aggressive heartbeatmode=both
create ipsec saspec=1 keyman=isakmp protocol=esp encalg=des hashalg=sha
create ipsec bundle=1 keyman=isakmp string=1
create ipsec policy=isa int=ppp0 action=permit lport=500 rport=500 transport=UDP
create ipsec policy=vpn int=ppp0 action=ipsec keyman=isakmp bundle=1 peer=dynamic
set ipsec policy=vpn lad=192.168.10.0 lma=255.255.255.0 rad=192.168.20.0 rma=255.255.255.0
create ipsec policy=inet int=ppp0 action=permit
enable ipsec
enable isakmp
# login secoff
# enable system security_mode
