## CentreCOM AR550S ݒW 2.9
##  191 PPPoEڑɂ2_IPsec VPNiAR[^[AhXsASRX210Όj
##  [^[BiSRX210j̃RtBO

rout@% cli
root&gt; configure
root# delete
root# set system root-authentication plain-text-password
New password: PasswordS
Retype new password: PasswordS
root# set interfaces ge-0/0/1 unit 0 family inet address 192.168.10.1/24
root# set interfaces ge-0/0/0 unit 0 encapsulation ppp-over-ether
root# set interfaces pp0 unit 0 ppp-options chap local-name user1@example default-chap-secret password passive
root# set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/0.0 auto-reconnect 10 client
root# set interfaces pp0 unit 0 family inet negotiate-address
root# set routing-options static route 0.0.0.0/0 next-hop pp0.0
root# set security zones security-zone trust interfaces ge-0/0/1.0
root# set security zones security-zone untrust interfaces pp0.0
root# set security-zone trust host-inbound-traffic system-services all
root# set security-zone untrust host-inbound-traffic system-services ping
root# set security-zone untrust host-inbound-traffic system-services ike
root# edit security nat source rule-set TrustToUntrust
root# set from zone trust
root# set to zone untrust
root# set rule match1 match source-address 0.0.0.0/0
root# set rule match1 then source-nat interface
root# top
root# set security zones security-zone trust address-book address net10 192.168.10.0/24
root# set security zones security-zone trust address-book address net20 192.168.20.0/24
root# set interfaces st0 unit 0 family inet
root# set security zones security-zone trust interfaces st0.0
root# set security ike respond-bad-spi 5
root# set security ike proposal ar-p1 authentication-method pre-shared-keys
root# set security ike proposal ar-p1 dh-group group2
root# set security ike proposal ar-p1 encryption-algorithm 3des-cbc
root# set security ike proposal ar-p1 authentication-algorithm sha1
root# set security ike proposal ar-p1 lifetime-seconds 3600
root# set security ipsec proposal ar-p2 protocol esp
root# set security ipsec proposal ar-p2 encryption-algorithm 3des-cbc
root# set security ipsec proposal ar-p2 authentication-algorithm hmac-sha1-96
root# set security ipsec proposal ar-p2 lifetime-seconds 3600
root# set security ike policy p1-policy mode aggressive
root# set security ike policy p1-policy proposals ar-p1
root# set security ike policy p1-policy pre-shared-key ascii-text secret
root# set security ipsec policy p2-policy proposals ar-p2
root# set security ike gateway ar-gw ike-policy p1-policy
root# set security ike gateway ar-gw dynamic hostname client
root# set security ike gateway ar-gw external-interface ge-0/0/0.0
root# set security ike gateway ar-gw dead-peer-detection always-send interval 20 threshold 5
root# set security ipsec vpn ar-vpn ike gateway ar-gw
root# set security ipsec vpn ar-vpn ike ipsec-policy p2-policy
root# set security ipsec vpn ar-vpn establish-tunnels immediately
root# set security ipsec vpn ar-vpn bind-interface st0.0
root# set security ipsec vpn ar-vpn ike proxy-identity local 192.168.10.0/24
root# set security ipsec vpn ar-vpn ike proxy-identity remote 192.168.20.0/24
root# set security ipsec vpn ar-vpn ike proxy-identity service any
root# edit security policies from-zone trust to-zone trust policy vpn-policy
root# set match source-address net10
root# set match destination-address net20
root# set match application any
root# set then permit
root# top
root# edit security policies from-zone trust to-zone trust policy vpn-policy-re
root# set match source-address net20
root# set match destination-address net10
root# set match application any
root# set then permit
root# top
root# set routing-options static route 192.168.20.0/24 next-hop st0.0
root# commit
