## CentreCOM AR560S 設定例集 2.9
##  151 WANロードバランスを使用した3点間VPN接続（自動鍵、全アドレス固定、インターネットアクセスあり）
##  ルーターAのコンフィグ
##
## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。

ADD USER=secoff PASSWORD=PasswordS PRIVILEGE=SECURITYOFFICER LO=YES
CREATE PPP=0 OVER=eth0-ANY
SET PPP=0 IPREQUEST=ON USERNAME="aa@isp1.com" PASSWORD="internet1"
SET PPP=0 OVER=ETH0-ANY LQR=OFF ECHO=ON BAP=OFF
CREATE PPP=1 OVER=eth1-ANY
SET PPP=1 IPREQUEST=ON USERNAME="bb@isp2.com" PASSWORD="internet2"
SET PPP=1 OVER=eth1-ANY LQR=OFF ECHO=ON BAP=OFF
CREATE VLAN=VLAN2 VID=2
ADD VLAN=VLAN2 PORT=4 FRAME=TAGGED
ENABLE IP
ENABLE IP DNSRELAY
ENABLE IP REMOTE
ADD IP FIL=100 TY=POLICY SO=192.168.1.0 ENT=1 SM=255.255.255.0 DES=192.168.2.0 DM=255.255.255.0 POLI=1
ADD IP FIL=100 TY=POLICY SO=192.168.1.0 ENT=2 SM=255.255.255.0 DES=192.168.3.0 DM=255.255.255.0 POLI=1
ADD IP INT=vlan2 IP=192.168.1.2 MASK=255.255.255.255
ADD IP INT=vlan1 IP=192.168.1.1 POL=100
ADD IP INT=ppp0 IP=0.0.0.0 MASK=0.0.0.0
ADD IP INT=ppp1 IP=0.0.0.0 MASK=0.0.0.0
DISABLE IP ROUTE MULTIPATH
ADD IP ROU=0.0.0.0 MASK=0.0.0.0 INT=ppp0 NEXT=0.0.0.0
ADD IP ROU=0.0.0.0 MASK=0.0.0.0 INT=ppp1 NEXT=0.0.0.0
ADD IP ROU=110.11.10.1 MASK=255.255.255.255 INT=ppp0 NEXT=0.0.0.0
ADD IP ROU=110.11.11.1 MASK=255.255.255.255 INT=ppp1 NEXT=0.0.0.0
ADD IP ROU=111.10.10.1 MASK=255.255.255.255 INT=ppp0 NEXT=0.0.0.0
ADD IP ROU=111.11.10.1 MASK=255.255.255.255 INT=ppp1 NEXT=0.0.0.0
ADD IP ROU=192.168.2.2 MASK=255.255.255.255 INT=ppp1 NEXT=0.0.0.0
ADD IP ROU=192.168.2.1 MASK=255.255.255.255 INT=ppp0 NEXT=0.0.0.0
ADD IP ROU=192.168.3.2 MASK=255.255.255.255 INT=ppp1 NEXT=0.0.0.0
ADD IP ROU=192.168.3.1 MASK=255.255.255.255 INT=ppp0 NEXT=0.0.0.0
ENABLE FIREWALL
CREATE FIREWALL POLICY="wanlb"
ENABLE FIREWALL POLICY="wanlb" ICMP_F=ALL
ADD FIREWALL POLICY="wanlb" INT=vlan1 TYPE=PRIVATE
ADD FIREWALL POLICY="wanlb" INT=vlan2 TYPE=PRIVATE
ADD FIREWALL POLICY="wanlb" INT=ppp1 TYPE=PUBLIC
ADD FIREWALL POLICY="wanlb" INT=ppp0 TYPE=PUBLIC
ADD FIREWALL POLI="wanlb" NAT=ENHANCED INT=vlan1 GBLIN=ppp1
ADD FIREWALL POLI="wanlb" NAT=ENHANCED INT=vlan1 GBLIN=ppp0
ADD FIREWALL POLI="wanlb" RU=1 AC=NON INT=ppp0 PROT=ALL IP=192.168.1.0-192.168.1.255
SET FIREWALL POLI="wanlb" RU=1 REM=192.168.0.1-192.168.255.255 ENC=IPS
ADD FIREWALL POLI="wanlb" RU=2 AC=ALLO INT=ppp0 PROT=UDP PO=500 IP=110.10.10.1 GBLIP=0.0.0.0
SET FIREWALL POLI="wanlb" RU=2 REM=110.11.10.1
ADD FIREWALL POLI="wanlb" RU=3 AC=ALLO INT=ppp0 PROT=UDP PO=500 IP=110.10.10.1 GBLIP=0.0.0.0
SET FIREWALL POLI="wanlb" RU=3 REM=111.10.10.1
ADD FIREWALL POLI="wanlb" RU=4 AC=NON INT=ppp1 PROT=ALL IP=192.168.1.0-192.168.1.255
SET FIREWALL POLI="wanlb" RU=4 REM=192.168.0.1-192.168.255.255 ENC=IPS
ADD FIREWALL POLI="wanlb" RU=5 AC=ALLO INT=ppp1 PROT=UDP PO=500 IP=100.10.10.1 GBLIP=0.0.0.0
SET FIREWALL POLI="wanlb" RU=5 REM=110.11.11.1
ADD FIREWALL POLI="wanlb" RU=6 AC=ALLO INT=ppp1 PROT=UDP PO=500 IP=100.10.10.1 GBLIP=0.0.0.0
SET FIREWALL POLI="wanlb" RU=6 REM=111.11.10.1
ADD FIREWALL POLI="wanlb" RU=7 AC=NON INT=vlan1 PROT=ALL IP=192.168.1.0-192.168.1.255
SET FIREWALL POLI="wanlb" RU=7 REM=192.168.0.1-192.168.255.255
ADD PING POLL=1 IP=192.168.2.1 CRI=5 DESC=RouterB-vlan1 NOR=5 SIPA=192.168.1.1 UPC=5
ENABLE PING POLL=1
ADD PING POLL=2 IP=192.168.2.2 CRI=5 DESC=RouterB-vlan2 NOR=5 SIPA=192.168.1.2 UPC=5
ENABLE PING POLL=2
ADD PING POLL=3 IP=192.168.3.1 CRI=5 DESC=RouterC-vlan1 NOR=5 SIPA=192.168.1.1 UPC=5
ENABLE PING POLL=3
ADD PING POLL=4 IP=192.168.3.2 CRI=5 DESC=RouterC-vlan2 NOR=5 SIPA=192.168.1.2 UPC=5
ENABLE PING POLL=4
# ENABLE SYSTEM SECURITY_MODE
# LOGIN secoff
# CREATE ENCO KEY=1 TYPE=GENERAL VALUE="secret"
# CREATE ENCO KEY=2 TYPE=GENERAL VALUE="secret"
# CREATE ENCO KEY=3 TYPE=GENERAL VALUE="secret"
# CREATE ENCO KEY=4 TYPE=GENERAL VALUE="secret"
CREATE IPSEC SAS=1 KEY=ISAKMP PROT=ESP ENC=DES HASHA=SHA
CREATE IPSEC BUND=1 KEY=ISAKMP STRING="1"
CREATE ISAKMP POL="a0-b0" PE=110.11.10.1 KEY=1
CREATE ISAKMP POL="a0-c0" PE=111.10.10.1 KEY=2
CREATE ISAKMP POL="a1-b1" PE=110.11.11.1 KEY=3
CREATE ISAKMP POL="a1-c1" PE=111.11.10.1 KEY=4
CREATE IPSEC POLICY="isakmp_mes1" INT=ppp0 AC=PERMIT LP=500 RP=500 TRA=UDP
CREATE IPSEC POL="ipsec_sa1" INT=ppp0 AC=IPSEC KEY=ISAKMP BUND=1 PEER=110.11.10.1 ISA="a0-b0"
SET IPSEC POL="ipsec_sa1" LAD=192.168.1.0 LMA=255.255.255.0 RAD=192.168.2.0 RMA=255.255.255.0
CREATE IPSEC POL="ipsec_sa3" INT=ppp0 AC=IPSEC KEY=ISAKMP BUND=1 PEER=111.10.10.1 ISA="a0-c0"
SET IPSEC POL="ipsec_sa3" LAD=192.168.1.0 LMA=255.255.255.0 RAD=192.168.3.0 RMA=255.255.255.0
CREATE IPSEC POL="isakmp_mes2" INT=ppp1 AC=PERMIT
SET IPSEC POL="isakmp_mes2" LP=500 RP=500 TRA=UDP
CREATE IPSEC POL="ipsec_sa2" INT=ppp1 AC=IPSEC KEY=ISAKMP BUND=1 PEER=110.11.11.1 ISA="a1-b1"
SET IPSEC POL="ipsec_sa2" LAD=192.168.1.0 LMA=255.255.255.0 RAD=192.168.2.0 RMA=255.255.255.0
CREATE IPSEC POL="ipsec_sa4" INT=ppp1 AC=IPSEC KEY=ISAKMP BUND=1 PEER=111.11.10.1 ISA="a1-c1"
SET IPSEC POL="ipsec_sa4" LAD=192.168.1.0 LMA=255.255.255.0 RAD=192.168.3.0 RMA=255.255.255.0
CREATE IPSEC POL="internet0" INT=ppp0 AC=PERMIT
CREATE IPSEC POL="internet1" INT=ppp1 AC=PERMIT
ENABLE IPSEC
ENABLE ISAKMP
ENABLE WANLB
ADD WANLB HEAL=1 HO=192.168.2.1
ADD WANLB HEAL=2 HO=192.168.3.1
ENABLE WANLB HEAL
ADD WANLB RES=ppp0 HEALTHCHECKSIPADDRESS=192.168.1.1
ADD WANLB RES=ppp1 HEALTHCHECKSIPADDRESS=192.168.1.2
ENABLE TRIGGER
CREATE TRIGGER=1 MODULE=PING EVENT=DEVICEDOWN POLL=1 SCRIPT=2a_down.scp
CREATE TRIGGER=2 MODULE=PING EVENT=DEVICEUP POLL=1 SCRIPT=2a_up.scp
CREATE TRIGGER=3 MODULE=PING EVENT=DEVICEDOWN POLL=2 SCRIPT=2b_down.scp
CREATE TRIGGER=4 MODULE=PING EVENT=DEVICEUP POLL=2 SCRIPT=2b_up.scp
CREATE TRIGGER=5 MODULE=PING EVENT=DEVICEDOWN POLL=3 SCRIPT=3a_down.scp
CREATE TRIGGER=6 MODULE=PING EVENT=DEVICEUP POLL=3 SCRIPT=3a_up.scp
CREATE TRIGGER=7 MODULE=PING EVENT=DEVICEDOWN POLL=4 SCRIPT=3b_down.scp
CREATE TRIGGER=8 MODULE=PING EVENT=DEVICEUP POLL=4 SCRIPT=3b_up.scp