## CentreCOM AR570S 設定例集 2.9 ## 170 Pingポーリングによるメイン回線からインターネットVPNバックアップへの自動切り替え(ISP接続+フレッツグループアクセス〜L2TP編〜) ## ルーターAのコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 ADD USER=secoff PASSWORD=PasswordS PRIVILEGE=SECURITYOFFICER ENABLE L2TP ENABLE L2TP SERVER=BOTH ADD L2TP CALL=remote REMOTE=remote IP=2.2.2.2 TYPE=VIRTUAL PRECEDENCE=IN PASS=l2tp CREATE PPP=0 OVER=eth0-ANY SET PPP=0 BAP=OFF USERNAME=center@isp PASSWORD=centpass SET PPP=0 OVER=eth0-ANY LQR=OFF ECHO=ON CREATE PPP=1 OVER=eth1-ANY SET PPP=1 BAP=OFF USERNAME=center@flets PASSWORD=fletsa SET PPP=1 OVER=eth1-ANY LQR=OFF ECHO=ON CREATE PPP=11 OVER=TNL-remote IDLE=999999999 BAP=OFF LQR=OFF ENABLE IP ENABLE IP REMOTEASSIGN ADD IP INTERFACE=vlan1 IPADDRESS=192.168.1.1 MASK=255.255.255.0 ADD IP INTERFACE=ppp0 IPADDRESS=200.100.10.1 MASK=255.255.255.255 ADD IP INTERFACE=ppp1 IPADDRESS=0.0.0.0 ADD IP INTERFACE=ppp11 IPADDRESS=0.0.0.0 ADD IP ROUTE=192.168.2.1 MASK=255.255.255.255 INTERFACE=ppp11 NEXT=0.0.0.0 ADD IP ROUTE=192.168.2.0 MASK=255.255.255.0 INTERFACE=ppp11 NEXT=0.0.0.0 ADD IP ROUTE=2.2.2.2 MASK=255.255.255.255 INT=ppp1 NEXT=0.0.0.0 ADD IP ROUTE=0.0.0.0 MASK=0.0.0.0 INTERFACE=ppp0 NEXT=0.0.0.0 ENABLE FIREWALL CREATE FIREWALL POLICY=net ENABLE FIREWALL POLICY=net ICMP_FORWARDING=PING,UNREACH DISABLE FIREWALL POLICY=net IDENTPROXY ADD FIREWALL POLICY=net INTERFACE=vlan1 TYPE=PRIVATE ADD FIREWALL POLICY=net INTERFACE=ppp0 TYPE=PUBLIC ADD FIREWALL POLICY=net INTERFACE=ppp1 TYPE=PUBLIC ADD FIREWALL POLICY=net INTERFACE=ppp11 TYPE=PRIVATE ADD FIREWALL POLICY=net NAT=ENHANCED INTERFACE=vlan1 GBLINTERFACE=ppp0 GBLIP=200.100.10.1 ADD FIREWALL POLICY=net RULE=1 ACTION=ALLOW INTERFACE=ppp0 PROTOCOL=UDP GBLPORT=500 GBLIP=200.100.10.1 PORT=500 IP=200.100.10.1 ADD FIREWALL POLICY=net RULE=2 ACTION=ALLOW INTERFACE=ppp1 PROTOCOL=UDP PORT=1701 ADD FIREWALL POLICY=net RULE=3 ACTION=NON INTERFACE=vlan1 PROTOCOL=ALL IP=192.168.1.1-192.168.1.254 SET FIREWALL POLICY=net RULE=3 REMOTEIP=192.168.2.1-192.168.2.254 ADD FIREWALL POLICY=net RULE=4 ACTION=NON INTERFACE=ppp0 PROTOCOL=ALL IP=192.168.1.1-192.168.1.254 ENCAP=IPSEC ADD PING POLL=1 IPADDRESS=192.168.2.1 NORMALINTERVAL=10 UPCOUNT=5 SAMPLESIZE=10 ENABLE PING POLL=1 # CREATE ENCO KEY=1 TYPE=GENERAL VALUE="secret" CREATE ISAKMP POLICY="i" PEER=ANY KEY=1 SENDN=TRUE HEARTBEATMODE=BOTH REMOTEID="client" MODE=AGGRESSIVE CREATE IPSEC SASPEC=1 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=DES HASHALG=SHA CREATE IPSEC BUNDLE=1 KEYMAN=ISAKMP STRING="1" CREATE IPSEC POLICY="isa" INT=ppp0 ACTION=PERMIT LPORT=500 RPORT=500 TRANSPORT=UDP CREATE IPSEC POLICY="vpn" INTERFACE=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=DYNAMIC SET IPSEC POLICY="vpn" LAD=192.168.1.0 LMA=255.255.255.0 RAD=192.168.2.0 RMA=255.255.255.0 CREATE IPSEC POLICY="inet" INTERFACE=ppp0 ACTION=PERMIT # LOGIN secoff # ENABLE SYSTEM SECURITY_MODE ENABLE TRIGGER CREATE TRIGGER=1 MODULE=PING EVENT=DEVICEUP POLL=1 SCRIPT=pingu.scp CREATE TRIGGER=2 MODULE=PING EVENT=DEVICEDOWN POLL=1 SCRIPT=pingd.scp CREATE TRIGGER=3 INTERFACE=ppp1 EVENT=UP CP=LCP SCRIPT=up.scp CREATE TRIGGER=4 INTERFACE=ppp1 EVENT=DOWN CP=LCP SCRIPT=down.scp