## CentreCOM AR570S 設定例集 2.9 ## 173 L2TP+IPsec によるリモートアクセス型 VPN を使用した IEEE 802.1q タグ付きパケットのブリッジング ## ルーターCのコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 ADD USER=secoff PASS=secoff PRIVILEGE=SECURITYOFFICER ENABLE L2TP ENABLE L2TP SERVER=BOTH ADD L2TP PASSWORD=l2tpC ADD L2TP CALL=center_A REMOTE=base_A IP=1.1.1.1 TYPE=VIRTUAL PASSWORD=l2tpA PRECEDENCE=IN ADD L2TP CALL=center_B REMOTE=base_B IP=2.2.2.2 TYPE=VIRTUAL PASSWORD=l2tpB PRECEDENCE=IN CREATE VLAN=vlan10 VID=10 ADD VLAN=10 PORT=1 FRAME=TAGGED CREATE VLAN=vlan20 VID=20 ADD VLAN=20 PORT=1 FRAME=TAGGED DELETE VLAN=default PORT=1 CREATE PPP=0 OVER=eth0-ANY SET PPP=0 OVER=eth0-ANY BAP=OFF IPREQUEST=ON USERNAME="user@ispC" PASSWORD="isppasswdC" LQR=OFF ECHO=ON CREATE PPP=10 OVER=TNL-center_A SET PPP=10 OVER=TNL-center_A IDLE=86400 LQR=OFF BAP=OFF CREATE PPP=11 OVER=TNL-center_B SET PPP=11 OVER=TNL-center_B IDLE=86400 LQR=OFF BAP=OFF ENABLE IP ENABLE IP REMOTEASSIGN ADD IP INT=ppp0 IP=0.0.0.0 ADD IP ROUTE=0.0.0.0 INT=ppp0 NEXTHOP=0.0.0.0 ENABLE BRIDGE ADD BRIDGE PORT=1 INT=vlan10 ADD BRIDGE PORT=2 INT=vlan20 ADD BRIDGE PORT=3 INT=ppp10 ADD BRIDGE PORT=4 INT=ppp11 ADD BRIDGE PROTOCOL TYPE="IP" ADD BRIDGE PROTOCOL TYPE="ARP" SET BRIDGE STRIPVLANTAG=NO ADD BRIDGE FILTER=1 PORT=3,4 SET BRIDGE PORT=1 FILTER=1 SET BRIDGE PORT=2 FILTER=1 # CREATE ENCO KEY=1 TYPE=GENERAL VALUE="secret" CREATE ISAKMP POLICY="i_A" PEER=1.1.1.1 KEY=1 SENDN=TRUE HEAR=BOTH CREATE ISAKMP POLICY="i_B" PEER=2.2.2.2 KEY=1 SENDN=TRUE HEAR=BOTH CREATE IPSEC SASPEC=1 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=DES HASHALG=SHA MODE=TRANSPORT CREATE IPSEC BUNDLE=1 KEYMAN=ISAKMP STRING="1" CREATE IPSEC POLICY="isa" INT=ppp0 ACTION=PERMIT LPORT=500 RPORT=500 TRANSPORT=UDP CREATE IPSEC POLICY="vpn_A" INT=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=1.1.1.1 SET IPSEC POLICY="vpn_A" LAD=100.100.100.100 LPORT=1701 RAD=1.1.1.1 RPORT=1701 TRANSPORT=UDP CREATE IPSEC POLICY="vpn_B" INT=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=2.2.2.2 SET IPSEC POLICY="vpn_B" LAD=100.100.100.100 LPORT=1701 RAD=2.2.2.2 RPORT=1701 TRANSPORT=UDP ENABLE IPSEC ENABLE ISAKMP # LOGIN SECOFF # ENABLE SYSTEM SECURITY_MODE