<前頁 次頁> << >> ↓ 目次 (番号順 (詳細)・ 回線別 (詳細)・ 機能別 (詳細))
CentreCOM ARX640S 設定例集 5.1.5 #15
PPPoEセッションを2本使い、拠点間通信にCUG(Closed Users Group)サービス(フレッツ・VPNワイド、フレッツ・グループアクセス(NTT東日本)、フレッツ・グループ(NTT西日本)など)を利用し、バックアップ回線としてインターネットVPNを利用するネットワークを構築します。
PPPユーザー名 | center@isp | branch@isp |
PPPパスワード | centpass | brapass |
PPPoEサービス名 | 指定なし | |
使用できるIPアドレス | 200.100.10.1/32 | グローバルアドレス1個(動的割り当て) |
接続形態 | 端末型(アドレス1個固定) | 端末型(アドレス1個不定) |
DNSサーバー | 接続時に通知される |
PPPユーザー名 | center | branch |
PPPパスワード | passwdA | passwdB |
PPPoEサービス名 | 指定なし | |
使用できるIPアドレス | 192.168.10.0/24 | 192.168.20.0/24 |
接続形態 | LAN型 |
WAN側物理インターフェース | gigabitEthernet 0 | |
WAN側(gigabitEthernet 0.1)IPアドレス | 200.100.10.1/32 | 接続時にISPから取得する |
WAN側(gigabitEthernet 0.2)IPアドレス | Unnumbered | |
LAN側(vlan 1)IPアドレス | 192.168.10.1/24 | 192.168.20.1/24 |
DHCPサーバー機能 | 有効 |
ルーターAの設定 |
ppp profile pppoe0 ↓ my-username center@isp password centpass ↓
ppp profile pppoe1 ↓ my-username center password passwdA ↓
interface gigabitEthernet 0 ↓ no shutdown ↓
interface gigabitEthernet 0.1 ↓ ip address 200.100.10.1/32 ↓ ip tcp mss auto ↓ no shutdown ↓ pppoe enable ↓ ppp bind-profile pppoe0 ↓ ip napt inside any ↓ ip ids in protect ↓
interface gigabitEthernet 0.2 ↓ ip unnumbered vlan 1 ↓ ip tcp mss auto ↓ no shutdown ↓ pppoe enable ↓ ppp bind-profile pppoe1 ↓ ip ids in protect ↓
interface vlan 1 ↓ ip address 192.168.10.1/24 ↓
ip address-up-always ↓
ip route default gigabitEthernet 0.1 ↓
ip route 192.168.20.0/24 gigabitEthernet 0.2 ↓
access-list ip extended pppoe0-in ↓ dynamic permit udp any interface gigabitEthernet 0.1 eq 500 ↓ access-list ip extended pppoe0-out ↓ dynamic permit ip any any ↓ interface gigabitEthernet 0.1 ↓ ip traffic-filter pppoe0-in in ↓ ip traffic-filter pppoe0-out out ↓
access-list ip extended pppoe1-in ↓ dynamic permit ip 192.168.20.0/24 192.168.10.0/24 ↓ access-list ip extended pppoe1-out ↓ dynamic permit ip any any ↓ interface gigabitEthernet 0.2 ↓ ip traffic-filter pppoe1-in in ↓ ip traffic-filter pppoe1-out out ↓
isakmp proposal isakmp encryption 3des hash sha1 group 2 ↓ isakmp policy i ↓ peer any ↓ mode aggressive ↓ auth preshared key secret ↓ remote-id client ↓ proposal isakmp ↓ keepalive enable ↓
access-list ip extended ipsec ↓ permit ip any any ↓ ipsec proposal ipsec esp encryption 3des hash sha1 ↓ ipsec policy vpn ↓ peer any ↓ access-list ipsec ↓ local-id 192.168.10.0/24 ↓ remote-id 192.168.20.0/24 ↓ proposal ipsec ↓ always-up-sa ↓
interface tunnel 0 ↓ tunnel mode ipsec ↓ ip unnumbered vlan 1 ↓ ip tcp mss auto ↓ no shutdown ↓ tunnel policy vpn ↓
ip route 192.168.20.0/24 tunnel 0 10 ↓ ip route 192.168.20.0/24 Null 254 ↓
event-group polling_down ↓ event keepalive ip 192.168.20.1 src 192.168.10.1 out-if gigabitEthernet 0.2 ↓ action 10 ip shutdown-route 192.168.20.0/24 gigabitEthernet 0.2 ↓ action 20 event-group polling_up enable ↓ action 30 event-group polling_down disable ↓ trigger enable ↓
event-group polling_up ↓ event keepalive ip 192.168.20.1 src 192.168.10.1 mode reach out-if gigabitEthernet 0.2 ↓ action 10 ip resume-route 192.168.20.0/24 gigabitEthernet 0.2 ↓ action 20 ipsec clear-sa ↓ action 30 event-group polling_down enable ↓ action 40 event-group polling_up disable ↓
copy running-config startup-config ↓
ルーターBの設定 |
ppp profile pppoe0 ↓ my-username branch@isp password brapass ↓
ppp profile pppoe1 ↓ my-username branch password passwdB ↓
interface gigabitEthernet 0 ↓ no shutdown ↓
interface gigabitEthernet 0.1 ↓ ip address ipcp ↓ ip tcp mss auto ↓ no shutdown ↓ pppoe enable ↓ ppp bind-profile pppoe0 ↓ ip napt inside any ↓ ip ids in protect ↓
interface gigabitEthernet 0.2 ↓ ip unnumbered vlan 1 ↓ ip tcp mss auto ↓ no shutdown ↓ pppoe enable ↓ ppp bind-profile pppoe1 ↓ ip ids in protect ↓
interface vlan 1 ↓ ip address 192.168.20.1/24 ↓
ip address-up-always ↓
ip route default gigabitEthernet 0.1 ↓
ip route 192.168.10.0/24 gigabitEthernet 0.2 ↓
access-list ip extended pppoe0-in ↓ access-list ip extended pppoe0-out ↓ dynamic permit ip any any ↓ interface gigabitEthernet 0.1 ↓ ip traffic-filter pppoe0-in in ↓ ip traffic-filter pppoe0-out out ↓
access-list ip extended pppoe1-in ↓ dynamic permit ip 192.168.10.0/24 192.168.20.0/24 ↓ access-list ip extended pppoe1-out ↓ dynamic permit ip any any ↓ interface gigabitEthernet 0.2 ↓ ip traffic-filter pppoe1-in in ↓ ip traffic-filter pppoe1-out out ↓
isakmp proposal isakmp encryption 3des hash sha1 group 2 ↓ isakmp policy i ↓ peer 200.100.10.1 ↓ mode aggressive ↓ auth preshared key secret ↓ local-id client ↓ proposal isakmp ↓ keepalive enable ↓
access-list ip extended ipsec ↓ permit ip any any ↓ ipsec proposal ipsec esp encryption 3des hash sha1 ↓ ipsec policy vpn ↓ peer 200.100.10.1 ↓ access-list ipsec ↓ local-id 192.168.20.0/24 ↓ remote-id 192.168.10.0/24 ↓ proposal ipsec ↓ always-up-sa ↓
interface tunnel 0 ↓ tunnel mode ipsec ↓ ip unnumbered vlan 1 ↓ ip tcp mss auto ↓ no shutdown ↓ tunnel policy vpn ↓
ip route 192.168.10.0/24 tunnel 0 10 ↓ ip route 192.168.10.0/24 Null 254 ↓
event-group polling_down ↓ event keepalive ip 192.168.10.1 src 192.168.20.1 out-if gigabitEthernet 0.2 ↓ action 10 ip shutdown-route 192.168.10.0/24 gigabitEthernet 0.2 ↓ action 20 event-group polling_up enable ↓ action 30 event-group polling_down disable ↓ trigger enable ↓
event-group polling_up ↓ event keepalive ip 192.168.10.1 src 192.168.20.1 mode reach out-if gigabitEthernet 0.2 ↓ action 10 ip resume-route 192.168.10.0/24 gigabitEthernet 0.2 ↓ action 20 ipsec clear-sa ↓ action 30 event-group polling_down enable ↓ action 40 event-group polling_up disable ↓
copy running-config startup-config ↓
まとめ |
ルーターAのコンフィグ
! service password-encryption ! clock timezone JST 9 ! ! ip address-up-always ppp profile pppoe0 my-username center@isp password 8 e$QrAq9z74BzW1jk1bEKE2+RAAA ppp profile pppoe1 my-username center password 8 e$Ih7p7xgv6c0kA ! interface gigabitEthernet 0 no shutdown ! interface gigabitEthernet 0.1 ip address 200.100.10.1/32 ip tcp mss auto no shutdown pppoe enable ppp bind-profile pppoe0 ip napt inside any ip traffic-filter pppoe0-in in ip traffic-filter pppoe0-out out ip ids in protect ! interface gigabitEthernet 0.2 ip unnumbered vlan 1 ip tcp mss auto no shutdown pppoe enable ppp bind-profile pppoe1 ip traffic-filter pppoe1-in in ip traffic-filter pppoe1-out out ip ids in protect ! interface gigabitEthernet 1 shutdown ! interface gigabitEthernet 2 no shutdown ! interface gigabitEthernet 3 no shutdown ! interface gigabitEthernet 4 no shutdown ! interface gigabitEthernet 5 no shutdown ! interface loop 0 shutdown ! interface loop 1 shutdown ! interface tunnel 0 tunnel mode ipsec ip unnumbered vlan 1 ip tcp mss auto no shutdown tunnel policy vpn ! interface vlan 1 ip address 192.168.10.1/24 no shutdown ! ip route default gigabitEthernet 0.1 ip route 192.168.20.0/24 gigabitEthernet 0.2 ip route 192.168.20.0/24 tunnel 0 10 ip route 192.168.20.0/24 Null 254 ! access-list ip extended ipsec permit ip any any access-list ip extended pppoe0-in dynamic permit udp any interface gigabitEthernet 0.1 eq 500 access-list ip extended pppoe0-out dynamic permit ip any any access-list ip extended pppoe1-in dynamic permit ip 192.168.20.0/24 192.168.10.0/24 access-list ip extended pppoe1-out dynamic permit ip any any ! isakmp proposal isakmp encryption 3des hash sha1 group 2 ! isakmp policy i peer any mode aggressive auth preshared key 8 e$I3eQu7yNuLxQA remote-id client proposal isakmp keepalive enable ! ipsec proposal ipsec esp encryption 3des hash sha1 ! ipsec policy vpn peer any access-list ipsec local-id 192.168.10.0/24 remote-id 192.168.20.0/24 proposal ipsec always-up-sa ! ! ! ! event-group polling_down event keepalive ip 192.168.20.1 src 192.168.10.1 out-if gigabitEthernet 0.2 action 10 ip shutdown-route 192.168.20.0/24 gigabitEthernet 0.2 action 20 event-group polling_up enable action 30 event-group polling_down disable trigger enable event-group polling_up event keepalive ip 192.168.20.1 src 192.168.10.1 mode reach out-if gigabitEthernet 0.2 action 10 ip resume-route 192.168.20.0/24 gigabitEthernet 0.2 action 20 ipsec clear-sa action 30 event-group polling_down enable action 40 event-group polling_up disable ! end |
ルーターBのコンフィグ
! service password-encryption ! clock timezone JST 9 ! ! ip address-up-always ppp profile pppoe0 my-username branch@isp password 8 e$ILwks03RXPHAA ppp profile pppoe1 my-username branch password 8 e$I6rT3jJQw6oIA ! interface gigabitEthernet 0 no shutdown ! interface gigabitEthernet 0.1 ip address ipcp ip tcp mss auto no shutdown pppoe enable ppp bind-profile pppoe0 ip napt inside any ip traffic-filter pppoe0-in in ip traffic-filter pppoe0-out out ip ids in protect ! interface gigabitEthernet 0.2 ip unnumbered vlan 1 ip tcp mss auto no shutdown pppoe enable ppp bind-profile pppoe1 ip traffic-filter pppoe1-in in ip traffic-filter pppoe1-out out ip ids in protect ! interface gigabitEthernet 1 shutdown ! interface gigabitEthernet 2 no shutdown ! interface gigabitEthernet 3 no shutdown ! interface gigabitEthernet 4 no shutdown ! interface gigabitEthernet 5 no shutdown ! interface loop 0 shutdown ! interface loop 1 shutdown ! interface tunnel 0 tunnel mode ipsec ip unnumbered vlan 1 ip tcp mss auto no shutdown tunnel policy vpn ! interface vlan 1 ip address 192.168.20.1/24 no shutdown ! ip route default gigabitEthernet 0.1 ip route 192.168.10.0/24 gigabitEthernet 0.2 ip route 192.168.10.0/24 tunnel 0 10 ip route 192.168.10.0/24 Null 254 ! access-list ip extended ipsec permit ip any any access-list ip extended pppoe0-in access-list ip extended pppoe0-out dynamic permit ip any any access-list ip extended pppoe1-in dynamic permit ip 192.168.10.0/24 192.168.20.0/24 access-list ip extended pppoe1-out dynamic permit ip any any ! isakmp proposal isakmp encryption 3des hash sha1 group 2 ! isakmp policy i peer 200.100.10.1 mode aggressive auth preshared key 8 e$I3eQu7yNuLxQA local-id client proposal isakmp keepalive enable ! ipsec proposal ipsec esp encryption 3des hash sha1 ! ipsec policy vpn peer 200.100.10.1 access-list ipsec local-id 192.168.20.0/24 remote-id 192.168.10.0/24 proposal ipsec always-up-sa ! ! ! ! event-group polling_down event keepalive ip 192.168.10.1 src 192.168.20.1 out-if gigabitEthernet 0.2 action 10 ip shutdown-route 192.168.10.0/24 gigabitEthernet 0.2 action 20 event-group polling_up enable action 30 event-group polling_down disable trigger enable event-group polling_up event keepalive ip 192.168.10.1 src 192.168.20.1 mode reach out-if gigabitEthernet 0.2 action 10 ip resume-route 192.168.10.0/24 gigabitEthernet 0.2 action 20 ipsec clear-sa action 30 event-group polling_down enable action 40 event-group polling_up disable ! end |
(C) 2011-2014 アライドテレシスホールディングス株式会社
PN: 613-001568 Rev.E