[index] AT-AR2050V/AT-AR3050S/AT-AR4050S コマンドリファレンス 5.4.9
Note本設定例のルーターBはWANポートを2つ使用するため、AT-AR2050Vをこれらのルーターとして使用することはできません。

| ISP接続用ユーザー名 | user@ispA | user@ispB | 
| ISP接続用パスワード | isppasswdA | isppasswdB | 
| アクセスポイント名(APN) | testname.alliedtelesis | |
| WAN側IPアドレス | 動的割り当て(IPCP) | 10.1.1.2/32 | 
| CUG接続用ユーザー名 | userA@cug | userB@cug | 
| CUG接続用パスワード | cugpasswdA | cugpasswdB | 
| WAN側IPアドレス | 10.0.0.1/32 | 10.0.0.2/32 | 
| WAN側物理インターフェース(1) | eth1 | eth1 | 
| WAN側物理インターフェース(2) | cellular0 | eth2 | 
| WAN側(ppp0)IPアドレス(1) | 10.0.0.1/32 | 10.0.0.2/32 | 
| WAN側(ppp1)IPアドレス(2) | 接続時にISPから取得 | 10.1.1.2/32 | 
| LAN側(vlan1)IPアドレス | 192.168.10.1/24 | 192.168.20.1/24 | 
| IPsecトンネル(tunnel0)IPアドレス(1) | 192.168.100.1/30 | 192.168.100.2/30 | 
| IPsecトンネル(tunnel1)IPアドレス(2) | 192.168.200.1/30 | 192.168.200.2/30 | 
no spanning-tree rstp enable
interface eth1 encapsulation ppp 0
interface ppp0 keepalive ip address negotiated ppp username userA@cug ppp password cugpasswdA ip tcp adjust-mss pmtu
interface cellular0 encapsulation ppp 1 apn testname.alliedtelesis
interface ppp1 ppp ipcp dns request keepalive ip address negotiated ppp username user@ispA ppp password isppasswdA ip tcp adjust-mss pmtu
interface vlan1 ip address 192.168.10.1/24
zone private network lan ip subnet 192.168.10.0/24 network peer ip subnet 192.168.20.0/24 network tunnel ip subnet 192.168.100.0/30 ip subnet 192.168.200.0/30
zone public network wan ip subnet 0.0.0.0/0 interface ppp0 ip subnet 0.0.0.0/0 interface ppp1 host ppp0 ip address 10.0.0.1 host ppp1 ip address dynamic interface ppp1
zone ospf network ospf ip subnet 224.0.0.5/32 ip subnet 224.0.0.6/32
application esp protocol 50
application isakmp protocol udp sport 500 dport 500
application ospf protocol 89
firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit isakmp from public.wan.ppp0 to public.wan rule 40 permit isakmp from public.wan to public.wan.ppp0 rule 50 permit isakmp from public.wan.ppp1 to public.wan rule 60 permit isakmp from public.wan to public.wan.ppp1 rule 70 permit esp from public.wan.ppp0 to public.wan rule 80 permit esp from public.wan to public.wan.ppp0 rule 90 permit esp from public.wan.ppp1 to public.wan rule 100 permit esp from public.wan to public.wan.ppp1 rule 110 permit l2tp from public.wan.ppp0 to public.wan rule 120 permit l2tp from public.wan to public.wan.ppp0 rule 130 permit l2tp from public.wan.ppp1 to public.wan rule 140 permit l2tp from public.wan to public.wan.ppp1 rule 150 permit ospf from private to ospf protect
nat rule 10 masq any from private to public enable
crypto isakmp key secret1 address 10.0.0.2 crypto isakmp key secret2 address 10.1.1.2
crypto ipsec profile ipsec1 lifetime seconds 3600 transform 1 protocol esp integrity SHA1 encryption AES128
crypto isakmp profile isakmp1 version 1 mode main lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2
crypto isakmp profile isakmp2 version 1 mode aggressive lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2
crypto isakmp peer address 10.0.0.2 profile isakmp1 crypto isakmp peer address 10.1.1.2 profile isakmp2
interface tunnel0 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.2 tunnel local id 1 tunnel remote id 2 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.100.1/30
interface tunnel1 mtu 1500 tunnel source ppp1 tunnel destination 10.1.1.2 tunnel local name RouterA tunnel local id 3 tunnel remote id 4 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.200.1/30 ip ospf cost 10
router ospf ospf router-id 0.0.0.1 network 192.168.10.0/24 area 0.0.0.0 network 192.168.100.0/30 area 0.0.0.0 network 192.168.200.0/30 area 0.0.0.0
ip route 0.0.0.0/0 ppp1 ip route 10.0.0.2/32 ppp0
end
no spanning-tree rstp enable
interface eth1 encapsulation ppp 0
interface ppp0 keepalive ip address negotiated ppp username userB@cug ppp password cugpasswdB ip tcp adjust-mss pmtu
interface eth2 encapsulation ppp 1
interface ppp1 ppp ipcp dns request keepalive ip address negotiated ppp username user@ispB ppp password isppasswdB ip tcp adjust-mss pmtu
interface vlan1 ip address 192.168.20.1/24
zone private network lan ip subnet 192.168.20.0/24 network peer ip subnet 192.168.10.0/24 network tunnel ip subnet 192.168.100.0/30 ip subnet 192.168.200.0/30
zone public network wan ip subnet 0.0.0.0/0 interface ppp0 ip subnet 0.0.0.0/0 interface ppp1 host ppp0 ip address 10.0.0.2 host ppp1 ip address 10.1.1.2
zone ospf network ospf ip subnet 224.0.0.5/32 ip subnet 224.0.0.6/32
application esp protocol 50
application isakmp protocol udp sport 500 dport 500
application ospf protocol 89
firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit isakmp from public.wan.ppp0 to public.wan rule 40 permit isakmp from public.wan to public.wan.ppp0 rule 50 permit isakmp from public.wan.ppp1 to public.wan rule 60 permit isakmp from public.wan to public.wan.ppp1 rule 70 permit esp from public.wan.ppp0 to public.wan rule 80 permit esp from public.wan to public.wan.ppp0 rule 90 permit esp from public.wan.ppp1 to public.wan rule 100 permit esp from public.wan to public.wan.ppp1 rule 110 permit l2tp from public.wan.ppp0 to public.wan rule 120 permit l2tp from public.wan to public.wan.ppp0 rule 130 permit l2tp from public.wan.ppp1 to public.wan rule 140 permit l2tp from public.wan to public.wan.ppp1 rule 150 permit ospf from private to ospf protect
nat rule 10 masq any from private to public enable
crypto isakmp key secret1 address 10.0.0.1 crypto isakmp key secret2 hostname RouterA
crypto ipsec profile ipsec1 lifetime seconds 3600 transform 1 protocol esp integrity SHA1 encryption AES128
crypto isakmp profile isakmp1 version 1 mode main lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2
crypto isakmp profile isakmp2 version 1 mode aggressive lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2
crypto isakmp peer address 10.0.0.1 profile isakmp1 crypto isakmp peer dynamic profile isakmp2
interface tunnel0 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.1 tunnel local id 2 tunnel remote id 1 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.100.2/30
interface tunnel1 mtu 1500 tunnel source ppp1 tunnel destination dynamic tunnel remote name RouterA tunnel local id 4 tunnel remote id 3 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.200.2/30 ip ospf cost 10
router ospf ospf router-id 0.0.0.2 network 192.168.20.0/24 area 0.0.0.0 network 192.168.100.0/30 area 0.0.0.0 network 192.168.200.0/30 area 0.0.0.0
ip route 0.0.0.0/0 ppp1 ip route 10.0.0.1/32 ppp0
end
copy running-config startup-config」の書式で実行します。awplus# copy running-config startup-config ↓ Building configuration... [OK]
awplus# write memory ↓ Building configuration... [OK]
awplus(config)# log buffered level informational facility kern msgtext Firewall ↓
awplus# show log | include Firewall ↓
! no spanning-tree rstp enable ! interface eth1 encapsulation ppp 0 ! interface ppp0 keepalive ip address negotiated ppp username userA@cug ppp password cugpasswdA ip tcp adjust-mss pmtu ! interface cellular0 encapsulation ppp 1 apn testname.alliedtelesis ! interface ppp1 ppp ipcp dns request keepalive ip address negotiated ppp username user@ispA ppp password isppasswdA ip tcp adjust-mss pmtu ! interface vlan1 ip address 192.168.10.1/24 ! zone private network lan ip subnet 192.168.10.0/24 network peer ip subnet 192.168.20.0/24 network tunnel ip subnet 192.168.100.0/30 ip subnet 192.168.200.0/30 ! zone public network wan ip subnet 0.0.0.0/0 interface ppp0 ip subnet 0.0.0.0/0 interface ppp1 host ppp0 ip address 10.0.0.1 host ppp1 ip address dynamic interface ppp1 ! zone ospf network ospf ip subnet 224.0.0.5/32 ip subnet 224.0.0.6/32 ! application esp protocol 50 ! application isakmp protocol udp sport 500 dport 500 ! application ospf protocol 89 ! firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit isakmp from public.wan.ppp0 to public.wan rule 40 permit isakmp from public.wan to public.wan.ppp0 rule 50 permit isakmp from public.wan.ppp1 to public.wan rule 60 permit isakmp from public.wan to public.wan.ppp1 rule 70 permit esp from public.wan.ppp0 to public.wan rule 80 permit esp from public.wan to public.wan.ppp0 rule 90 permit esp from public.wan.ppp1 to public.wan rule 100 permit esp from public.wan to public.wan.ppp1 rule 110 permit l2tp from public.wan.ppp0 to public.wan rule 120 permit l2tp from public.wan to public.wan.ppp0 rule 130 permit l2tp from public.wan.ppp1 to public.wan rule 140 permit l2tp from public.wan to public.wan.ppp1 rule 150 permit ospf from private to ospf protect ! nat rule 10 masq any from private to public enable ! crypto isakmp key secret1 address 10.0.0.2 crypto isakmp key secret2 address 10.1.1.2 ! crypto ipsec profile ipsec1 lifetime seconds 3600 transform 1 protocol esp integrity SHA1 encryption AES128 ! crypto isakmp profile isakmp1 version 1 mode main lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2 ! crypto isakmp profile isakmp2 version 1 mode aggressive lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2 ! crypto isakmp peer address 10.0.0.2 profile isakmp1 crypto isakmp peer address 10.1.1.2 profile isakmp2 ! interface tunnel0 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.2 tunnel local id 1 tunnel remote id 2 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.100.1/30 ! interface tunnel1 mtu 1500 tunnel source ppp1 tunnel destination 10.1.1.2 tunnel local name RouterA tunnel local id 3 tunnel remote id 4 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.200.1/30 ip ospf cost 10 ! router ospf ospf router-id 0.0.0.1 network 192.168.10.0/24 area 0.0.0.0 network 192.168.100.0/30 area 0.0.0.0 network 192.168.200.0/30 area 0.0.0.0 ! ip route 0.0.0.0/0 ppp1 ip route 10.0.0.2/32 ppp0 ! end
! no spanning-tree rstp enable ! interface eth1 encapsulation ppp 0 ! interface ppp0 keepalive ip address negotiated ppp username userB@cug ppp password cugpasswdB ip tcp adjust-mss pmtu ! interface eth2 encapsulation ppp 1 ! interface ppp1 ppp ipcp dns request keepalive ip address negotiated ppp username user@ispB ppp password isppasswdB ip tcp adjust-mss pmtu ! interface vlan1 ip address 192.168.20.1/24 ! zone private network lan ip subnet 192.168.20.0/24 network peer ip subnet 192.168.10.0/24 network tunnel ip subnet 192.168.100.0/30 ip subnet 192.168.200.0/30 ! zone public network wan ip subnet 0.0.0.0/0 interface ppp0 ip subnet 0.0.0.0/0 interface ppp1 host ppp0 ip address 10.0.0.2 host ppp1 ip address 10.1.1.2 ! zone ospf network ospf ip subnet 224.0.0.5/32 ip subnet 224.0.0.6/32 ! application esp protocol 50 ! application isakmp protocol udp sport 500 dport 500 ! application ospf protocol 89 ! firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit isakmp from public.wan.ppp0 to public.wan rule 40 permit isakmp from public.wan to public.wan.ppp0 rule 50 permit isakmp from public.wan.ppp1 to public.wan rule 60 permit isakmp from public.wan to public.wan.ppp1 rule 70 permit esp from public.wan.ppp0 to public.wan rule 80 permit esp from public.wan to public.wan.ppp0 rule 90 permit esp from public.wan.ppp1 to public.wan rule 100 permit esp from public.wan to public.wan.ppp1 rule 110 permit l2tp from public.wan.ppp0 to public.wan rule 120 permit l2tp from public.wan to public.wan.ppp0 rule 130 permit l2tp from public.wan.ppp1 to public.wan rule 140 permit l2tp from public.wan to public.wan.ppp1 rule 150 permit ospf from private to ospf protect ! nat rule 10 masq any from private to public enable ! crypto isakmp key secret1 address 10.0.0.1 crypto isakmp key secret2 hostname RouterA ! crypto ipsec profile ipsec1 lifetime seconds 3600 transform 1 protocol esp integrity SHA1 encryption AES128 ! crypto isakmp profile isakmp1 version 1 mode main lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2 ! crypto isakmp profile isakmp2 version 1 mode aggressive lifetime 3600 transform 1 integrity SHA1 encryption AES128 group 2 ! crypto isakmp peer address 10.0.0.1 profile isakmp1 crypto isakmp peer dynamic profile isakmp2 ! interface tunnel0 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.1 tunnel local id 2 tunnel remote id 1 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.100.2/30 ! interface tunnel1 mtu 1500 tunnel source ppp1 tunnel destination dynamic tunnel remote name RouterA tunnel local id 4 tunnel remote id 3 tunnel protection ipsec profile ipsec1 tunnel mode l2tp v3 tunnel df clear ip address 192.168.200.2/30 ip ospf cost 10 ! router ospf ospf router-id 0.0.0.2 network 192.168.20.0/24 area 0.0.0.0 network 192.168.100.0/30 area 0.0.0.0 network 192.168.200.0/30 area 0.0.0.0 ! ip route 0.0.0.0/0 ppp1 ip route 10.0.0.1/32 ppp0 ! end
(C) 2015 - 2019 アライドテレシスホールディングス株式会社
PN: 613-002107 Rev.AA