[index] AT-AR2010V コマンドリファレンス 5.5.0
ISP接続用ユーザー名 | userA@isp | userB@isp | |
ISP接続用パスワード | isppasswdA | isppasswdB | |
WAN側IPアドレス | 10.0.0.1/32 | 10.0.0.2/32 | |
WAN側(ISP)物理インターフェース(1) | eth1 | eth1 | |
WAN側(ppp0)IPアドレス | 10.0.0.1/32 | 10.0.0.2/32 | |
トンネルインターフェース | tunnel0 | tunnel0 | |
トンネル終端IPアドレス | 10.0.0.1 | 10.0.0.2 | |
LAN側インターフェース | eth2.10 | eth2.40 | |
LAN側IPアドレス | 192.168.10.1/24 | 192.168.40.1/24 | |
トンネルサブインターフェース | tunnel0.110 | tunnel0.110 | |
VRF1 | トンネルサブインターフェースIPアドレス | 192.168.110.1/24 | 192.168.110.2/24 |
LAN側インターフェース | eth2.20 | eth2.50 | |
LAN側IPアドレス | 192.168.20.1/24 | 192.168.50.1/24 | |
トンネルサブインターフェース | tunnel0.120 | tunnel0.120 | |
VRF2 | トンネルサブインターフェースIPアドレス | 192.168.120.1/24 | 192.168.120.2/24 |
LAN側インターフェース | eth2.30 | eth2.60 | |
LAN側IPアドレス | 192.168.30.1/24 | 192.168.60.1/24 | |
トンネルサブインターフェース | tunnel0.130 | tunnel0.130 | |
VRF3 | トンネルサブインターフェースIPアドレス | 192.168.130.1/24 | 192.168.130.2/24 |
interface eth1 encapsulation ppp 0
interface ppp0 keepalive ppp username user@ispA ppp password isppasswdA ip address 10.0.0.1/32 ip tcp adjust-mss pmtu
ip vrf VRF1 1
ip vrf VRF2 2
ip vrf VRF3 3
interface eth2 encapsulation dot1q 10 encapsulation dot1q 20 encapsulation dot1q 30
interface eth2.10 ip vrf forwarding VRF1 ip address 192.168.10.1/24
interface eth2.20 ip vrf forwarding VRF2 ip address 192.168.20.1/24
interface eth2.30 ip vrf forwarding VRF3 ip address 192.168.30.1/24
crypto isakmp key secret address 10.0.0.2
interface tunnel0 encapsulation dot1q 110 encapsulation dot1q 120 encapsulation dot1q 130 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.2 tunnel local id 1 tunnel remote id 2 tunnel protection ipsec tunnel mode l2tp v3 tunnel df clear
interface tunnel0.110 ip vrf forwarding VRF1 ip address 192.168.110.1/24 ip tcp adjust-mss 1300
interface tunnel0.120 ip vrf forwarding VRF2 ip address 192.168.120.1/24 ip tcp adjust-mss 1300
interface tunnel0.130 ip vrf forwarding VRF3 ip address 192.168.130.1/24 ip tcp adjust-mss 1300
ip route 0.0.0.0/0 ppp0
ip route vrf VRF1 192.168.40.0/24 192.168.110.2
router rip address-family ipv4 vrf VRF2 network 192.168.0.0/16 exit-address-family
router ospf 3 VRF3 network 192.168.0.0 255.255.0.0 area 0
zone private network ctrl ip subnet 224.0.0.0/24 network lan ip subnet 192.168.0.0/16
zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.1
application esp protocol 50
application isakmp protocol udp dport 500
firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit any from public.wan.ppp0 to public rule 40 permit esp from public to public.wan.ppp0 rule 50 permit isakmp from public to public.wan.ppp0 rule 60 permit l2tp from public to public.wan.ppp0 protect
nat rule 10 masq any from private to public enable
end
interface eth1 encapsulation ppp 0
interface ppp0 keepalive ppp username user@ispB ppp password isppasswdB ip address 10.0.0.2/32 ip tcp adjust-mss pmtu
ip vrf VRF1 1
ip vrf VRF2 2
ip vrf VRF3 3
interface eth2 encapsulation dot1q 40 encapsulation dot1q 50 encapsulation dot1q 60
interface eth2.40 ip vrf forwarding VRF1 ip address 192.168.40.1/24
interface eth2.50 ip vrf forwarding VRF2 ip address 192.168.50.1/24
interface eth2.60 ip vrf forwarding VRF3 ip address 192.168.60.1/24
crypto isakmp key secret address 10.0.0.1
interface tunnel0 encapsulation dot1q 110 encapsulation dot1q 120 encapsulation dot1q 130 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.1 tunnel local id 2 tunnel remote id 1 tunnel protection ipsec tunnel mode l2tp v3 tunnel df clear
interface tunnel0.110 ip vrf forwarding VRF1 ip address 192.168.110.2/24 ip tcp adjust-mss 1300
interface tunnel0.120 ip vrf forwarding VRF2 ip address 192.168.120.2/24 ip tcp adjust-mss 1300
interface tunnel0.130 ip vrf forwarding VRF3 ip address 192.168.130.2/24 ip tcp adjust-mss 1300
ip route 0.0.0.0/0 ppp0
ip route vrf VRF1 192.168.10.0/24 192.168.110.1
router rip address-family ipv4 vrf VRF2 network 192.168.0.0/16 exit-address-family
router ospf 3 VRF3 network 192.168.0.0 255.255.0.0 area 0
zone private network ctrl ip subnet 224.0.0.0/24 network lan ip subnet 192.168.0.0/16
zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.2
application esp protocol 50
application isakmp protocol udp dport 500
firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit any from public.wan.ppp0 to public rule 40 permit esp from public to public.wan.ppp0 rule 50 permit isakmp from public to public.wan.ppp0 rule 60 permit l2tp from public to public.wan.ppp0 protect
nat rule 10 masq any from private to public enable
end
copy running-config startup-config
」の書式で実行します。awplus# copy running-config startup-config ↓ Building configuration... [OK]
awplus# write memory ↓ Building configuration... [OK]
awplus(config)# log buffered level informational facility kern msgtext Firewall ↓
awplus# show log | include Firewall ↓
! interface eth1 encapsulation ppp 0 ! interface ppp0 keepalive ppp username user@ispA ppp password isppasswdA ip address 10.0.0.1/32 ip tcp adjust-mss pmtu ! ip vrf VRF1 1 ! ip vrf VRF2 2 ! ip vrf VRF3 3 ! interface eth2 encapsulation dot1q 10 encapsulation dot1q 20 encapsulation dot1q 30 ! interface eth2.10 ip vrf forwarding VRF1 ip address 192.168.10.1/24 ! interface eth2.20 ip vrf forwarding VRF2 ip address 192.168.20.1/24 ! interface eth2.30 ip vrf forwarding VRF3 ip address 192.168.30.1/24 ! crypto isakmp key secret address 10.0.0.2 ! interface tunnel0 encapsulation dot1q 110 encapsulation dot1q 120 encapsulation dot1q 130 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.2 tunnel local id 1 tunnel remote id 2 tunnel protection ipsec tunnel mode l2tp v3 tunnel df clear ! interface tunnel0.110 ip vrf forwarding VRF1 ip address 192.168.110.1/24 ip tcp adjust-mss 1300 ! interface tunnel0.120 ip vrf forwarding VRF2 ip address 192.168.120.1/24 ip tcp adjust-mss 1300 ! interface tunnel0.130 ip vrf forwarding VRF3 ip address 192.168.130.1/24 ip tcp adjust-mss 1300 ! ip route 0.0.0.0/0 ppp0 ! ip route vrf VRF1 192.168.40.0/24 192.168.110.2 ! router rip address-family ipv4 vrf VRF2 network 192.168.0.0/16 exit-address-family ! router ospf 3 VRF3 network 192.168.0.0 255.255.0.0 area 0 ! zone private network ctrl ip subnet 224.0.0.0/24 network lan ip subnet 192.168.0.0/16 ! zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.1 ! application esp protocol 50 ! application isakmp protocol udp dport 500 ! firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit any from public.wan.ppp0 to public rule 40 permit esp from public to public.wan.ppp0 rule 50 permit isakmp from public to public.wan.ppp0 rule 60 permit l2tp from public to public.wan.ppp0 protect ! nat rule 10 masq any from private to public enable ! end
! interface eth1 encapsulation ppp 0 ! interface ppp0 keepalive ppp username user@ispB ppp password isppasswdB ip address 10.0.0.2/32 ip tcp adjust-mss pmtu ! ip vrf VRF1 1 ! ip vrf VRF2 2 ! ip vrf VRF3 3 ! interface eth2 encapsulation dot1q 40 encapsulation dot1q 50 encapsulation dot1q 60 ! interface eth2.40 ip vrf forwarding VRF1 ip address 192.168.40.1/24 ! interface eth2.50 ip vrf forwarding VRF2 ip address 192.168.50.1/24 ! interface eth2.60 ip vrf forwarding VRF3 ip address 192.168.60.1/24 ! crypto isakmp key secret address 10.0.0.1 ! interface tunnel0 encapsulation dot1q 110 encapsulation dot1q 120 encapsulation dot1q 130 mtu 1500 tunnel source ppp0 tunnel destination 10.0.0.1 tunnel local id 2 tunnel remote id 1 tunnel protection ipsec tunnel mode l2tp v3 tunnel df clear ! interface tunnel0.110 ip vrf forwarding VRF1 ip address 192.168.110.2/24 ip tcp adjust-mss 1300 ! interface tunnel0.120 ip vrf forwarding VRF2 ip address 192.168.120.2/24 ip tcp adjust-mss 1300 ! interface tunnel0.130 ip vrf forwarding VRF3 ip address 192.168.130.2/24 ip tcp adjust-mss 1300 ! ip route 0.0.0.0/0 ppp0 ! ip route vrf VRF1 192.168.10.0/24 192.168.110.1 ! router rip address-family ipv4 vrf VRF2 network 192.168.0.0/16 exit-address-family ! router ospf 3 VRF3 network 192.168.0.0 255.255.0.0 area 0 ! zone private network ctrl ip subnet 224.0.0.0/24 network lan ip subnet 192.168.0.0/16 ! zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.2 ! application esp protocol 50 ! application isakmp protocol udp dport 500 ! firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit any from public.wan.ppp0 to public rule 40 permit esp from public to public.wan.ppp0 rule 50 permit isakmp from public to public.wan.ppp0 rule 60 permit l2tp from public to public.wan.ppp0 protect ! nat rule 10 masq any from private to public enable ! end
(C) 2016 - 2020 アライドテレシスホールディングス株式会社
PN: 613-002311 Rev.Z