## CentreCOM AR415S 設定例集 2.9 ## 169 Pingポーリングによるメイン回線からインターネットVPNバックアップへの自動切り替え(ISP接続+フレッツグループアクセス〜アドレスLAN型編〜) ## ルーターAのコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 ADD USER=secoff PASSWORD=PasswordS PRIVILEGE=SECURITYOFFICER CREATE PPP=0 OVER=eth0-ANY SET PPP=0 BAP=OFF USERNAME=center@isp PASSWORD=centpass SET PPP=0 OVER=eth0-ANY LQR=OFF ECHO=ON CREATE PPP=1 OVER=eth0-ANY SET PPP=1 BAP=OFF USERNAME=center@flets PASSWORD=fletsa SET PPP=1 OVER=eth0-ANY LQR=OFF ECHO=ON ENABLE IP ENABLE IP REMOTEASSIGN ADD IP INTERFACE=vlan1 IPADDRESS=192.168.1.254 MASK=255.255.255.0 ADD IP INTERFACE=ppp0 IPADDRESS=200.100.10.1 MASK=255.255.255.255 ADD IP INTERFACE=ppp1-0 IPADDRESS=0.0.0.0 ADD IP INTERFACE=ppp1-1 IPADDRESS=192.168.1.1 MASK=255.255.255.255 ADD IP ROUTE=192.168.2.1 MASK=255.255.255.255 INTERFACE=ppp1-1 NEXT=0.0.0.0 ADD IP ROUTE=192.168.2.0 MASK=255.255.255.0 INTERFACE=ppp1-1 NEXT=0.0.0.0 ADD IP ROUTE=0.0.0.0 MASK=0.0.0.0 INTERFACE=ppp0 NEXT=0.0.0.0 ENABLE FIREWALL CREATE FIREWALL POLICY=net ENABLE FIREWALL POLICY=net ICMP_FORWARDING=PING,UNREACH DISABLE FIREWALL POLICY=net IDENTPROXY ADD FIREWALL POLICY=net INTERFACE=vlan1 TYPE=PRIVATE ADD FIREWALL POLICY=net INTERFACE=ppp0 TYPE=PUBLIC ADD FIREWALL POLICY=net INTERFACE=ppp1-0 TYPE=PUBLIC ADD FIREWALL POLICY=net INTERFACE=ppp1-1 TYPE=PUBLIC ADD FIREWALL POLICY=net NAT=ENHANCED INTERFACE=vlan1 GBLINTERFACE=ppp0 GBLIP=200.100.10.1 ADD FIREWALL POLICY=net RULE=1 ACTION=ALLOW INTERFACE=ppp0 PROTOCOL=UDP GBLPORT=500 GBLIP=200.100.10.1 PORT=500 IP=200.100.10.1 ADD FIREWALL POLICY=net RULE=2 ACTION=NON INTERFACE=vlan1 PROTOCOL=ALL IP=192.168.1.1-192.168.1.254 SET FIREWALL POLICY=net RULE=2 REMOTEIP=192.168.2.1-192.168.2.254 ADD FIREWALL POLICY=net RULE=3 ACTION=NON INTERFACE=ppp0 PROTOCOL=ALL IP=192.168.1.1-192.168.1.254 ENCAP=IPSEC ADD FIREWALL POLICY=net RULE=4 ACTION=ALLOW INTERFACE=ppp1-1 PROTOCOL=ALL SET FIREWALL POLICY=net RULE=4 REMOTE=192.168.2.1-192.168.2.254 ADD PING POLL=1 IPADDRESS=192.168.2.1 NORMALINTERVAL=10 UPCOUNT=5 SAMPLESIZE=10 ENABLE PING POLL=1 # CREATE ENCO KEY=1 TYPE=GENERAL VALUE="secret" CREATE ISAKMP POLICY="i" PEER=ANY KEY=1 SENDN=TRUE HEARTBEATMODE=BOTH REMOTEID="client" MODE=AGGRESSIVE CREATE IPSEC SASPEC=1 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=DES HASHALG=SHA CREATE IPSEC BUNDLE=1 KEYMAN=ISAKMP STRING="1" CREATE IPSEC POLICY="isa" INT=ppp0 ACTION=PERMIT LPORT=500 RPORT=500 TRANSPORT=UDP CREATE IPSEC POLICY="vpn" INTERFACE=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=DYNAMIC SET IPSEC POLICY="vpn" LAD=192.168.1.0 LMA=255.255.255.0 RAD=192.168.2.0 RMA=255.255.255.0 CREATE IPSEC POLICY="inet" INTERFACE=ppp0 ACTION=PERMIT # LOGIN secoff # ENABLE SYSTEM SECURITY_MODE ENABLE TRIGGER CREATE TRIGGER=1 MODULE=PING EVENT=DEVICEUP POLL=1 SCRIPT=pingu.scp CREATE TRIGGER=2 MODULE=PING EVENT=DEVICEDOWN POLL=1 SCRIPT=pingd.scp CREATE TRIGGER=3 INTERFACE=ppp1 EVENT=UP CP=LCP SCRIPT=up.scp CREATE TRIGGER=4 INTERFACE=ppp1 EVENT=DOWN CP=LCP SCRIPT=down.scp