質問編集履歴
1
拠点Aのコンフィグ追加
test
CHANGED
File without changes
|
test
CHANGED
@@ -13,3 +13,477 @@
|
|
13
13
|
|
14
14
|
|
15
15
|
使用機器:RTX1210
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
下記実際のコンフィグです。
|
20
|
+
|
21
|
+
|
22
|
+
|
23
|
+
拠点A
|
24
|
+
|
25
|
+
ip route default gateway pp 1
|
26
|
+
|
27
|
+
ip filter source-route on
|
28
|
+
|
29
|
+
ip filter directed-broadcast on
|
30
|
+
|
31
|
+
bridge member bridge1 lan1 tunnel7
|
32
|
+
|
33
|
+
ip bridge1 address 172.27.1.253/24
|
34
|
+
|
35
|
+
ip lan1 address 172.27.1.253/24
|
36
|
+
|
37
|
+
ip lan1 proxyarp on
|
38
|
+
|
39
|
+
ip lan1 secure filter in 10 99
|
40
|
+
|
41
|
+
ip lan3 address 172.27.2.253/24
|
42
|
+
|
43
|
+
ip lan3 proxyarp on
|
44
|
+
|
45
|
+
ip lan3 secure filter in 11 99
|
46
|
+
|
47
|
+
pp select 1
|
48
|
+
|
49
|
+
pp always-on on
|
50
|
+
|
51
|
+
pppoe use lan2
|
52
|
+
|
53
|
+
pp auth accept pap chap
|
54
|
+
|
55
|
+
pp auth myname (ISP1へ接続するID) (ISP1へ接続するパスワード)
|
56
|
+
|
57
|
+
ppp lcp mru on 1454
|
58
|
+
|
59
|
+
ppp ipcp msext on
|
60
|
+
|
61
|
+
ppp ccp type none
|
62
|
+
|
63
|
+
ip pp address (拠点AのグローバルIP)
|
64
|
+
|
65
|
+
ip pp mtu 1454
|
66
|
+
|
67
|
+
ip pp secure filter in 1020 1030 1040 1041 1042 1043 1044 1045 2000
|
68
|
+
|
69
|
+
ip pp secure filter out 1010 1011 1012 1013 1014 1015 3000 dynamic 100 101 102 103 104 105 106 107
|
70
|
+
|
71
|
+
ip pp nat descriptor 1
|
72
|
+
|
73
|
+
pp enable 1
|
74
|
+
|
75
|
+
pp select anonymous
|
76
|
+
|
77
|
+
pp bind tunnel1-tunnel6 tunnel8-tunnel9
|
78
|
+
|
79
|
+
pp auth request mschap-v2
|
80
|
+
|
81
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
82
|
+
|
83
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
84
|
+
|
85
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
86
|
+
|
87
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
88
|
+
|
89
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
90
|
+
|
91
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
92
|
+
|
93
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
94
|
+
|
95
|
+
pp auth username (接続ユーザ名) (接続パスワード)
|
96
|
+
|
97
|
+
ppp ipcp ipaddress on
|
98
|
+
|
99
|
+
ppp ipcp msext on
|
100
|
+
|
101
|
+
ip pp remote address pool 172.27.1.200-172.27.1.209
|
102
|
+
|
103
|
+
ip pp mtu 1258
|
104
|
+
|
105
|
+
pp enable anonymous
|
106
|
+
|
107
|
+
tunnel select 1
|
108
|
+
|
109
|
+
tunnel encapsulation l2tp
|
110
|
+
|
111
|
+
ipsec tunnel 101
|
112
|
+
|
113
|
+
ipsec sa policy 101 1 esp 3des-cbc sha-hmac
|
114
|
+
|
115
|
+
ipsec ike keepalive use 1 off
|
116
|
+
|
117
|
+
ipsec ike local address 1 172.27.1.253
|
118
|
+
|
119
|
+
ipsec ike nat-traversal 1 on
|
120
|
+
|
121
|
+
ipsec ike remote address 1 any
|
122
|
+
|
123
|
+
ipsec ike license-key use 1 on
|
124
|
+
|
125
|
+
l2tp tunnel disconnect time off
|
126
|
+
|
127
|
+
l2tp keepalive use on 10 3
|
128
|
+
|
129
|
+
l2tp keepalive log on
|
130
|
+
|
131
|
+
l2tp syslog on
|
132
|
+
|
133
|
+
ip tunnel tcp mss limit auto
|
134
|
+
|
135
|
+
tunnel enable 1
|
136
|
+
|
137
|
+
tunnel select 2
|
138
|
+
|
139
|
+
tunnel encapsulation l2tp
|
140
|
+
|
141
|
+
ipsec tunnel 102
|
142
|
+
|
143
|
+
ipsec sa policy 102 2 esp 3des-cbc sha-hmac
|
144
|
+
|
145
|
+
ipsec ike keepalive use 2 off
|
146
|
+
|
147
|
+
ipsec ike local address 2 172.27.1.253
|
148
|
+
|
149
|
+
ipsec ike nat-traversal 2 on
|
150
|
+
|
151
|
+
ipsec ike remote address 2 any
|
152
|
+
|
153
|
+
ipsec ike license-key use 2 on
|
154
|
+
|
155
|
+
l2tp tunnel disconnect time off
|
156
|
+
|
157
|
+
l2tp keepalive use on 10 3
|
158
|
+
|
159
|
+
l2tp keepalive log on
|
160
|
+
|
161
|
+
l2tp syslog on
|
162
|
+
|
163
|
+
ip tunnel tcp mss limit auto
|
164
|
+
|
165
|
+
tunnel enable 2
|
166
|
+
|
167
|
+
tunnel select 3
|
168
|
+
|
169
|
+
tunnel encapsulation l2tp
|
170
|
+
|
171
|
+
ipsec tunnel 103
|
172
|
+
|
173
|
+
ipsec sa policy 103 3 esp 3des-cbc sha-hmac
|
174
|
+
|
175
|
+
ipsec ike keepalive use 3 off
|
176
|
+
|
177
|
+
ipsec ike local address 3 172.27.1.253
|
178
|
+
|
179
|
+
ipsec ike nat-traversal 3 on
|
180
|
+
|
181
|
+
ipsec ike remote address 3 any
|
182
|
+
|
183
|
+
ipsec ike license-key use 3 on
|
184
|
+
|
185
|
+
l2tp tunnel disconnect time off
|
186
|
+
|
187
|
+
l2tp keepalive use on 10 3
|
188
|
+
|
189
|
+
l2tp keepalive log on
|
190
|
+
|
191
|
+
l2tp syslog on
|
192
|
+
|
193
|
+
ip tunnel tcp mss limit auto
|
194
|
+
|
195
|
+
tunnel enable 3
|
196
|
+
|
197
|
+
tunnel select 4
|
198
|
+
|
199
|
+
tunnel encapsulation l2tp
|
200
|
+
|
201
|
+
ipsec tunnel 104
|
202
|
+
|
203
|
+
ipsec sa policy 104 4 esp 3des-cbc sha-hmac
|
204
|
+
|
205
|
+
ipsec ike keepalive use 4 off
|
206
|
+
|
207
|
+
ipsec ike local address 4 172.27.1.253
|
208
|
+
|
209
|
+
ipsec ike nat-traversal 4 on
|
210
|
+
|
211
|
+
ipsec ike remote address 4 any
|
212
|
+
|
213
|
+
ipsec ike license-key use 4 on
|
214
|
+
|
215
|
+
l2tp tunnel disconnect time off
|
216
|
+
|
217
|
+
l2tp keepalive use on 10 3
|
218
|
+
|
219
|
+
l2tp keepalive log on
|
220
|
+
|
221
|
+
l2tp syslog on
|
222
|
+
|
223
|
+
ip tunnel tcp mss limit auto
|
224
|
+
|
225
|
+
tunnel enable 4
|
226
|
+
|
227
|
+
tunnel select 5
|
228
|
+
|
229
|
+
tunnel encapsulation l2tp
|
230
|
+
|
231
|
+
ipsec tunnel 105
|
232
|
+
|
233
|
+
ipsec sa policy 105 5 esp 3des-cbc sha-hmac
|
234
|
+
|
235
|
+
ipsec ike keepalive use 5 off
|
236
|
+
|
237
|
+
ipsec ike local address 5 172.27.1.253
|
238
|
+
|
239
|
+
ipsec ike nat-traversal 5 on
|
240
|
+
|
241
|
+
ipsec ike remote address 5 any
|
242
|
+
|
243
|
+
ipsec ike license-key use 5 on
|
244
|
+
|
245
|
+
l2tp tunnel disconnect time off
|
246
|
+
|
247
|
+
l2tp keepalive use on 10 3
|
248
|
+
|
249
|
+
l2tp keepalive log on
|
250
|
+
|
251
|
+
l2tp syslog on
|
252
|
+
|
253
|
+
ip tunnel tcp mss limit auto
|
254
|
+
|
255
|
+
tunnel enable 5
|
256
|
+
|
257
|
+
tunnel select 6
|
258
|
+
|
259
|
+
tunnel encapsulation l2tp
|
260
|
+
|
261
|
+
ipsec tunnel 106
|
262
|
+
|
263
|
+
ipsec sa policy 106 6 esp 3des-cbc sha-hmac
|
264
|
+
|
265
|
+
ipsec ike keepalive use 6 off
|
266
|
+
|
267
|
+
ipsec ike local address 6 172.27.1.253
|
268
|
+
|
269
|
+
ipsec ike nat-traversal 6 on
|
270
|
+
|
271
|
+
ipsec ike remote address 6 any
|
272
|
+
|
273
|
+
ipsec ike license-key use 6 on
|
274
|
+
|
275
|
+
l2tp tunnel disconnect time off
|
276
|
+
|
277
|
+
l2tp keepalive use on 10 3
|
278
|
+
|
279
|
+
l2tp keepalive log on
|
280
|
+
|
281
|
+
l2tp syslog on
|
282
|
+
|
283
|
+
ip tunnel tcp mss limit auto
|
284
|
+
|
285
|
+
tunnel enable 6
|
286
|
+
|
287
|
+
tunnel select 7
|
288
|
+
|
289
|
+
tunnel encapsulation l2tpv3
|
290
|
+
|
291
|
+
tunnel endpoint address 172.27.1.253 (拠点BのグローバルIP)
|
292
|
+
|
293
|
+
ipsec tunnel 107
|
294
|
+
|
295
|
+
ipsec sa policy 107 7 esp aes-cbc sha-hmac
|
296
|
+
|
297
|
+
ipsec ike keepalive log 7 on
|
298
|
+
|
299
|
+
ipsec ike keepalive use 7 on
|
300
|
+
|
301
|
+
ipsec ike local address 7 172.27.1.253
|
302
|
+
|
303
|
+
ipsec ike pre-shared-key 7 text (事前共有鍵①)
|
304
|
+
|
305
|
+
ipsec ike remote address 7 (拠点BのグローバルIP)
|
306
|
+
|
307
|
+
l2tp always-on on
|
308
|
+
|
309
|
+
l2tp hostname surluster
|
310
|
+
|
311
|
+
l2tp tunnel auth on (L2TP トンネル認証に用いるパスワード①)
|
312
|
+
|
313
|
+
l2tp tunnel disconnect time off
|
314
|
+
|
315
|
+
l2tp keepalive use on 60 3
|
316
|
+
|
317
|
+
l2tp keepalive log on
|
318
|
+
|
319
|
+
l2tp syslog on
|
320
|
+
|
321
|
+
l2tp local router-id 172.27.1.253
|
322
|
+
|
323
|
+
l2tp remote router-id 172.27.1.254
|
324
|
+
|
325
|
+
l2tp remote end-id A
|
326
|
+
|
327
|
+
tunnel enable 7
|
328
|
+
|
329
|
+
tunnel select 8
|
330
|
+
|
331
|
+
tunnel encapsulation l2tp
|
332
|
+
|
333
|
+
ipsec tunnel 108
|
334
|
+
|
335
|
+
ipsec sa policy 108 8 esp aes-cbc sha-hmac
|
336
|
+
|
337
|
+
ipsec ike keepalive use 8 off
|
338
|
+
|
339
|
+
ipsec ike nat-traversal 8 on
|
340
|
+
|
341
|
+
ipsec ike pre-shared-key 8 text (事前共有鍵)
|
342
|
+
|
343
|
+
ipsec ike remote address 8 any
|
344
|
+
|
345
|
+
l2tp tunnel disconnect time off
|
346
|
+
|
347
|
+
l2tp keepalive use on 10 3
|
348
|
+
|
349
|
+
l2tp keepalive log on
|
350
|
+
|
351
|
+
l2tp syslog on
|
352
|
+
|
353
|
+
ip tunnel tcp mss limit auto
|
354
|
+
|
355
|
+
tunnel enable 8
|
356
|
+
|
357
|
+
tunnel select 9
|
358
|
+
|
359
|
+
tunnel encapsulation l2tp
|
360
|
+
|
361
|
+
ipsec tunnel 109
|
362
|
+
|
363
|
+
ipsec sa policy 109 9 esp aes-cbc sha-hmac
|
364
|
+
|
365
|
+
ipsec ike keepalive use 9 off
|
366
|
+
|
367
|
+
ipsec ike nat-traversal 9 on
|
368
|
+
|
369
|
+
ipsec ike pre-shared-key 9 text (事前共有鍵)
|
370
|
+
|
371
|
+
ipsec ike remote address 9 any
|
372
|
+
|
373
|
+
l2tp tunnel disconnect time off
|
374
|
+
|
375
|
+
l2tp keepalive use on 10 3
|
376
|
+
|
377
|
+
l2tp keepalive log on
|
378
|
+
|
379
|
+
l2tp syslog on
|
380
|
+
|
381
|
+
ip tunnel tcp mss limit auto
|
382
|
+
|
383
|
+
tunnel enable 9
|
384
|
+
|
385
|
+
ip filter 10 reject * 172.27.2.0/24 * * *
|
386
|
+
|
387
|
+
ip filter 11 reject * 172.27.1.0/24 * * *
|
388
|
+
|
389
|
+
ip filter 99 pass * * * * *
|
390
|
+
|
391
|
+
ip filter 1010 reject * * udp,tcp 135 *
|
392
|
+
|
393
|
+
ip filter 1011 reject * * udp,tcp * 135
|
394
|
+
|
395
|
+
ip filter 1012 reject * * udp,tcp netbios_ns-netbios_ssn *
|
396
|
+
|
397
|
+
ip filter 1013 reject * * udp,tcp * netbios_ns-netbios_ssn
|
398
|
+
|
399
|
+
ip filter 1014 reject * * udp,tcp 445 *
|
400
|
+
|
401
|
+
ip filter 1015 reject * * udp,tcp * 445
|
402
|
+
|
403
|
+
ip filter 1020 reject 172.27.1.0/24 *
|
404
|
+
|
405
|
+
ip filter 1030 pass * 172.27.1.0/24 icmp
|
406
|
+
|
407
|
+
ip filter 1040 pass * 172.27.1.253 udp * 500
|
408
|
+
|
409
|
+
ip filter 1041 pass * 172.27.1.253 udp * 4500
|
410
|
+
|
411
|
+
ip filter 1042 pass * 172.27.1.253 esp
|
412
|
+
|
413
|
+
ip filter 1043 pass * 172.27.1.254 udp * 500
|
414
|
+
|
415
|
+
ip filter 1044 pass * 172.27.1.254 udp * 4500
|
416
|
+
|
417
|
+
ip filter 1045 pass * 172.27.1.254 esp
|
418
|
+
|
419
|
+
ip filter 2000 reject * *
|
420
|
+
|
421
|
+
ip filter 3000 pass * *
|
422
|
+
|
423
|
+
ip filter dynamic 100 * * ftp
|
424
|
+
|
425
|
+
ip filter dynamic 101 * * www
|
426
|
+
|
427
|
+
ip filter dynamic 102 * * domain
|
428
|
+
|
429
|
+
ip filter dynamic 103 * * smtp
|
430
|
+
|
431
|
+
ip filter dynamic 104 * * pop3
|
432
|
+
|
433
|
+
ip filter dynamic 105 * * imap
|
434
|
+
|
435
|
+
ip filter dynamic 106 * * netmeeting
|
436
|
+
|
437
|
+
ip filter dynamic 107 * * tcp
|
438
|
+
|
439
|
+
ip filter dynamic 108 * * udp
|
440
|
+
|
441
|
+
ip filter dynamic 109 * * submission
|
442
|
+
|
443
|
+
nat descriptor type 1 masquerade
|
444
|
+
|
445
|
+
nat descriptor address outer 1 (拠点AのグローバルIP)
|
446
|
+
|
447
|
+
nat descriptor masquerade static 1 1 172.27.1.253 esp
|
448
|
+
|
449
|
+
nat descriptor masquerade static 1 2 172.27.1.253 udp 500
|
450
|
+
|
451
|
+
nat descriptor masquerade static 1 3 172.27.1.253 udp 4500
|
452
|
+
|
453
|
+
ipsec auto refresh on
|
454
|
+
|
455
|
+
ipsec ike license-key 1 (ライセンスキー)
|
456
|
+
|
457
|
+
ipsec transport 1 101 udp 1701
|
458
|
+
|
459
|
+
ipsec transport 2 102 udp 1701
|
460
|
+
|
461
|
+
ipsec transport 3 103 udp 1701
|
462
|
+
|
463
|
+
ipsec transport 4 104 udp 1701
|
464
|
+
|
465
|
+
ipsec transport 5 105 udp 1701
|
466
|
+
|
467
|
+
ipsec transport 6 106 udp 1701
|
468
|
+
|
469
|
+
ipsec transport 7 107 udp 1701
|
470
|
+
|
471
|
+
ipsec transport 8 108 udp 1701
|
472
|
+
|
473
|
+
ipsec transport 9 109 udp 1701
|
474
|
+
|
475
|
+
dhcp service server
|
476
|
+
|
477
|
+
dhcp server rfc2131 compliant except remain-silent
|
478
|
+
|
479
|
+
dhcp scope 1 172.27.1.2-172.27.1.191/24
|
480
|
+
|
481
|
+
dns server (拠点AのDNS① 拠点AのDNS②)
|
482
|
+
|
483
|
+
dns private address spoof on
|
484
|
+
|
485
|
+
l2tp service on
|
486
|
+
|
487
|
+
httpd host any
|
488
|
+
|
489
|
+
dashboard accumulate traffic on
|