teratail
回答率
85.48%
質問するログイン新規登録
トップに関する質問IPsecVPNの通信設定について

編集履歴

質問編集履歴

1

拠点Aのコンフィグ追加

2018/02/13 03:15

投稿

ky1990
ky1990

スコア14

test CHANGED
File without changes
test CHANGED
@@ -13,3 +13,477 @@
13
13
 
14
14
 
15
15
  使用機器:RTX1210
16
+
17
+
18
+
19
+ 下記実際のコンフィグです。
20
+
21
+
22
+
23
+ 拠点A
24
+
25
+ ip route default gateway pp 1
26
+
27
+ ip filter source-route on
28
+
29
+ ip filter directed-broadcast on
30
+
31
+ bridge member bridge1 lan1 tunnel7
32
+
33
+ ip bridge1 address 172.27.1.253/24
34
+
35
+ ip lan1 address 172.27.1.253/24
36
+
37
+ ip lan1 proxyarp on
38
+
39
+ ip lan1 secure filter in 10 99
40
+
41
+ ip lan3 address 172.27.2.253/24
42
+
43
+ ip lan3 proxyarp on
44
+
45
+ ip lan3 secure filter in 11 99
46
+
47
+ pp select 1
48
+
49
+ pp always-on on
50
+
51
+ pppoe use lan2
52
+
53
+ pp auth accept pap chap
54
+
55
+ pp auth myname (ISP1へ接続するID) (ISP1へ接続するパスワード)
56
+
57
+ ppp lcp mru on 1454
58
+
59
+ ppp ipcp msext on
60
+
61
+ ppp ccp type none
62
+
63
+ ip pp address (拠点AのグローバルIP)
64
+
65
+ ip pp mtu 1454
66
+
67
+ ip pp secure filter in 1020 1030 1040 1041 1042 1043 1044 1045 2000
68
+
69
+ ip pp secure filter out 1010 1011 1012 1013 1014 1015 3000 dynamic 100 101 102 103 104 105 106 107
70
+
71
+ ip pp nat descriptor 1
72
+
73
+ pp enable 1
74
+
75
+ pp select anonymous
76
+
77
+ pp bind tunnel1-tunnel6 tunnel8-tunnel9
78
+
79
+ pp auth request mschap-v2
80
+
81
+ pp auth username (接続ユーザ名) (接続パスワード)
82
+
83
+ pp auth username (接続ユーザ名) (接続パスワード)
84
+
85
+ pp auth username (接続ユーザ名) (接続パスワード)
86
+
87
+ pp auth username (接続ユーザ名) (接続パスワード)
88
+
89
+ pp auth username (接続ユーザ名) (接続パスワード)
90
+
91
+ pp auth username (接続ユーザ名) (接続パスワード)
92
+
93
+ pp auth username (接続ユーザ名) (接続パスワード)
94
+
95
+ pp auth username (接続ユーザ名) (接続パスワード)
96
+
97
+ ppp ipcp ipaddress on
98
+
99
+ ppp ipcp msext on
100
+
101
+ ip pp remote address pool 172.27.1.200-172.27.1.209
102
+
103
+ ip pp mtu 1258
104
+
105
+ pp enable anonymous
106
+
107
+ tunnel select 1
108
+
109
+ tunnel encapsulation l2tp
110
+
111
+ ipsec tunnel 101
112
+
113
+ ipsec sa policy 101 1 esp 3des-cbc sha-hmac
114
+
115
+ ipsec ike keepalive use 1 off
116
+
117
+ ipsec ike local address 1 172.27.1.253
118
+
119
+ ipsec ike nat-traversal 1 on
120
+
121
+ ipsec ike remote address 1 any
122
+
123
+ ipsec ike license-key use 1 on
124
+
125
+ l2tp tunnel disconnect time off
126
+
127
+ l2tp keepalive use on 10 3
128
+
129
+ l2tp keepalive log on
130
+
131
+ l2tp syslog on
132
+
133
+ ip tunnel tcp mss limit auto
134
+
135
+ tunnel enable 1
136
+
137
+ tunnel select 2
138
+
139
+ tunnel encapsulation l2tp
140
+
141
+ ipsec tunnel 102
142
+
143
+ ipsec sa policy 102 2 esp 3des-cbc sha-hmac
144
+
145
+ ipsec ike keepalive use 2 off
146
+
147
+ ipsec ike local address 2 172.27.1.253
148
+
149
+ ipsec ike nat-traversal 2 on
150
+
151
+ ipsec ike remote address 2 any
152
+
153
+ ipsec ike license-key use 2 on
154
+
155
+ l2tp tunnel disconnect time off
156
+
157
+ l2tp keepalive use on 10 3
158
+
159
+ l2tp keepalive log on
160
+
161
+ l2tp syslog on
162
+
163
+ ip tunnel tcp mss limit auto
164
+
165
+ tunnel enable 2
166
+
167
+ tunnel select 3
168
+
169
+ tunnel encapsulation l2tp
170
+
171
+ ipsec tunnel 103
172
+
173
+ ipsec sa policy 103 3 esp 3des-cbc sha-hmac
174
+
175
+ ipsec ike keepalive use 3 off
176
+
177
+ ipsec ike local address 3 172.27.1.253
178
+
179
+ ipsec ike nat-traversal 3 on
180
+
181
+ ipsec ike remote address 3 any
182
+
183
+ ipsec ike license-key use 3 on
184
+
185
+ l2tp tunnel disconnect time off
186
+
187
+ l2tp keepalive use on 10 3
188
+
189
+ l2tp keepalive log on
190
+
191
+ l2tp syslog on
192
+
193
+ ip tunnel tcp mss limit auto
194
+
195
+ tunnel enable 3
196
+
197
+ tunnel select 4
198
+
199
+ tunnel encapsulation l2tp
200
+
201
+ ipsec tunnel 104
202
+
203
+ ipsec sa policy 104 4 esp 3des-cbc sha-hmac
204
+
205
+ ipsec ike keepalive use 4 off
206
+
207
+ ipsec ike local address 4 172.27.1.253
208
+
209
+ ipsec ike nat-traversal 4 on
210
+
211
+ ipsec ike remote address 4 any
212
+
213
+ ipsec ike license-key use 4 on
214
+
215
+ l2tp tunnel disconnect time off
216
+
217
+ l2tp keepalive use on 10 3
218
+
219
+ l2tp keepalive log on
220
+
221
+ l2tp syslog on
222
+
223
+ ip tunnel tcp mss limit auto
224
+
225
+ tunnel enable 4
226
+
227
+ tunnel select 5
228
+
229
+ tunnel encapsulation l2tp
230
+
231
+ ipsec tunnel 105
232
+
233
+ ipsec sa policy 105 5 esp 3des-cbc sha-hmac
234
+
235
+ ipsec ike keepalive use 5 off
236
+
237
+ ipsec ike local address 5 172.27.1.253
238
+
239
+ ipsec ike nat-traversal 5 on
240
+
241
+ ipsec ike remote address 5 any
242
+
243
+ ipsec ike license-key use 5 on
244
+
245
+ l2tp tunnel disconnect time off
246
+
247
+ l2tp keepalive use on 10 3
248
+
249
+ l2tp keepalive log on
250
+
251
+ l2tp syslog on
252
+
253
+ ip tunnel tcp mss limit auto
254
+
255
+ tunnel enable 5
256
+
257
+ tunnel select 6
258
+
259
+ tunnel encapsulation l2tp
260
+
261
+ ipsec tunnel 106
262
+
263
+ ipsec sa policy 106 6 esp 3des-cbc sha-hmac
264
+
265
+ ipsec ike keepalive use 6 off
266
+
267
+ ipsec ike local address 6 172.27.1.253
268
+
269
+ ipsec ike nat-traversal 6 on
270
+
271
+ ipsec ike remote address 6 any
272
+
273
+ ipsec ike license-key use 6 on
274
+
275
+ l2tp tunnel disconnect time off
276
+
277
+ l2tp keepalive use on 10 3
278
+
279
+ l2tp keepalive log on
280
+
281
+ l2tp syslog on
282
+
283
+ ip tunnel tcp mss limit auto
284
+
285
+ tunnel enable 6
286
+
287
+ tunnel select 7
288
+
289
+ tunnel encapsulation l2tpv3
290
+
291
+ tunnel endpoint address 172.27.1.253 (拠点BのグローバルIP)
292
+
293
+ ipsec tunnel 107
294
+
295
+ ipsec sa policy 107 7 esp aes-cbc sha-hmac
296
+
297
+ ipsec ike keepalive log 7 on
298
+
299
+ ipsec ike keepalive use 7 on
300
+
301
+ ipsec ike local address 7 172.27.1.253
302
+
303
+ ipsec ike pre-shared-key 7 text (事前共有鍵①)
304
+
305
+ ipsec ike remote address 7 (拠点BのグローバルIP)
306
+
307
+ l2tp always-on on
308
+
309
+ l2tp hostname surluster
310
+
311
+ l2tp tunnel auth on (L2TP トンネル認証に用いるパスワード①)
312
+
313
+ l2tp tunnel disconnect time off
314
+
315
+ l2tp keepalive use on 60 3
316
+
317
+ l2tp keepalive log on
318
+
319
+ l2tp syslog on
320
+
321
+ l2tp local router-id 172.27.1.253
322
+
323
+ l2tp remote router-id 172.27.1.254
324
+
325
+ l2tp remote end-id A
326
+
327
+ tunnel enable 7
328
+
329
+ tunnel select 8
330
+
331
+ tunnel encapsulation l2tp
332
+
333
+ ipsec tunnel 108
334
+
335
+ ipsec sa policy 108 8 esp aes-cbc sha-hmac
336
+
337
+ ipsec ike keepalive use 8 off
338
+
339
+ ipsec ike nat-traversal 8 on
340
+
341
+ ipsec ike pre-shared-key 8 text (事前共有鍵)
342
+
343
+ ipsec ike remote address 8 any
344
+
345
+ l2tp tunnel disconnect time off
346
+
347
+ l2tp keepalive use on 10 3
348
+
349
+ l2tp keepalive log on
350
+
351
+ l2tp syslog on
352
+
353
+ ip tunnel tcp mss limit auto
354
+
355
+ tunnel enable 8
356
+
357
+ tunnel select 9
358
+
359
+ tunnel encapsulation l2tp
360
+
361
+ ipsec tunnel 109
362
+
363
+ ipsec sa policy 109 9 esp aes-cbc sha-hmac
364
+
365
+ ipsec ike keepalive use 9 off
366
+
367
+ ipsec ike nat-traversal 9 on
368
+
369
+ ipsec ike pre-shared-key 9 text (事前共有鍵)
370
+
371
+ ipsec ike remote address 9 any
372
+
373
+ l2tp tunnel disconnect time off
374
+
375
+ l2tp keepalive use on 10 3
376
+
377
+ l2tp keepalive log on
378
+
379
+ l2tp syslog on
380
+
381
+ ip tunnel tcp mss limit auto
382
+
383
+ tunnel enable 9
384
+
385
+ ip filter 10 reject * 172.27.2.0/24 * * *
386
+
387
+ ip filter 11 reject * 172.27.1.0/24 * * *
388
+
389
+ ip filter 99 pass * * * * *
390
+
391
+ ip filter 1010 reject * * udp,tcp 135 *
392
+
393
+ ip filter 1011 reject * * udp,tcp * 135
394
+
395
+ ip filter 1012 reject * * udp,tcp netbios_ns-netbios_ssn *
396
+
397
+ ip filter 1013 reject * * udp,tcp * netbios_ns-netbios_ssn
398
+
399
+ ip filter 1014 reject * * udp,tcp 445 *
400
+
401
+ ip filter 1015 reject * * udp,tcp * 445
402
+
403
+ ip filter 1020 reject 172.27.1.0/24 *
404
+
405
+ ip filter 1030 pass * 172.27.1.0/24 icmp
406
+
407
+ ip filter 1040 pass * 172.27.1.253 udp * 500
408
+
409
+ ip filter 1041 pass * 172.27.1.253 udp * 4500
410
+
411
+ ip filter 1042 pass * 172.27.1.253 esp
412
+
413
+ ip filter 1043 pass * 172.27.1.254 udp * 500
414
+
415
+ ip filter 1044 pass * 172.27.1.254 udp * 4500
416
+
417
+ ip filter 1045 pass * 172.27.1.254 esp
418
+
419
+ ip filter 2000 reject * *
420
+
421
+ ip filter 3000 pass * *
422
+
423
+ ip filter dynamic 100 * * ftp
424
+
425
+ ip filter dynamic 101 * * www
426
+
427
+ ip filter dynamic 102 * * domain
428
+
429
+ ip filter dynamic 103 * * smtp
430
+
431
+ ip filter dynamic 104 * * pop3
432
+
433
+ ip filter dynamic 105 * * imap
434
+
435
+ ip filter dynamic 106 * * netmeeting
436
+
437
+ ip filter dynamic 107 * * tcp
438
+
439
+ ip filter dynamic 108 * * udp
440
+
441
+ ip filter dynamic 109 * * submission
442
+
443
+ nat descriptor type 1 masquerade
444
+
445
+ nat descriptor address outer 1 (拠点AのグローバルIP)
446
+
447
+ nat descriptor masquerade static 1 1 172.27.1.253 esp
448
+
449
+ nat descriptor masquerade static 1 2 172.27.1.253 udp 500
450
+
451
+ nat descriptor masquerade static 1 3 172.27.1.253 udp 4500
452
+
453
+ ipsec auto refresh on
454
+
455
+ ipsec ike license-key 1 (ライセンスキー)
456
+
457
+ ipsec transport 1 101 udp 1701
458
+
459
+ ipsec transport 2 102 udp 1701
460
+
461
+ ipsec transport 3 103 udp 1701
462
+
463
+ ipsec transport 4 104 udp 1701
464
+
465
+ ipsec transport 5 105 udp 1701
466
+
467
+ ipsec transport 6 106 udp 1701
468
+
469
+ ipsec transport 7 107 udp 1701
470
+
471
+ ipsec transport 8 108 udp 1701
472
+
473
+ ipsec transport 9 109 udp 1701
474
+
475
+ dhcp service server
476
+
477
+ dhcp server rfc2131 compliant except remain-silent
478
+
479
+ dhcp scope 1 172.27.1.2-172.27.1.191/24
480
+
481
+ dns server (拠点AのDNS① 拠点AのDNS②)
482
+
483
+ dns private address spoof on
484
+
485
+ l2tp service on
486
+
487
+ httpd host any
488
+
489
+ dashboard accumulate traffic on