本社プライオ(IPsec用ルータ)
console prompt honsya
ip route default gateway 192.168.10.100
ip route 10.10.20.2 gateway 10.10.10.1
ip route 192.168.20.0/24 gateway tunnel 1
ip lan1 address 192.168.10.254/24
ip lan2 address 10.10.10.2/30
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 10.10.10.2
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text <パスワード>
ipsec ike remote address 1 10.10.20.2
ip tunnel tcp mss limit auto
tunnel enable 1
nat descriptor type 1000 masquerade
nat descriptor masquerade static 1000 1 192.168.10.254 udp 500
nat descriptor masquerade static 1000 2 192.168.10.254 esp
nat descriptor masquerade static 1000 3 192.168.10.254 udp 4500
nat descriptor type 1100 masquerade
nat descriptor masquerade static 1100 1 192.168.10.254 udp 500
nat descriptor masquerade static 1100 2 192.168.10.254 esp
nat descriptor masquerade static 1100 3 192.168.10.254 udp 4500
ipsec auto refresh on
telnetd host lan
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.10.1-192.168.10.253/24
dns host lan1
dns server 192.168.10.100
dns private address spoof on
ip route default gateway 192.168.10.100
ip route 10.10.20.2 gateway 10.10.10.1
ip route 192.168.20.0/24 gateway tunnel 1
ip lan1 address 192.168.10.254/24
ip lan2 address 10.10.10.2/30
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 10.10.10.2
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text <パスワード>
ipsec ike remote address 1 10.10.20.2
ip tunnel tcp mss limit auto
tunnel enable 1
nat descriptor type 1000 masquerade
nat descriptor masquerade static 1000 1 192.168.10.254 udp 500
nat descriptor masquerade static 1000 2 192.168.10.254 esp
nat descriptor masquerade static 1000 3 192.168.10.254 udp 4500
nat descriptor type 1100 masquerade
nat descriptor masquerade static 1100 1 192.168.10.254 udp 500
nat descriptor masquerade static 1100 2 192.168.10.254 esp
nat descriptor masquerade static 1100 3 192.168.10.254 udp 4500
ipsec auto refresh on
telnetd host lan
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.10.1-192.168.10.253/24
dns host lan1
dns server 192.168.10.100
dns private address spoof on
本社プライオ(ネット用ルータ)
console prompt honsya_NET
ip route default gateway pp 1
ip route 10.10.20.0 gateway 192.168.10.254
ip route 192.168.20.0/24 gateway 192.168.10.254
ip lan1 address 192.168.10.100/24
pp select 1
pp keepalive interval 30 retry-interval=30 count=12
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <ISPアカウント名> <ISPパスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp nat descriptor 1000
pp enable 1
nat descriptor type 1000 masquerade
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.100.2-192.168.100.191/24
dns server pp 1
ip route default gateway pp 1
ip route 10.10.20.0 gateway 192.168.10.254
ip route 192.168.20.0/24 gateway 192.168.10.254
ip lan1 address 192.168.10.100/24
pp select 1
pp keepalive interval 30 retry-interval=30 count=12
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <ISPアカウント名> <ISPパスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp nat descriptor 1000
pp enable 1
nat descriptor type 1000 masquerade
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.100.2-192.168.100.191/24
dns server pp 1
子拠点プライオ(IPsec)
console lines infinity
ip route default gateway tunnel 1
ip route 10.10.10.2 gateway 10.10.20.1
ip route 192.168.10.0/24 gateway tunnel 1
ip lan1 address 192.168.20.254/24
ip lan2 address 10.10.20.2/30
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 10.10.20.2
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text (パスワード)
ipsec ike remote address 1 10.10.10.2
ip tunnel tcp mss limit auto
tunnel enable 1
ipsec auto refresh on
telnetd host lan
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.20.1-192.168.20.253/24
dns server 192.168.10.100
dns private address spoof on
ip route default gateway tunnel 1
ip route 10.10.10.2 gateway 10.10.20.1
ip route 192.168.10.0/24 gateway tunnel 1
ip lan1 address 192.168.20.254/24
ip lan2 address 10.10.20.2/30
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 10.10.20.2
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text (パスワード)
ipsec ike remote address 1 10.10.10.2
ip tunnel tcp mss limit auto
tunnel enable 1
ipsec auto refresh on
telnetd host lan
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.20.1-192.168.20.253/24
dns server 192.168.10.100
dns private address spoof on
