VPNワイドLAN型IPSEC
親拠点
ip route default gateway pp 1
ip route 192.168.2.0/24 gateway tunnel 1
ip route 192.168.2.1 gateway pp 2
ip lan1 address 192.168.1.1/24
ip route 192.168.2.0/24 gateway tunnel 1
ip route 192.168.2.1 gateway pp 2
ip lan1 address 192.168.1.1/24
pp select 1
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <ISP情報> <パスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp nat descriptor 1000
pp enable 1
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <ISP情報> <パスワード>
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp nat descriptor 1000
pp enable 1
pp select 2
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <VPNワイドユーザー名> <パスワード>
ppp lcp mru on 1454
ppp ipcp msext on
ip pp address 192.168.1.1/32
pp enable 2
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <VPNワイドユーザー名> <パスワード>
ppp lcp mru on 1454
ppp ipcp msext on
ip pp address 192.168.1.1/32
pp enable 2
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 192.168.1.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text <共有キー>
ipsec ike remote address 1 192.168.2.1
ip tunnel tcp mss limit auto
tunnel enable 1
ipsec auto refresh on
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.1.2-192.168.1.191/24
dns host lan1
dns server pp 1
dns private address spoof on
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 192.168.1.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text <共有キー>
ipsec ike remote address 1 192.168.2.1
ip tunnel tcp mss limit auto
tunnel enable 1
ipsec auto refresh on
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.1.2-192.168.1.191/24
dns host lan1
dns server pp 1
dns private address spoof on
子拠点
ip route default gateway tunnel 1
ip route 192.168.1.1 gateway pp 1
ip lan1 address 192.168.2.1/24
pp select 1
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <VPNユーザー名> <VPNパスワード>
ppp lcp mru on 1454
ip pp address 192.168.2.1/32
pp enable 1
ip route 192.168.1.1 gateway pp 1
ip lan1 address 192.168.2.1/24
pp select 1
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname <VPNユーザー名> <VPNパスワード>
ppp lcp mru on 1454
ip pp address 192.168.2.1/32
pp enable 1
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 192.168.2.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text <共有キー>
ipsec ike remote address 1 192.168.1.1
ip tunnel tcp mss limit auto
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike local address 1 192.168.2.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text <共有キー>
ipsec ike remote address 1 192.168.1.1
ip tunnel tcp mss limit auto
tunnel enable 1
ipsec auto refresh on
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.2.2-192.168.2.191/24
dns server 219.103.130.56 8.8.8.8
dns private address spoof on
ipsec auto refresh on
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.2.2-192.168.2.191/24
dns server 219.103.130.56 8.8.8.8
dns private address spoof on
