ヤマハ
(Yamaha)
RT105e
Rev.6.03.34
|
ip lan1 address 192.168.20.254/24
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname site-b@domain.co.jp isp-pass-b
ppp lcp mru on 1454
ppp ccp type none
ip pp address 172.16.2.200/32
ip pp mtu 1454
ip pp nat descriptor 1
pp enable 1
tunnel select 1
ipsec tunnel 101
tunnel enable 1
ip route 192.168.10.0/24 gateway tunnel 1
ip route default gateway pp 1
nat descriptor type 1 masquerade
nat descriptor address outer 1 172.16.2.200
nat descriptor address inner 1 192.168.20.1-192.168.20.254
nat descriptor masquerade static 1 1 192.168.20.254 udp 500
nat descriptor masquerade static 1 2 192.168.20.254 esp
ipsec use on
ipsec auto refresh on
ipsec ike always-on 1 on
ipsec ike duration ipsec-sa 1 28800
ipsec ike duration isakmp-sa 1 28800
ipsec ike encryption 1 des-cbc
ipsec ike group 1 modp1024
ipsec ike hash 1 md5
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 off
ipsec ike local address 1 172.16.2.200
ipsec ike local id 1 192.168.20.0/24
ipsec ike log 1 key-info message-info payload-info
ipsec ike payload type 1 2
ipsec ike pre-shared-key 1 text ipsec_pass
ipsec ike remote address 1 172.16.1.100
ipsec ike remote id 1 192.168.10.0/24
ipsec sa policy 101 1 esp des-cbc sha-hmac save
|
Fujitu
Si-R 180
V33.02
|
switch 0 use on
lan 0 mode auto
lan 0 ip dhcp service off
lan 0 ip dhcp info time 0s
lan 0 ip rip use off off 0 off
lan 0 ip nat mode off
lan 1 mode auto
lan 1 ip address 192.168.20.254/24 3
lan 1 vlan bind switch 0
lan 1 ip dhcp service off
lan 1 ip dhcp info dns 0.0.0.0
lan 1 ip dhcp info address 0.0.0.0/0
lan 1 ip dhcp info time 0s
lan 1 ip dhcp info gateway 0.0.0.0
remote 0 name ISP
remote 0 mtu 1454
remote 0 ap 0 name pppoe
remote 0 ap 0 datalink bind lan 0
remote 0 ap 0 ppp auth send site-b@domain.co.jp isp-pass-b
remote 0 ap 0 keep connect
remote 0 ppp ipcp vjcomp disable
remote 0 ip address local 172.16.2.200
remote 0 ip route 0 default 1 0
remote 0 ip nat mode multi any 1 5m
remote 0 ip nat static 0 172.16.2.200 500 any 500 17
remote 0 ip nat static 1 172.16.2.200 any any any 50
remote 0 ip msschange 1414
remote 1 name vpn1
remote 1 ap 0 name ipsec
remote 1 ap 0 datalink type ipsec
remote 1 ap 0 ipsec type ike
remote 1 ap 0 ipsec ike protocol esp
remote 1 ap 0 ipsec ike range 192.168.20.0/24 192.168.10.0/24
remote 1 ap 0 ipsec ike encrypt des-cbc
remote 1 ap 0 ipsec ike auth hmac-sha1
remote 1 ap 0 ike mode main
remote 1 ap 0 ike shared key text ipsec_pass
remote 1 ap 0 ike proposal 0 encrypt des-cbc
remote 1 ap 0 ike proposal 0 pfs modp1024
remote 1 ap 0 tunnel local 172.16.2.200
remote 1 ap 0 tunnel remote 172.16.1.100
remote 1 ip route 0 192.168.10.0/24 1 0
remote 1 ip msschange 1300
syslog facility 23
time auto server 0.0.0.0 dhcp
time zone 0900
consoleinfo autologout 8h
telnetinfo autologout 5m
terminal pager enable
terminal charset SJIS
alias history "show logging command brief"
save
|
FURUKAWA
FITELnet-F100
(V02.07.xx)
|
ip route 0.0.0.0 0.0.0.0 pppoe 1
!
access-list 1 permit 192.168.20.0 0.0.0.255
!
vpn enable
vpnlog enable
!
ipsec access-list 1 ipsec ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
ipsec access-list 64 bypass ip any any
ipsec transform-set p1-policy esp-des esp-sha-hmac
!
!
mss ipsecif 1 1300
mss ipsec 1300
!
!
interface lan 1
ip address 192.168.20.254 255.255.255.0
exit
interface pppoe 1
crypto map vpn
ip address 172.16.2.200
ip nat inside source list 1 interface
pppoe server ISP-A
pppoe account site-b@domain.co.jp isp-pass-b
pppoe type host
exit
!
!
crypto isakmp policy 1
authentication prekey
encryption des
group 2
hash md5
key ascii ipsec_pass
lifetime 1000
my-identity 192.168.20.254
negotiation-mode main
peer-identity address 172.16.1.100
exit
crypto map vpn 1
match address 1
set peer address 172.16.1.100
set security-association ipsec-src-id 192.168.20.0 0.0.0.255
set security-association lifetime seconds 600
set transform-set p1-policy
exit
crypto security-association
exit
!
end
save SIDE-A.cfg
|
Cisco
1812J
(IOS Version 15.1)
|
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid CISCO1812-J/K9 sn FHK10095188
!
crypto ikev2 diagnose error 50
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key ipsec_pass address 172.16.1.100
crypto isakmp keepalive 30
!
crypto ipsec transform-set IPSEC esp-des esp-sha-hmac
!
crypto map MAP-IPSEC 1 ipsec-isakmp
set peer 172.16.1.100
set transform-set IPSEC
match address 100
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
ip address 172.16.2.200 255.255.255.0
ip mtu 1454
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1414
load-interval 30
dialer pool 1
dialer-group 1
ppp chap refuse
ppp pap sent-username site-b@domain.co.jp password 0 isp-pass-b
no cdp enable
crypto map MAP-IPSEC
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map NO_NAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 100 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 105 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 105 permit ip 192.168.20.0 0.0.0.255 any
access-list 110 permit esp host 172.16.1.100 host 172.16.2.200
access-list 110 permit udp host 172.16.1.100 eq isakmp host 172.16.2.200
!
route-map NO_NAT permit 10
match ip address 105
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
end
write memory
|