RT105e

$CREATE 10/12/2002 by Mie Suemitsu
$LAST UPDATE 10/19/2002

YAMAHA RT105e のコンフィグレーションです
IPsec と NAT を設定しています

# RT105e Rev.6.02.16 (Tue Jan 8 20:43:36 2002)
# MAC Address : 00:a0:de:10:cc:a6, 00:a0:de:10:cc:a7
# Memory 16Mbytes, 2LAN
login password *
administrator password *
console character euc
ip lan1 address 210.xxx.xxx.xxx/24
ip lan1 secondary address 192.168.1.1/24
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname USERID PASSWORD
ppp lcp mru on 1454
ppp ccp type none
ip pp mtu 1454
ip pp secure filter in 10 11 12 13 14 15 17 18 19 20 21 22 23 24
ip pp nat descriptor 1
pp enable 1
tunnel select 1
ipsec tunnel 101
tunnel enable 1
ip route 192.168.0.0/24 gateway tunnel 1 ；VPN 相手のプライベートアドレス
ip route default gateway pp 1
ip filter source-route on
ip filter directed-broadcast on
ip filter 10 reject 210.xxx.xxx.xxx/24 * * * *
ip filter 11 pass * 210.xxx.xxx.xxx/24 icmp * *
ip filter 12 pass * 210.xxx.xxx.xxx/24 established * *
ip filter 13 pass * 210.xxx.xxx.xxx/24 tcp * ident
ip filter 14 pass * 210.xxx.xxx.xxx/24 tcp ftpdata *
ip filter 15 pass * 210.xxx.xxx.xxx udp domain *
ip filter 17 pass * 210.xxx.xxx.xxx tcp,udp * www,smtp,pop3,ftp
ip filter 18 pass * 210.xxx.xxx.xxx * * *
ip filter 19 pass * 210.xxx.xxx.xxx tcp,udp * smtp
ip filter 20 reject 192.168.1.0/24 * * * *
ip filter 21 pass * 192.168.1.0/24 icmp * *
ip filter 22 pass * 192.168.1.0/24 established * *
ip filter 23 pass * 192.168.1.0/24 tcp * ident
ip filter 24 pass * 192.168.1.0/24 tcp ftpdata *
nat descriptor type 1 masquerade
nat descriptor address outer 1 210.xxx.xxx.xxx
nat descriptor address inner 1 210.xxx.xxx.xxx 192.168.1.1-192.168.1.254
nat descriptor masquerade static 1 1 210.xxx.xxx.xxx udp 500
nat descriptor masquerade static 1 2 210.xxx.xxx.xxx esp
ipsec auto refresh on
ipsec ike pre-shared-key 1 TEXT PASSWORD
ipsec ike remote address 1 211.xxx.xxx.xxx ；VPN 相手のグローバルアドレス
ipsec sa policy 101 1 esp 3des-cbc md5-hmac
dns server 210.xxx.xxx.xxx 210.141.108.226

２拠点と VPN 接続する場合のコンフィグレーションです

# RT105e Rev.6.02.16 (Tue Jan 8 20:43:36 2002)
# MAC Address : 00:a0:de:10:cd:54, 00:a0:de:10:cd:55
# Memory 16Mbytes, 2LAN
login password *
administrator password *
console character euc
ip lan1 address 211.xxx.xxx.xxx/24
ip lan1 secondary address 192.168.0.1/24
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname USERID PASSWORD
ppp lcp mru on 1454
ppp ccp type none
ip pp mtu 1454
ip pp nat descriptor 1
pp enable 1
tunnel select 1
ipsec tunnel 101
tunnel enable 1
tunnel select 2
ipsec tunnel 102
tunnel enable 2
ip route 192.168.1.0/24 gateway tunnel 1　；拠点１のプライベートアドレス
ip route 192.168.2.0/24 gateway tunnel 2　；拠点２のプライベートアドレス
ip route default gateway pp 1
nat descriptor type 1 masquerade
nat descriptor address outer 1 211.xxx.xxx.xxx
nat descriptor address inner 1 211.xxx.xxx.xxx 192.168.0.1-192.168.0.254
nat descriptor masquerade static 1 1 211.xxx.xxx.xxx udp 500
nat descriptor masquerade static 1 2 211.xxx.xxx.xxx esp
ipsec auto refresh on
ipsec ike pre-shared-key 1 *
ipsec ike remote address 1 210.xxx.xxx.xxx　；拠点１のグローバルアドレス
ipsec ike pre-shared-key 2 *
ipsec ike remote address 2 210.xxx.xxx.xxx　；拠点２のグローバルアドレス
ipsec sa policy 101 1 esp 3des-cbc md5-hmac
ipsec sa policy 102 2 esp 3des-cbc md5-hmac
dns server 211.xxx.xxx.xxx 210.141.108.248

RT105e

YAMAHA RT105e のコンフィグレーションです IPsec と NAT を設定しています

２拠点と VPN 接続する場合のコンフィグレーションです

YAMAHA RT105e のコンフィグレーションです
IPsec と NAT を設定しています