# # VPN接続先との通信 (YMS-VPN8同時接続ライセンス版を利用) + VPN経由インターネット接続 : コマンド設定 # # # 本社 ルーター # # # ゲートウェイの設定 # ip route default gateway pp 1 # # LANインターフェースの設定 # ip lan1 address 192.168.100.1/24 ip lan1 proxyarp on # # WANインターフェースの設定 # pp select 1 pp always-on on pppoe use lan2 pp auth accept pap chap pp auth myname (ISPに接続するID) (ISPに接続するパスワード) ppp lcp mru on 1454 ppp ipcp msext on ppp ccp type none ip pp address (固定グローバルIPアドレス) ip pp mtu 1454 ip pp secure filter in 1020 1030 1040 1041 1042 2000 ip pp secure filter out 1010 1011 1012 1013 1014 1015 3000 dynamic 100 101 102 103 104 105 106 107 ip pp nat descriptor 1 pp enable 1 # # L2TP接続を受け入れるための設定 # pp select anonymous pp bind tunnel1-tunnel10 pp auth request mschap-v2 pp auth username (YMS-VPN8で使用するユーザー名1) (YMS-VPN8で使用するパスワード1) pp auth username (YMS-VPN8で使用するユーザー名2) (YMS-VPN8で使用するパスワード2) pp auth username (YMS-VPN8で使用するユーザー名3) (YMS-VPN8で使用するパスワード3) pp auth username (YMS-VPN8で使用するユーザー名4) (YMS-VPN8で使用するパスワード4) pp auth username (YMS-VPN8で使用するユーザー名5) (YMS-VPN8で使用するパスワード5) pp auth username (YMS-VPN8で使用するユーザー名6) (YMS-VPN8で使用するパスワード6) pp auth username (YMS-VPN8で使用するユーザー名7) (YMS-VPN8で使用するパスワード7) pp auth username (YMS-VPN8で使用するユーザー名8) (YMS-VPN8で使用するパスワード8) pp auth username (YMS-VPN8で使用するユーザー名9) (YMS-VPN8で使用するパスワード9) pp auth username (YMS-VPN8で使用するユーザー名10) (YMS-VPN8で使用するパスワード10) ppp ipcp ipaddress on ppp ipcp msext on ip pp remote address pool 192.168.100.200-192.168.100.210 ip pp mtu 1258 pp enable anonymous l2tp service on ipsec ike license-key 1 (YMS-VPN8同時接続ライセンス版のライセンスキー) # # L2TP接続で使用するトンネルの設定1 # tunnel select 1 tunnel encapsulation l2tp ipsec tunnel 101 ipsec sa policy 101 1 esp aes-cbc sha-hmac ipsec ike keepalive use 1 off ipsec ike local address 1 192.168.100.1 ipsec ike nat-traversal 1 on ipsec ike remote address 1 any ipsec ike license-key use 1 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 1 # # L2TP接続で使用するトンネルの設定2 # tunnel select 2 tunnel encapsulation l2tp ipsec tunnel 102 ipsec sa policy 102 2 esp aes-cbc sha-hmac ipsec ike keepalive use 2 off ipsec ike local address 2 192.168.100.1 ipsec ike nat-traversal 2 on ipsec ike remote address 2 any ipsec ike license-key use 2 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 2 # # L2TP接続で使用するトンネルの設定3 # tunnel select 3 tunnel encapsulation l2tp ipsec tunnel 103 ipsec sa policy 103 3 esp aes-cbc sha-hmac ipsec ike keepalive use 3 off ipsec ike local address 3 192.168.100.1 ipsec ike nat-traversal 3 on ipsec ike remote address 3 any ipsec ike license-key use 3 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 3 # # L2TP接続で使用するトンネルの設定4 # tunnel select 4 tunnel encapsulation l2tp ipsec tunnel 104 ipsec sa policy 104 4 esp aes-cbc sha-hmac ipsec ike keepalive use 4 off ipsec ike local address 4 192.168.100.1 ipsec ike nat-traversal 4 on ipsec ike remote address 4 any ipsec ike license-key use 4 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 4 # # L2TP接続で使用するトンネルの設定5 # tunnel select 5 tunnel encapsulation l2tp ipsec tunnel 105 ipsec sa policy 105 5 esp aes-cbc sha-hmac ipsec ike keepalive use 5 off ipsec ike local address 5 192.168.100.1 ipsec ike nat-traversal 5 on ipsec ike remote address 5 any ipsec ike license-key use 5 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 5 # # L2TP接続で使用するトンネルの設定6 # tunnel select 6 tunnel encapsulation l2tp ipsec tunnel 106 ipsec sa policy 106 6 esp aes-cbc sha-hmac ipsec ike keepalive use 6 off ipsec ike local address 6 192.168.100.1 ipsec ike nat-traversal 6 on ipsec ike remote address 6 any ipsec ike license-key use 6 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 6 # # L2TP接続で使用するトンネルの設定7 # tunnel select 7 tunnel encapsulation l2tp ipsec tunnel 107 ipsec sa policy 107 7 esp aes-cbc sha-hmac ipsec ike keepalive use 7 off ipsec ike local address 7 192.168.100.1 ipsec ike nat-traversal 7 on ipsec ike remote address 7 any ipsec ike license-key use 7 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 7 # # L2TP接続で使用するトンネルの設定8 # tunnel select 8 tunnel encapsulation l2tp ipsec tunnel 108 ipsec sa policy 108 8 esp aes-cbc sha-hmac ipsec ike keepalive use 8 off ipsec ike local address 8 192.168.100.1 ipsec ike nat-traversal 8 on ipsec ike remote address 8 any ipsec ike license-key use 8 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 8 # # L2TP接続で使用するトンネルの設定9 # tunnel select 9 tunnel encapsulation l2tp ipsec tunnel 109 ipsec sa policy 109 9 esp aes-cbc sha-hmac ipsec ike keepalive use 9 off ipsec ike local address 9 192.168.100.1 ipsec ike nat-traversal 9 on ipsec ike remote address 9 any ipsec ike license-key use 9 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 9 # # L2TP接続で使用するトンネルの設定10 # tunnel select 10 tunnel encapsulation l2tp ipsec tunnel 110 ipsec sa policy 110 10 esp aes-cbc sha-hmac ipsec ike keepalive use 10 off ipsec ike local address 10 192.168.100.1 ipsec ike nat-traversal 10 on ipsec ike remote address 10 any ipsec ike license-key use 10 on l2tp tunnel disconnect time off l2tp keepalive use on 10 3 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 10 # # IPsecのトランスポートモード設定 # ipsec transport 1 101 udp 1701 ipsec transport 2 102 udp 1701 ipsec transport 3 103 udp 1701 ipsec transport 4 104 udp 1701 ipsec transport 5 105 udp 1701 ipsec transport 6 106 udp 1701 ipsec transport 7 107 udp 1701 ipsec transport 8 108 udp 1701 ipsec transport 9 109 udp 1701 ipsec transport 10 110 udp 1701 ipsec auto refresh on # # フィルターの設定 # ip filter source-route on ip filter directed-broadcast on ip filter 1010 reject * * udp,tcp 135 * ip filter 1011 reject * * udp,tcp * 135 ip filter 1012 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 1013 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 1014 reject * * udp,tcp 445 * ip filter 1015 reject * * udp,tcp * 445 ip filter 1020 reject 192.168.100.0/24 * ip filter 1030 pass * 192.168.100.0/24 icmp ip filter 1040 pass * 192.168.100.1 udp * 500 ip filter 1041 pass * 192.168.100.1 udp * 4500 ip filter 1042 pass * 192.168.100.1 esp ip filter 2000 reject * * ip filter 3000 pass * * ip filter dynamic 100 * * ftp ip filter dynamic 101 * * www ip filter dynamic 102 * * domain ip filter dynamic 103 * * smtp ip filter dynamic 104 * * pop3 ip filter dynamic 105 * * submission ip filter dynamic 106 * * tcp ip filter dynamic 107 * * udp # # NATの設定 # nat descriptor type 1 masquerade nat descriptor masquerade static 1 1 192.168.100.1 esp nat descriptor masquerade static 1 2 192.168.100.1 udp 500 nat descriptor masquerade static 1 3 192.168.100.1 udp 4500 # # DNSの設定 # dns server (ISPより指定されたDNSサーバーのIPアドレス) dns private address spoof on # # DHCPの設定 # dhcp scope 1 192.168.100.2-192.168.100.191/24 dhcp server rfc2131 compliant except remain-silent dhcp service server