Aws:Site-to-SiteVPN:InternetVPN-RouterSettings
2.InternetVPN-ルータ設定
ルータのコンフィグ
環境は壊しているので、ほぼそのまま載せています。
グローバルIPとかプロバイダのID/PASS等は、自身の環境に合わせてください。
ルータのコンフィグ詳細
version 15.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime year service timestamps log datetime localtime year service password-encryption service sequence-numbers ! hostname Router ! boot-start-marker boot-end-marker ! aqm-register-fnf ! logging buffered 512000 ! no aaa new-model memory-size iomem 15 clock timezone JST 9 0 clock calendar-valid ! ip dhcp pool local network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 dns-server 8.8.8.8 lease 0 12 ! no ip bootp server no ip domain lookup ip cef no ipv6 cef ! multilink bundle-name authenticated ! crypto keyring keyring-vpn-0ada7a730210c6111-1 local-address [グローバルIP] pre-shared-key address 54.150.123.186 key q9ZYd6cgI0lJ2H.a3.W5JbPtULcmVudb crypto keyring keyring-vpn-0ada7a730210c6111-0 local-address [グローバルIP] pre-shared-key address 13.114.74.240 key 61UDVs4fNMCf7o8SAxFFafpSottRt9lP ! crypto isakmp policy 200 encr aes authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 201 encr aes authentication pre-share group 2 lifetime 28800 crypto isakmp keepalive 10 10 crypto isakmp profile isakmp-vpn-0ada7a730210c6111-0 keyring keyring-vpn-0ada7a730210c6111-0 match identity address 13.114.74.240 255.255.255.255 local-address [グローバルIP] crypto isakmp profile isakmp-vpn-0ada7a730210c6111-1 keyring keyring-vpn-0ada7a730210c6111-1 match identity address 54.150.123.186 255.255.255.255 local-address [グローバルIP] ! crypto ipsec security-association replay window-size 128 ! crypto ipsec transform-set ipsec-prop-vpn-0ada7a730210c6111-0 esp-aes esp-sha-hmac mode tunnel crypto ipsec transform-set ipsec-prop-vpn-0ada7a730210c6111-1 esp-aes esp-sha-hmac mode tunnel crypto ipsec df-bit clear ! ! crypto ipsec profile ipsec-vpn-0ada7a730210c6111-0 set transform-set ipsec-prop-vpn-0ada7a730210c6111-0 set pfs group2 ! crypto ipsec profile ipsec-vpn-0ada7a730210c6111-1 set transform-set ipsec-prop-vpn-0ada7a730210c6111-1 set pfs group2 ! interface Tunnel1 ip address 169.254.57.246 255.255.255.252 ip virtual-reassembly in ip tcp adjust-mss 1379 tunnel source [グローバルIP] tunnel mode ipsec ipv4 tunnel destination 13.114.74.240 tunnel protection ipsec profile ipsec-vpn-0ada7a730210c6111-0 ! interface Tunnel2 ip address 169.254.175.90 255.255.255.252 ip virtual-reassembly in ip tcp adjust-mss 1379 tunnel source [グローバルIP] tunnel mode ipsec ipv4 tunnel destination 54.150.123.186 tunnel protection ipsec profile ipsec-vpn-0ada7a730210c6111-1 ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0 no ip address spanning-tree portfast ! interface GigabitEthernet1 no ip address spanning-tree portfast ! interface GigabitEthernet2 no ip address spanning-tree portfast ! interface GigabitEthernet3 no ip address spanning-tree portfast ! interface GigabitEthernet4 no ip address spanning-tree portfast ! interface GigabitEthernet5 no ip address spanning-tree portfast ! interface GigabitEthernet6 no ip address spanning-tree portfast ! interface GigabitEthernet7 no ip address spanning-tree portfast ! interface GigabitEthernet8 no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Vlan1 ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Async3 no ip address encapsulation slip ! interface Dialer1 mtu 1454 bandwidth 1048576 ip address negotiated ip access-group 100 in ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1414 dialer pool 1 dialer-group 1 ppp mtu adaptive ppp authentication chap callin ppp chap hostname [プロバイダのID] ppp chap password [プロバイダのPASS] no cdp enable ! router bgp 65000 bgp log-neighbor-changes neighbor 169.254.57.245 remote-as 64512 neighbor 169.254.57.245 timers 10 30 30 neighbor 169.254.175.89 remote-as 64512 neighbor 169.254.175.89 timers 10 30 30 ! address-family ipv4 network 0.0.0.0 neighbor 169.254.57.245 activate neighbor 169.254.57.245 default-originate neighbor 169.254.57.245 soft-reconfiguration inbound neighbor 169.254.175.89 activate neighbor 169.254.175.89 default-originate neighbor 169.254.175.89 soft-reconfiguration inbound exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ! dialer-list 1 protocol ip permit no cdp run ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 deny tcp any any range 137 139 access-list 100 deny tcp any range 137 139 any access-list 100 deny udp any any range netbios-ns netbios-ss access-list 100 deny udp any range netbios-ns netbios-ss any access-list 100 deny tcp any any eq 445 access-list 100 deny tcp any eq 445 any access-list 100 deny udp any any eq 445 access-list 100 deny udp any eq 445 any access-list 100 deny tcp any any eq telnet access-list 100 deny tcp any any eq bgp access-list 100 permit esp any any access-list 100 permit udp any any eq isakmp access-list 100 permit udp any any eq non500-isakmp access-list 100 permit ip any any ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! line con 0 exec-timeout 0 0 no modem enable line aux 0 line 3 modem InOut speed 115200 flowcontrol hardware line vty 0 4 exec-timeout 0 0 password [PASS] login transport input all ! scheduler allocate 20000 1000 ! end
Aws/Site-to-SiteVPN/InternetVPN-RouterSettings.txt · 最終更新: 2021/02/14 by 127.0.0.1
コメント