Aws:Site-to-SiteVPN:InternetVPN-RouterSettings
2.InternetVPN-ルータ設定
ルータのコンフィグ
環境は壊しているので、ほぼそのまま載せています。
グローバルIPとかプロバイダのID/PASS等は、自身の環境に合わせてください。
ルータのコンフィグ詳細
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 |
version 15.3 no service pad service tcp-keepalives- in service tcp-keepalives-out service timestamps debug datetime localtime year service timestamps log datetime localtime year service password-encryption service sequence-numbers ! hostname Router ! boot-start-marker boot-end-marker ! aqm-register-fnf ! logging buffered 512000 ! no aaa new-model memory-size iomem 15 clock timezone JST 9 0 clock calendar-valid ! ip dhcp pool local network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 dns-server 8.8.8.8 lease 0 12 ! no ip bootp server no ip domain lookup ip cef no ipv6 cef ! multilink bundle-name authenticated ! crypto keyring keyring-vpn-0ada7a730210c6111-1 local -address [グローバルIP] pre-shared-key address 54.150.123.186 key q9ZYd6cgI0lJ2H.a3.W5JbPtULcmVudb crypto keyring keyring-vpn-0ada7a730210c6111-0 local -address [グローバルIP] pre-shared-key address 13.114.74.240 key 61UDVs4fNMCf7o8SAxFFafpSottRt9lP ! crypto isakmp policy 200 encr aes authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 201 encr aes authentication pre-share group 2 lifetime 28800 crypto isakmp keepalive 10 10 crypto isakmp profile isakmp-vpn-0ada7a730210c6111-0 keyring keyring-vpn-0ada7a730210c6111-0 match identity address 13.114.74.240 255.255.255.255 local -address [グローバルIP] crypto isakmp profile isakmp-vpn-0ada7a730210c6111-1 keyring keyring-vpn-0ada7a730210c6111-1 match identity address 54.150.123.186 255.255.255.255 local -address [グローバルIP] ! crypto ipsec security-association replay window-size 128 ! crypto ipsec transform- set ipsec-prop-vpn-0ada7a730210c6111-0 esp-aes esp-sha-hmac mode tunnel crypto ipsec transform- set ipsec-prop-vpn-0ada7a730210c6111-1 esp-aes esp-sha-hmac mode tunnel crypto ipsec df -bit clear ! ! crypto ipsec profile ipsec-vpn-0ada7a730210c6111-0 set transform- set ipsec-prop-vpn-0ada7a730210c6111-0 set pfs group2 ! crypto ipsec profile ipsec-vpn-0ada7a730210c6111-1 set transform- set ipsec-prop-vpn-0ada7a730210c6111-1 set pfs group2 ! interface Tunnel1 ip address 169.254.57.246 255.255.255.252 ip virtual-reassembly in ip tcp adjust-mss 1379 tunnel source [グローバルIP] tunnel mode ipsec ipv4 tunnel destination 13.114.74.240 tunnel protection ipsec profile ipsec-vpn-0ada7a730210c6111-0 ! interface Tunnel2 ip address 169.254.175.90 255.255.255.252 ip virtual-reassembly in ip tcp adjust-mss 1379 tunnel source [グローバルIP] tunnel mode ipsec ipv4 tunnel destination 54.150.123.186 tunnel protection ipsec profile ipsec-vpn-0ada7a730210c6111-1 ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0 no ip address spanning-tree portfast ! interface GigabitEthernet1 no ip address spanning-tree portfast ! interface GigabitEthernet2 no ip address spanning-tree portfast ! interface GigabitEthernet3 no ip address spanning-tree portfast ! interface GigabitEthernet4 no ip address spanning-tree portfast ! interface GigabitEthernet5 no ip address spanning-tree portfast ! interface GigabitEthernet6 no ip address spanning-tree portfast ! interface GigabitEthernet7 no ip address spanning-tree portfast ! interface GigabitEthernet8 no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Vlan1 ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Async3 no ip address encapsulation slip ! interface Dialer1 mtu 1454 bandwidth 1048576 ip address negotiated ip access-group 100 in ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1414 dialer pool 1 dialer-group 1 ppp mtu adaptive ppp authentication chap callin ppp chap hostname [プロバイダのID] ppp chap password [プロバイダのPASS] no cdp enable ! router bgp 65000 bgp log-neighbor-changes neighbor 169.254.57.245 remote-as 64512 neighbor 169.254.57.245 timers 10 30 30 neighbor 169.254.175.89 remote-as 64512 neighbor 169.254.175.89 timers 10 30 30 ! address-family ipv4 network 0.0.0.0 neighbor 169.254.57.245 activate neighbor 169.254.57.245 default-originate neighbor 169.254.57.245 soft-reconfiguration inbound neighbor 169.254.175.89 activate neighbor 169.254.175.89 default-originate neighbor 169.254.175.89 soft-reconfiguration inbound exit -address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ! dialer-list 1 protocol ip permit no cdp run ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 deny tcp any any range 137 139 access-list 100 deny tcp any range 137 139 any access-list 100 deny udp any any range netbios-ns netbios-ss access-list 100 deny udp any range netbios-ns netbios-ss any access-list 100 deny tcp any any eq 445 access-list 100 deny tcp any eq 445 any access-list 100 deny udp any any eq 445 access-list 100 deny udp any eq 445 any access-list 100 deny tcp any any eq telnet access-list 100 deny tcp any any eq bgp access-list 100 permit esp any any access-list 100 permit udp any any eq isakmp access-list 100 permit udp any any eq non500-isakmp access-list 100 permit ip any any ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! line con 0 exec -timeout 0 0 no modem enable line aux 0 line 3 modem InOut speed 115200 flowcontrol hardware line vty 0 4 exec -timeout 0 0 password [PASS] login transport input all ! scheduler allocate 20000 1000 ! end |
Aws/Site-to-SiteVPN/InternetVPN-RouterSettings.txt · 最終更新: 2021/02/14 by 127.0.0.1
コメント