三歩あるけば物も忘れる

お腹のお肉がメタボックル

ユーザ用ツール

サイト用ツール


Aws:Site-to-SiteVPN:InternetVPN-RouterSettings

2.InternetVPN-ルータ設定

ルータのコンフィグ

環境は壊しているので、ほぼそのまま載せています。
グローバルIPとかプロバイダのID/PASS等は、自身の環境に合わせてください。

ルータのコンフィグ詳細

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime year
service timestamps log datetime localtime year
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 512000
!
no aaa new-model
memory-size iomem 15
clock timezone JST 9 0
clock calendar-valid
!
ip dhcp pool local
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 8.8.8.8
 lease 0 12
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto keyring keyring-vpn-0ada7a730210c6111-1
  local-address [グローバルIP]
  pre-shared-key address 54.150.123.186 key q9ZYd6cgI0lJ2H.a3.W5JbPtULcmVudb
crypto keyring keyring-vpn-0ada7a730210c6111-0
  local-address [グローバルIP]
  pre-shared-key address 13.114.74.240 key 61UDVs4fNMCf7o8SAxFFafpSottRt9lP
!
crypto isakmp policy 200
 encr aes
 authentication pre-share
 group 2
 lifetime 28800
!
crypto isakmp policy 201
 encr aes
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp keepalive 10 10
crypto isakmp profile isakmp-vpn-0ada7a730210c6111-0
   keyring keyring-vpn-0ada7a730210c6111-0
   match identity address 13.114.74.240 255.255.255.255
   local-address [グローバルIP]
crypto isakmp profile isakmp-vpn-0ada7a730210c6111-1
   keyring keyring-vpn-0ada7a730210c6111-1
   match identity address 54.150.123.186 255.255.255.255
   local-address [グローバルIP]
!
crypto ipsec security-association replay window-size 128
!
crypto ipsec transform-set ipsec-prop-vpn-0ada7a730210c6111-0 esp-aes esp-sha-hmac
 mode tunnel
crypto ipsec transform-set ipsec-prop-vpn-0ada7a730210c6111-1 esp-aes esp-sha-hmac
 mode tunnel
crypto ipsec df-bit clear
!
!
crypto ipsec profile ipsec-vpn-0ada7a730210c6111-0
 set transform-set ipsec-prop-vpn-0ada7a730210c6111-0
 set pfs group2
!
crypto ipsec profile ipsec-vpn-0ada7a730210c6111-1
 set transform-set ipsec-prop-vpn-0ada7a730210c6111-1
 set pfs group2
!
interface Tunnel1
 ip address 169.254.57.246 255.255.255.252
 ip virtual-reassembly in
 ip tcp adjust-mss 1379
 tunnel source [グローバルIP]
 tunnel mode ipsec ipv4
 tunnel destination 13.114.74.240
 tunnel protection ipsec profile ipsec-vpn-0ada7a730210c6111-0
!
interface Tunnel2
 ip address 169.254.175.90 255.255.255.252
 ip virtual-reassembly in
 ip tcp adjust-mss 1379
 tunnel source [グローバルIP]
 tunnel mode ipsec ipv4
 tunnel destination 54.150.123.186
 tunnel protection ipsec profile ipsec-vpn-0ada7a730210c6111-1
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface FastEthernet0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet1
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet2
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet3
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet4
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet5
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet6
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet7
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet8
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Async3
 no ip address
 encapsulation slip
!
interface Dialer1
 mtu 1454
 bandwidth 1048576
 ip address negotiated
 ip access-group 100 in
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1414
 dialer pool 1
 dialer-group 1
 ppp mtu adaptive
 ppp authentication chap callin
 ppp chap hostname [プロバイダのID]
 ppp chap password [プロバイダのPASS]
 no cdp enable
!
router bgp 65000
 bgp log-neighbor-changes
 neighbor 169.254.57.245 remote-as 64512
 neighbor 169.254.57.245 timers 10 30 30
 neighbor 169.254.175.89 remote-as 64512
 neighbor 169.254.175.89 timers 10 30 30
 !
 address-family ipv4
  network 0.0.0.0
  neighbor 169.254.57.245 activate
  neighbor 169.254.57.245 default-originate
  neighbor 169.254.57.245 soft-reconfiguration inbound
  neighbor 169.254.175.89 activate
  neighbor 169.254.175.89 default-originate
  neighbor 169.254.175.89 soft-reconfiguration inbound
 exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
no cdp run
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 deny   tcp any any range 137 139
access-list 100 deny   tcp any range 137 139 any
access-list 100 deny   udp any any range netbios-ns netbios-ss
access-list 100 deny   udp any range netbios-ns netbios-ss any
access-list 100 deny   tcp any any eq 445
access-list 100 deny   tcp any eq 445 any
access-list 100 deny   udp any any eq 445
access-list 100 deny   udp any eq 445 any
access-list 100 deny   tcp any any eq telnet
access-list 100 deny   tcp any any eq bgp
access-list 100 permit esp any any
access-list 100 permit udp any any eq isakmp
access-list 100 permit udp any any eq non500-isakmp
access-list 100 permit ip any any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line 3
 modem InOut
 speed 115200
 flowcontrol hardware
line vty 0 4
 exec-timeout 0 0
 password [PASS]
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

, ,

コメント

コメントを入力:
R B N Q V
 
Aws/Site-to-SiteVPN/InternetVPN-RouterSettings.txt · 最終更新: 2021/02/14 by 127.0.0.1