ネットワーク機器トップ > 製品ラインナップ > FITELnet-Fシリーズ > FITELnet-F100・1000 > 設定例 > フレッツプレミアム回線上でのIPsec(Main modeでのSA確立) |
その他情報 使用機器
使用サービス
|
! ip route 0.0.0.0 0.0.0.0 192.168.24.1 ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 102 dynamic permit ip any any access-list 199 deny ip any any ! proxydns mode both proxydns default name-server v4 ***.***.***.*** +++.+++.+++.+++ vpn enable vpnlog enable ! ipsec access-list 1 ipsec ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255 ipsec access-list 64 bypass ip any any ipsec transform-set P2P esp-aes-128 esp-sha-hmac ! service dhcp-server ! hostname EAST ! interface ewan 1 crypto map PATH-1 ip address 192.168.24.60 255.255.255.0 ip access-group 100 out ip access-group 101 in ip access-group 102 out ip access-group 199 in ip nat inside source list 1 interface exit interface lan 1 ip address 192.168.1.254 255.255.255.0 exit ! ! crypto isakmp policy 1 authentication prekey encryption aes 128 hash sha group 2 key ascii FITEL negotiation-mode main peer-identity address ***.40.45.160 exit crypto map PATH-1 1 match address 1 set peer address ***.40.45.160 set transform-set P2P exit ! ! ip dhcp pool lan1 dns-server 0.0.0.0 default-router 0.0.0.0 exit ! ! end |
! ip route 0.0.0.0 0.0.0.0 192.168.24.1 ! access-list 1 permit 192.168.10.0 0.0.0.255 access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 102 dynamic permit ip any any access-list 199 deny ip any any ! proxydns mode both proxydns default name-server v4 221.113.139.250 202.234.232.6 vpn enable vpnlog enable ! ipsec access-list 1 ipsec ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255 ipsec access-list 64 bypass ip any any ipsec transform-set P2P esp-aes-128 esp-sha-hmac ! service dhcp-server ! hostname WEST ! interface ewan 1 crypto map PATH-1 ip address 192.168.24.70 255.255.255.0 ip access-group 100 out ip access-group 101 in ip access-group 102 out ip access-group 199 in ip nat inside source list 1 interface exit interface lan 1 ip address 192.168.10.254 255.255.255.0 exit ! ! crypto isakmp policy 1 authentication prekey encryption aes 128 hash sha group 2 key ascii FITEL negotiation-mode main peer-identity address ***.40.45.161 exit crypto map PATH-1 1 match address 1 set peer address ***.40.45.161 set transform-set P2P exit ! ! ip dhcp pool lan1 dns-server 0.0.0.0 default-router 0.0.0.0 exit ! ! end |
はじめに静的アドレス設定を行います。
続いてファイアウォール設定を変更します。
|