古河電工ネットワーク機器 [FITELnet]:FITELnet-Fシリーズ F220:設定例

古河電工ネットワーク機器の総合ブランド　ファイテルネット

設定例

ローカルブレイクアウト機能を使う

内容

　下記リンクよりご確認ください。

1. ドメイン名ルーティング	この設定を利用したい方は
2. Microsoft365（旧Office365）エンドポイント　情報を使う★NEW	センタ側の設定のご利用は
2. Microsoft365（旧Office365）エンドポイント　情報を使う★NEW	拠点側の設定のご利用は

<pre>
access-list 100 permit udp any eq 500 192.0.2.1 0.0.0.0 eq 500
access-list 100 permit 50 any 192.0.2.1 0.0.0.0
access-list 111 deny ip any any
access-list 121 spi ip any any
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 192.168.1.0 255.255.255.0 tunnel 2
ip route 192.168.1.0 255.255.255.0 null 0 250
!
hostname CENTER
!
crypto ipsec policy P2-POLICY
 set pfs group14
 set security-association lifetime seconds 28800
 set security-association transform-keysize aes 256 256 256
 set security-association transform esp-aes esp-sha256-hmac
 set mtu 1454
 set ip df-bit 0
 set ip fragment post
exit
!
crypto ipsec selector SELECTOR
 src 1 ipv4 any
 dst 1 ipv4 any
exit
!
crypto isakmp keepalive
logging level informational
crypto isakmp log sa
crypto isakmp log session
crypto isakmp log negotiation-fail
crypto isakmp tunnel-route ip interface tunnel 1
!
crypto isakmp policy P1-POLICY
 authentication pre-share
 encryption aes
 encryption-keysize aes 256 256 256
 group 14
 lifetime 86400
 hash sha-256
 initiate-mode aggressive
exit
!
crypto isakmp profile PROF0001
 match identity user id-kyoten
 local-address 192.0.2.1 
 set isakmp-policy P1-POLICY
 set ipsec-policy P2-POLICY
 ike-version 1
 local-key SECRET-VPN
exit
!
crypto map KYOTEN ipsec-isakmp
 match address SELECTOR
 set isakmp-profile PROF0001
exit
!
interface GigaEthernet 1/1
 vlan-id 1
 bridge-group 1
 channel-group 1
exit
!
interface GigaEthernet 2/1
 vlan-id 2
 bridge-group 2
 pppoe enable
exit
!
interface Port-channel 1
 ip address 192.168.0.254 255.255.255.0
 mss 1300
exit
!
interface Tunnel 1
 description FLETS
 ip address 192.0.2.1  255.255.255.255
 ip access-group 100 in
 ip access-group 111 in
 ip access-group 121 out
 tunnel mode pppoe profile PPPOE_PROF
 pppoe interface gigaethernet 2/1
exit
!
interface Tunnel 2
 tunnel mode ipsec map KYOTEN
 link-state sync-sa
exit
!
pppoe profile PPPOE_PROF
 account abc012@***.***.ne.jp xxxyyyzzz
exit
!
end
</pre>

<pre>
access-list 100 permit udp 192.0.2.1 0.0.0.0 eq 500 any eq 500
access-list 100 permit 50 192.0.2.1 0.0.0.0 any
access-list 111 deny ip any any
access-list 121 spi ip any any
!
ip route 192.0.2.1 255.255.255.255 tunnel 1
ip route 0.0.0.0 0.0.0.0 tunnel 2
ip name-server 192.168.0.100
ip name-server source-interface port-channel 1
ip nat list 1 192.168.1.0 0.0.0.255
!
ip dhcp server-profile lan1
 address 192.168.1.1 192.168.1.200
 lease-time 28800
 dns 192.168.0.100
 gateway 192.168.1.254
exit
!
crypto ipsec policy P2-POLICY
 set pfs group14
 set security-association always-up
 set security-association lifetime seconds 28800
 set security-association transform-keysize aes 256 256 256
 set security-association transform esp-aes esp-sha256-hmac
 set mtu 1454
 set ip df-bit 0
 set ip fragment post
exit
!
crypto ipsec selector SELECTOR
 src 1 ipv4 any
 dst 1 ipv4 any
exit
!
crypto isakmp keepalive
logging level informational
crypto isakmp log sa
crypto isakmp log session
crypto isakmp log negotiation-fail
!
hostname KYOTEN
!
crypto isakmp policy P1-POLICY
 authentication pre-share
 encryption aes
 encryption-keysize aes 256 256 256
 group 14
 lifetime 86400
 hash sha-256
 initiate-mode aggressive
exit
!
crypto isakmp profile PROF0001
 self-identity user-fqdn id-kyoten
 set isakmp-policy P1-POLICY
 set ipsec-policy P2-POLICY
 set peer 192.0.2.1
 ike-version 1
 local-key SECRET-VPN
exit
!
crypto map CENTER ipsec-isakmp
 match address SELECTOR
 set isakmp-profile PROF0001
exit
!
interface GigaEthernet 1/1
 vlan-id 1
 bridge-group 1
 channel-group 1
exit
!
interface GigaEthernet 2/1
 vlan-id 2
 bridge-group 2
 pppoe enable
exit
!
interface Port-channel 1
 ip address 192.168.1.254 255.255.255.0
 ip dhcp service server
 ip dhcp server-profile lan1
 mss 1300
exit
!
interface Tunnel 1
 description FLETS
 ip access-group 100 in
 ip access-group 111 in
 ip access-group 121 out
 ip nat inside source list 1 interface
 tunnel mode pppoe profile PPPOE_PROF
 pppoe interface gigaethernet 2/1
exit
!
interface Tunnel 2
 tunnel mode ipsec map CENTER
 dns-snooping enable
exit
!
pppoe profile PPPOE_PROF
 account abc345@***.***.ne.jp zzzyyyxxx
exit
!
local-breakout enable
local-breakout LBO1 tunnel 1
!
lbo-profile LBO1
 o365 enable
 dns-snooping enable
exit
!
end
</pre>

ページトップへ

サイトマップ古河電工HOME l 古河電工サーバのご利用にあたっての注意