古河電工TOP Telecom English お問い合わせ
ルータ・ネットワーク機器
製品・サービスラインナップ
ファームウエア
設定例
技術情報
マニュアル&カタログ
イベント&セミナー
セールス&サポート
ルータ・ネットワーク機器に関するお問い合わせ
情報通信トップ
古河電工TOPTelecom English お問い合わせ
閉じる
Home >ルータ・ネットワーク機器 >設定例 >クラウド接続の設定>Oracle Cloud Infrastructureに接続する
! access-list 100 permit udp ${vpn-ip1} 0.0.0.0 eq 500 any eq 500 access-list 100 permit 50 ${vpn-ip1} 0.0.0.0 any access-list 100 permit udp ${vpn-ip2} 0.0.0.0 eq 500 any eq 500 access-list 100 permit 50 ${vpn-ip2} 0.0.0.0 any access-list 111 deny ip any any access-list 121 spi ip any any ! ip route 0.0.0.0 0.0.0.0 tunnel 1 ! logging level informational ! crypto isakmp log sa crypto isakmp log session crypto isakmp log negotiation-fail ! interface GigaEthernet 1/1 vlan-id 11 bridge-group 11 channel-group 11 exit ! interface GigaEthernet 2/1 vlan-id 21 bridge-group 21 pppoe enable exit ! interface Port-channel 11 ip address ${customer-lan-ip} exit ! interface Tunnel 1 ip address ${cpePublicIpAddress} ip access-group 100 in ip access-group 111 in ip access-group 121 out ip nat inside source list 1 interface tunnel mode pppoe profile PPPoE_PROF pppoe interface gigaethernet 2/1 exit ! pppoe profile PPPoE_PROF account [PPP account] [pass] exit ! end
! crypto ipsec policy ${ipsecPolicy} set pfs group5 set security-association transform-keysize aes 256 256 256 set security-association transform esp-aes esp-sha-hmac exit ! crypto ipsec selector ${selector} src 1 ipv4 any dst 1 ipv4 any exit ! crypto isakmp keepalive ! crypto isakmp policy ${isakmpPolicy} authentication pre-share encryption aes encryption-keysize aes 256 256 256 group 5 hash sha exit ! crypto isakmp profile ${isakmpProfile1} local-address ${cpePublicIpAddress} set isakmp-policy ${isakmpPolicy} set ipsec-policy ${ipsecPolicy} set peer ${vpn-ip1} ike-version 1 local-key ascii ${sharedSecret1} exit ! crypto isakmp profile ${isakmpProfile2} local-address ${cpePublicIpAddress} set isakmp-policy ${isakmpPolicy} set ipsec-policy ${ipsecPolicy} set peer ${vpn-ip2} ike-version 1 local-key ascii ${sharedSecret2} exit ! crypto map ${map1} ipsec-isakmp match address ${selector} set isakmp-profile ${isakmpProfile1} exit ! crypto map ${map2} ipsec-isakmp match address ${selector} set isakmp-profile ${isakmpProfile2} exit ! interface Tunnel ${tunnelNumber1} tunnel mode ipsec map ${map1} ip address ${customer-interface-ip1} exit ! interface Tunnel ${tunnelNumber2} tunnel mode ipsec map ${map2} ip address ${customer-interface-ip2} exit
! ip route ${vcnCidrBlock} Tunnel ${tunnelNumber1} ip route ${vcnCidrBlock} Tunnel ${tunnelNumber2} !
! router bgp ${customer-bgp-asn} bgp router-id ${router-id} bgp log-neighbor-changes neighbor ${oracle-interface-ip1} ebgp-multihop 10 neighbor ${oracle-interface-ip1} enforce-multihop neighbor ${oracle-interface-ip1} remote-as ${oracle-bgp-asn1} neighbor ${oracle-interface-ip1} update-source tunnel ${tunnelNumber1} neighbor ${oracle-interface-ip2} ebgp-multihop 10 neighbor ${oracle-interface-ip2} enforce-multihop neighbor ${oracle-interface-ip2} remote-as ${oracle-bgp-asn2} neighbor ${oracle-interface-ip2} update-source tunnel ${tunnelNumber2} ! address-family ipv4 unicast redistribute connected exit exit !
ページの先頭へ