設定例／組み合わせ｜ルータ・ネットワーク機器

対象装置

F220/F221

WANインターフェース

LANインターフェース

ポートベースVLAN

IPv4アドレス

DHCPサーバ

タグVLAN

Fらくねっと

Fらくねっと設定

インポート

ここに変換元ファイルをドロップして下さい
もしくは

　ファイルを選択　

設定例	対象装置

<pre>
!
access-list 111 deny udp any eq 135 any
access-list 111 deny udp any any eq 135
access-list 111 deny tcp any eq 135 any
access-list 111 deny tcp any any eq 135
access-list 111 deny udp any range 137 139 any
access-list 111 deny udp any any range 137 139
access-list 111 deny tcp any range 137 139 any
access-list 111 deny tcp any any range 137 139
access-list 111 deny udp any eq 445 any
access-list 111 deny udp any any eq 445
access-list 111 deny tcp any eq 445 any
access-list 111 deny tcp any any eq 445
access-list 112 deny ip 192.168.100.0 0.0.0.255 any
access-list 112 permit icmp any 192.168.100.0 0.0.0.255
access-list 113 spi tcp any any eq ftp
access-list 113 spi tcp any any eq ftp-data
access-list 113 spi tcp any any eq www
access-list 113 spi udp any any eq domain
access-list 113 spi tcp any any eq smtp
access-list 113 spi tcp any any eq pop3
access-list 113 spi tcp any any eq 587
access-list 113 spi tcp any any
access-list 113 spi udp any any
access-list 114 permit ip any any
access-list 115 deny ip any any
!
aaa authentication login default local
aaa authorization exec default local
!
username guest password guest-secret
!
</pre>

++++++++++ AmazonVPC
!
access-list 100 permit udp host #virtual_private_gateway_21_1 eq 500 any eq 500
access-list 100 permit udp host #virtual_private_gateway_21_2 eq 500 any eq 500
access-list 100 permit 50 host #virtual_private_gateway_21_1 any
access-list 100 permit 50 host #virtual_private_gateway_21_2 any
***WildCard_access-list

++++++++++ AmazonVPC
!
ip route 10.0.1.0 255.255.255.0 #next_hop_25_1

++++++++++ AmazonVPC
!
ip route 10.0.1.0 255.255.255.0 #next_hop_25_2 100

++++++++++ PPPoE
!
ip route 0.0.0.0 0.0.0.0 tunnel 3

++++++++++ NAT
!
ip nat list 1 192.168.100.0 0.0.0.255

++++++++++ AmazonVPC
!
crypto ipsec policy IPSECPOL_001
 set pfs #perfect_forward_secrecy_14_1
 set security-association always-up
 set security-association rekey always
 set security-association lifetime seconds #lifetime_12_1
 set security-association transform-keysize #encryption_algorithm_11_1 #encryption_algorithm_11_1_size #encryption_algorithm_11_1_size #encryption_algorithm_11_1_size
 set security-association transform #authentication_algorithm_10_1_enc #authentication_algorithm_10_1_auth
 set mtu #tunnel_interface_mtu_24_1
 set mss #tcp_mss_adjustment_17_1
 set ip df-bit #clear_dont_fragment_bit_18_1
exit

++++++++++ AmazonVPC
!
crypto ipsec policy IPSECPOL_002
 set pfs #perfect_forward_secrecy_14_2
 set security-association always-up
 set security-association rekey always
 set security-association lifetime seconds #lifetime_12_2
 set security-association transform-keysize #encryption_algorithm_11_2 #encryption_algorithm_11_2_size #encryption_algorithm_11_2_size #encryption_algorithm_11_2_size
 set security-association transform #authentication_algorithm_10_2_enc #authentication_algorithm_10_2_auth
 set mtu #tunnel_interface_mtu_24_2
 set mss #tcp_mss_adjustment_17_2
 set ip df-bit #clear_dont_fragment_bit_18_2
exit

++++++++++ AmazonVPC
!
crypto ipsec selector SELECTOR_1
 src 1 ipv4 any
 dst 1 ipv4 any
exit

++++++++++ AmazonVPC
!
logging buffer level informational
crypto isakmp log sa
crypto isakmp log session
crypto isakmp log negotiation-fail

++++++++++ AmazonVPC
!
crypto isakmp negotiation retry timer 10 limit 3 timer-max 30 guard-time 0

++++++++++ AmazonVPC
!
crypto isakmp negotiation always-up-params interval 1000 max-initiate 10 max-pending 10 delay 1

++++++++++ AmazonVPC
!
crypto isakmp policy ISAPOL_001
 authentication #authentication_method_2_1
 encryption #encryption_algorithm_5_1
 encryption-keysize aes #encryption_algorithm_5_1_size #encryption_algorithm_5_1_size #encryption_algorithm_5_1_size
 #diffie_hellman_8_1
 lifetime #lifetime_6_1
 hash #authentication_algorithm_4_1
 set security-association softlimit initiate seconds 60
 set security-association softlimit respond seconds 30
 initiate-mode #phase_1_negotiation_mode_7_1
 set negotiation retry timer #dpd_interval_15_1 limit #dpd_retries_16_1 timer-max 30 guard-time 0
exit

++++++++++ AmazonVPC
!
crypto isakmp policy ISAPOL_002
 authentication #authentication_method_2_2 
 encryption #encryption_algorithm_5_2
 encryption-keysize aes #encryption_algorithm_5_2_size #encryption_algorithm_5_2_size #encryption_algorithm_5_2_size
 #diffie_hellman_8_2
 lifetime #lifetime_6_2 
 hash #authentication_algorithm_4_2 
 set security-association softlimit initiate seconds 60
 set security-association softlimit respond seconds 30
 initiate-mode #phase_1_negotiation_mode_7_2
 set negotiation retry timer #dpd_interval_15_2 limit #dpd_retries_16_2 timer-max 30 guard-time 0
exit

++++++++++ AmazonVPC
!
crypto isakmp profile ISAPROF_001
 keepalive interval 10
 local-address
 match identity address #virtual_private_gateway_21_1
 self-identity user-fqdn id-kyoten
 set isakmp-policy ISAPOL_001
 set ipsec-policy IPSECPOL_001
 set peer #virtual_private_gateway_21_1
 ike-version #ike_version_1_1
 local-key ascii #pre_shared_key_3_1
exit

++++++++++ AmazonVPC
!
crypto isakmp profile ISAPROF_002
 keepalive interval 10
 local-address
 match identity address #virtual_private_gateway_21_2
 self-identity user-fqdn id-kyoten
 set isakmp-policy ISAPOL_002
 set ipsec-policy IPSECPOL_002
 set peer #virtual_private_gateway_21_2
 ike-version #ike_version_1_2
 local-key ascii #pre_shared_key_3_2
exit

++++++++++ AmazonVPC
!
crypto map MAP1 ipsec-isakmp
 match address SELECTOR_1
 set isakmp-profile ISAPROF_001
exit

++++++++++ AmazonVPC
!
crypto map MAP2 ipsec-isakmp
 match address SELECTOR_1
 set isakmp-profile ISAPROF_002
exit

++++++++++ AmazonVPC
!
aaa authentication login default local

++++++++++ AmazonVPC
!
aaa authorization exec default local

++++++++++ AmazonVPC
!
aaa authentication login default local
aaa authorization exec default local
!
username guest password guest-secret

++++++++++ AmazonVPC
!
hostname FITELnet

++++++++++ AmazonVPC/BaseVLANL/TagVLANL/IPv4L/DHCPServer
!
interface GigaEthernet ***LAN_interface_number
 description GigaEther-***LAN_interface_number
 vlan-id 1
 bridge-group 1
 ***IPv4_LAN_channel_group
exit

++++++++++ PPPoE/BaseVLANW/TagVLANW/IPv4W
!
interface GigaEthernet ***WAN_interface_number
 description GigaEther-***WAN_interface_number
 vlan-id 2
 bridge-group 2
 ***IPv4_WAN_channel_group
 ***PPPoE_pppoe_enable
 ***WildCard_access-group
exit

++++++++++ AmazonVPC/IPv4L/DHCPServer
!
interface Port-channel 1
 description PortChannel-1
 ip address 192.168.100.1 255.255.255.0
 ***DHCPServer_ip_dhcp_service
 ***DHCPServer_ip_dhcp_server-profile
 mss 1350
exit

++++++++++ AmazonVPC
!
interface Tunnel 1
 description VPN Tunnel 1
 ip address #customer_gateway_22_1 #customer_gateway_22_1_mask
 tunnel mode ipsec map MAP1
 link-state sync-sa
exit

++++++++++ AmazonVPC
!
interface Tunnel 2
 description VPN Tunnel 2
 ip address #customer_gateway_22_2 #customer_gateway_22_2_mask
 tunnel mode ipsec map MAP2
 link-state sync-sa
exit

++++++++++ PPPoE/NAT
!
interface Tunnel 3
 description Default Route Tunnel
 ***PPPoE_WildCard_access-group
 ***PPPoE_tunnel_mode_pppoe
 ***PPPoE_pppoe_interface
 ***NAT_nat_inside_source
exit

++++++++++ PPPoE
!
pppoe profile PPPOE_PROF0001
 account user@xxxx.ne.jp secret
exit

++++++++++ PPPoE
!
ip route 0.0.0.0 0.0.0.0 tunnel 3

++++++++++ NAT
!
ip nat list 1 192.168.100.0 0.0.0.255

++++++++++ AmazonVPC
!
crypto ipsec selector SELECTOR_1
 src 1 ipv4 any
 dst 1 ipv4 any
exit

++++++++++ AmazonVPC
!
logging buffer level informational
crypto isakmp log sa
crypto isakmp log session
crypto isakmp log negotiation-fail

++++++++++ AmazonVPC
!
crypto isakmp negotiation retry timer 10 limit 3 timer-max 30 guard-time 0

++++++++++ AmazonVPC
!
crypto isakmp negotiation always-up-params interval 1000 max-initiate 10 max-pending 10 delay 1

++++++++++ AmazonVPC
!
crypto map MAP1 ipsec-isakmp
 match address SELECTOR_1
 set isakmp-profile ISAPROF_001
exit

++++++++++ AmazonVPC
!
crypto map MAP2 ipsec-isakmp
 match address SELECTOR_1
 set isakmp-profile ISAPROF_002
exit

++++++++++ AmazonVPC
!
aaa authentication login default local

++++++++++ AmazonVPC
!
aaa authorization exec default local

++++++++++ AmazonVPC
!
aaa authentication login default local
aaa authorization exec default local
!
username guest password guest-secret

++++++++++ AmazonVPC
!
hostname FITELnet

++++++++++ AmazonVPC
!
interface Tunnel 1
 description VPN Tunnel 1
 ip address #customer_gateway_22_1 #customer_gateway_22_1_mask
 tunnel mode ipsec map MAP1
 link-state sync-sa
exit

++++++++++ AmazonVPC
!
interface Tunnel 2
 description VPN Tunnel 2
 ip address #customer_gateway_22_2 #customer_gateway_22_2_mask
 tunnel mode ipsec map MAP2
 link-state sync-sa
exit

++++++++++ PPPoE/NAT
!
interface Tunnel 3
 description Default Route Tunnel
 ***PPPoE_WildCard_access-group
 ***PPPoE_tunnel_mode_pppoe
 ***PPPoE_pppoe_interface
 ***NAT_nat_inside_source
exit

++++++++++ AmazonVPC
!
router bgp #customer_gateway_asn_27_1
 bgp router-id 192.168.100.1
 bgp log-neighbor-changes
 neighbor #neighbor_ip_address_28_1 remote-as #virtual_private_gateway_asn_26_1
 neighbor #neighbor_ip_address_28_1 timers 10 #neighbor_hold_time_29_1
 neighbor #neighbor_ip_address_28_2 remote-as #virtual_private_gateway_asn_26_2
 neighbor #neighbor_ip_address_28_2 timers 10 #neighbor_hold_time_29_2
 !
 address-family ipv4 unicast
  neighbor #neighbor_ip_address_28_1 activate
  neighbor #neighbor_ip_address_28_2 activate
  network 192.168.100.0 255.255.255.0
 exit
exit

++++++++++ PPPoE
!
pppoe profile PPPOE_PROF0001
 account user@xxxx.ne.jp secret
exit

ページの先頭へ