古河電工TOP Telecom English お問い合わせ
ルータ・ネットワーク機器
製品・サービスラインナップ
ファームウエア
設定例
技術情報
マニュアル&カタログ
イベント&セミナー
セールス&サポート
ルータ・ネットワーク機器に関するお問い合わせ
情報通信トップ
古河電工TOPTelecom English お問い合わせ
閉じる
Home >ルータ・ネットワーク機器 >設定例 >モバイル接続の設定
モバイル接続(内蔵LTE)を使う
モバイル接続(内蔵5Gモジュール)を使う
IPsecで冗長〜イベントアクションで切り替え:メインはPPPoE、バックアップはモバイル
IPsec/LTEデュアルSIM〜イベントアクションで切り替え
access-list 100 permit udp any 192.0.2.1 0.0.0.0 eq 500 access-list 100 permit udp any 192.0.2.1 0.0.0.0 eq 4500 access-list 100 permit 50 any 192.0.2.1 0.0.0.0 access-list 111 deny udp any eq 135 any access-list 111 deny udp any any eq 135 access-list 111 deny tcp any eq 135 any access-list 111 deny tcp any any eq 135 access-list 111 deny udp any range 137 139 any access-list 111 deny udp any any range 137 139 access-list 111 deny tcp any range 137 139 any access-list 111 deny tcp any any range 137 139 access-list 111 deny udp any eq 445 any access-list 111 deny udp any any eq 445 access-list 111 deny tcp any eq 445 any access-list 111 deny tcp any any eq 445 access-list 112 deny ip 192.168.0.0 0.0.0.255 any access-list 112 permit icmp any 192.168.0.0 0.0.0.255 access-list 113 spi tcp any any eq ftp access-list 113 spi tcp any any eq ftp-data access-list 113 spi tcp any any eq www access-list 113 spi udp any any eq domain access-list 113 spi tcp any any eq smtp access-list 113 spi tcp any any eq pop3 access-list 113 spi tcp any any eq 587 access-list 113 spi tcp any any access-list 113 spi udp any any access-list 114 permit ip any any access-list 115 deny ip any any ip route 0.0.0.0 0.0.0.0 tunnel 2 ip route 192.168.1.0 255.255.255.0 tunnel 1 ip route 192.168.1.0 255.255.255.0 null 0 150 ip nat list 1 192.168.0.0 0.0.0.255 ! hardware-fault-detection action reboot ! logging buffer level informational ! aaa authentication login default local aaa authorization exec default local ! username guest password guest-secret ! hostname CENTER ! crypto ipsec udp-encapsulation nat-t ! crypto ipsec policy IPsec_POLICY set pfs group14 set security-association lifetime seconds 1800 set security-association transform-keysize aes 256 256 256 set security-association transform esp-aes esp-sha256-hmac set mtu 1454 set ip df-bit 0 set ip fragment post exit ! crypto ipsec selector SELECTOR1 src 1 ipv4 any dst 1 ipv4 any exit ! crypto isakmp keepalive interval 35 crypto isakmp log sa crypto isakmp log session crypto isakmp log negotiation-fail ! crypto isakmp policy ISAKMP_POLICY authentication pre-share encryption aes encryption-keysize aes 256 256 256 group 14 lifetime 3600 hash sha-256 initiate-mode aggressive exit ! crypto isakmp profile PROF1 match identity host id-kyoten local-address 192.0.2.1 self-identity address 192.0.2.1 set isakmp-policy ISAKMP_POLICY set ipsec-policy IPsec_POLICY ike-version 1 local-key SECRET-VPN exit ! crypto map MAP1 ipsec-isakmp match address SELECTOR1 set isakmp-profile PROF1 exit ! interface GigaEthernet 1/1 vlan-id 1 bridge-group 1 channel-group 1 exit ! interface GigaEthernet 2/1 vlan-id 2 bridge-group 2 pppoe enable exit ! interface Port-channel 1 ip address 192.168.0.1 255.255.255.0 exit ! interface Tunnel 1 tunnel mode ipsec map MAP1 link-state sync-sa exit ! interface Tunnel 2 ip address 192.0.2.1 255.255.255.255 ip nat inside source list 1 interface tunnel mode pppoe profile PPPOE_PROF pppoe interface gigaethernet 2/1 ip access-group 100 in ip access-group 111 out ip access-group 112 in ip access-group 113 out ip access-group 114 out ip access-group 115 in ip access-group spi ftp-data enable exit ! pppoe profile PPPOE_PROF account user@xxxx.ne.jp secret exit ! ! end
access-list 100 permit udp any eq 67 any eq 68 access-list 100 permit udp 192.0.2.1 0.0.0.0 eq 500 any eq 500 access-list 100 permit udp 192.0.2.1 0.0.0.0 eq 4500 any eq 4500 access-list 100 permit 50 192.0.2.1 0.0.0.0 any access-list 111 deny udp any eq 135 any access-list 111 deny udp any any eq 135 access-list 111 deny tcp any eq 135 any access-list 111 deny tcp any any eq 135 access-list 111 deny udp any range 137 139 any access-list 111 deny udp any any range 137 139 access-list 111 deny tcp any range 137 139 any access-list 111 deny tcp any any range 137 139 access-list 111 deny udp any eq 445 any access-list 111 deny udp any any eq 445 access-list 111 deny tcp any eq 445 any access-list 111 deny tcp any any eq 445 access-list 112 deny ip 192.168.0.0 0.0.0.255 any access-list 112 permit icmp any 192.168.0.0 0.0.0.255 access-list 113 spi tcp any any eq ftp access-list 113 spi tcp any any eq ftp-data access-list 113 spi tcp any any eq www access-list 113 spi udp any any eq domain access-list 113 spi tcp any any eq smtp access-list 113 spi tcp any any eq pop3 access-list 113 spi tcp any any eq 587 access-list 113 spi tcp any any access-list 113 spi udp any any access-list 114 permit ip any any access-list 115 deny ip any any ! ip route 0.0.0.0 0.0.0.0 dhcp port-channel 1 ip route 192.168.0.0 255.255.255.0 tunnel 1 ip route 192.168.0.0 255.255.255.0 null 0 150 ip nat list 1 192.168.1.0 0.0.0.255 ! logging buffer level informational ! aaa authentication login default local aaa authorization exec default local ! username guest password guest-secret ! hostname KYOTEN ! monitor signal-quality logging lte-module interval 600 ! syslog filter LTE_LIMIT message Call count reached limit exit ! event-action 1 event syslog filter LTE_LIMIT action 1.1 cli exec command crypto isakmp discard action 2.1 cli exec command clear crypto sa action 3.1 cli exec command lte-module disconnect moff action 4.1 cli exec command lte-module connect reverse moff action 5.1 cli exec command no crypto isakmp discard exit ! hardware-fault-detection action reboot ! logging filter 1 LTE_LIMIT event-action ! crypto ipsec udp-encapsulation nat-t ! crypto ipsec policy IPsec_POLICY set pfs group14 set security-association always-up set security-association rekey always set security-association lifetime seconds 1800 set security-association transform-keysize aes 256 256 256 set security-association transform esp-aes esp-sha256-hmac set mtu 1454 set ip df-bit 0 set ip fragment post exit ! crypto ipsec selector SELECTOR1 src 1 ipv4 any dst 1 ipv4 any exit ! crypto isakmp keepalive always-send interval 30 crypto isakmp log sa crypto isakmp log session crypto isakmp log negotiation-fail ! crypto isakmp policy ISAKMP_POLICY authentication pre-share encryption aes encryption-keysize aes 256 256 256 group 14 lifetime 3600 hash sha-256 initiate-mode aggressive exit ! crypto isakmp profile PROF1 match identity address 192.0.2.1 local-address source-interface port-channel 1 self-identity fqdn id-kyoten set isakmp-policy ISAKMP_POLICY set ipsec-policy IPsec_POLICY set peer 192.0.2.1 ike-version 1 local-key SECRET-VPN exit ! crypto map MAP1 ipsec-isakmp match address SELECTOR1 set isakmp-profile PROF1 exit ! interface GigaEthernet 1/1 vlan-id 2 bridge-group 2 channel-group 2 exit ! interface Port-channel 1 ip dhcp service client ip nat inside source list 1 interface exit ! interface Port-channel 2 ip address 192.168.1.1 255.255.255.0 exit ! ! interface Tunnel 1 tunnel mode ipsec map MAP1 link-state sync-sa exit ! interface LTE-Module 1 channel-group 1 sim-profile 1 SIM1 default sim-profile 2 SIM2 ip access-group 100 in ip access-group 111 out ip access-group 112 in ip access-group 113 out ip access-group 114 out ip access-group 115 in ip access-group spi ftp-data enable exit ! sim-profile SIM1 account xxx123yyy@xxxxx.xx.jp XXX123 pdp ipv4 apn-name lte-ocn.ntt.com max-call 5 exit ! sim-profile SIM2 account xxx456yyy@xxxxx.xx.jp XXX456 pdp ipv4 apn-name lte-ocn.ntt.com max-call 5 exit ! ! end
ページの先頭へ