古河電工TOP Telecom English お問い合わせ
ルータ・ネットワーク機器
製品・サービスラインナップ
ファームウエア
設定例
技術情報
マニュアル&カタログ
イベント&セミナー
セールス&サポート
ルータ・ネットワーク機器に関するお問い合わせ
情報通信トップ
古河電工TOPTelecom English お問い合わせ
閉じる
Home >ルータ・ネットワーク機器 >設定例 >モバイル接続の設定
モバイル接続(内蔵LTE)を使う
モバイル接続(内蔵5Gモジュール)を使う
IPsecで冗長〜イベントアクションで切り替え:メインはPPPoE、バックアップはモバイル
IPsec/LTEデュアルSIM〜イベントアクションで切り替え
access-list 100 permit udp any 192.0.2.1 0.0.0.0 eq 500 access-list 100 permit udp any 192.0.2.1 0.0.0.0 eq 4500 access-list 100 permit 50 any 192.0.2.1 0.0.0.0 access-list 111 deny ip any any access-list 121 spi ip any any ip route 0.0.0.0 0.0.0.0 tunnel 2 ip route 192.168.1.0 255.255.255.0 tunnel 1 ip route 192.168.1.0 255.255.255.0 null 0 150 ip nat list 1 192.168.0.0 0.0.0.255 ! hardware-fault-detection action reboot ! logging buffer level informational ! hostname CENTER ! crypto ipsec udp-encapsulation nat-t ! crypto ipsec policy IPsec_POLICY set pfs group14 set security-association lifetime seconds 1800 set security-association transform-keysize aes 256 256 256 set security-association transform esp-aes esp-sha256-hmac set mtu 1454 set ip df-bit 0 set ip fragment post exit ! crypto ipsec selector SELECTOR1 src 1 ipv4 any dst 1 ipv4 any exit ! crypto isakmp keepalive interval 35 crypto isakmp log sa crypto isakmp log session crypto isakmp log negotiation-fail ! crypto isakmp policy ISAKMP_POLICY authentication pre-share encryption aes encryption-keysize aes 256 256 256 group 14 lifetime 3600 hash sha-256 initiate-mode aggressive exit ! crypto isakmp profile PROF1 match identity host id-kyoten local-address 192.0.2.1 self-identity address 192.0.2.1 set isakmp-policy ISAKMP_POLICY set ipsec-policy IPsec_POLICY ike-version 1 local-key SECRET-VPN exit ! crypto map MAP1 ipsec-isakmp match address SELECTOR1 set isakmp-profile PROF1 exit ! interface GigaEthernet 1/1 vlan-id 1 bridge-group 1 channel-group 1 exit ! interface GigaEthernet 2/1 vlan-id 2 bridge-group 2 pppoe enable exit ! interface Port-channel 1 ip address 192.168.0.1 255.255.255.0 exit ! interface Tunnel 1 tunnel mode ipsec map MAP1 link-state sync-sa exit ! interface Tunnel 2 ip address 192.0.2.1 255.255.255.255 ip nat inside source list 1 interface tunnel mode pppoe profile PPPOE_PROF pppoe interface gigaethernet 2/1 ip access-group 100 in ip access-group 111 in ip access-group 121 out exit ! pppoe profile PPPOE_PROF account user@xxxx.ne.jp secret exit ! ! end
access-list 100 permit udp any eq 67 any eq 68 access-list 100 permit udp 192.0.2.1 0.0.0.0 eq 500 any eq 500 access-list 100 permit udp 192.0.2.1 0.0.0.0 eq 4500 any eq 4500 access-list 100 permit 50 192.0.2.1 0.0.0.0 any access-list 111 deny ip any any access-list 121 spi ip any any ip route 0.0.0.0 0.0.0.0 dhcp port-channel 1 ip route 192.168.0.0 255.255.255.0 tunnel 1 ip route 192.168.0.0 255.255.255.0 null 0 150 ip nat list 1 192.168.1.0 0.0.0.255 ! monitor signal-quality logging lte-module interval 600 ! syslog filter LTE_LIMIT message Call count reached limit exit ! event-action 1 event syslog filter LTE_LIMIT action 1.1 cli exec command crypto isakmp discard action 2.1 cli exec command clear crypto sa action 3.1 cli exec command lte-module disconnect moff action 4.1 cli exec command lte-module connect reverse moff action 5.1 cli exec command no crypto isakmp discard exit ! hardware-fault-detection action reboot ! logging filter 1 LTE_LIMIT event-action logging buffer level informational ! ! hostname KYOTEN ! crypto ipsec udp-encapsulation nat-t ! crypto ipsec policy IPsec_POLICY set pfs group14 set security-association always-up set security-association rekey always set security-association lifetime seconds 1800 set security-association transform-keysize aes 256 256 256 set security-association transform esp-aes esp-sha256-hmac set mtu 1454 set ip df-bit 0 set ip fragment post exit ! crypto ipsec selector SELECTOR1 src 1 ipv4 any dst 1 ipv4 any exit ! crypto isakmp keepalive always-send interval 30 crypto isakmp log sa crypto isakmp log session crypto isakmp log negotiation-fail ! crypto isakmp policy ISAKMP_POLICY authentication pre-share encryption aes encryption-keysize aes 256 256 256 group 14 lifetime 3600 hash sha-256 initiate-mode aggressive exit ! crypto isakmp profile PROF1 match identity address 192.0.2.1 local-address source-interface port-channel 1 self-identity fqdn id-kyoten set isakmp-policy ISAKMP_POLICY set ipsec-policy IPsec_POLICY set peer 192.0.2.1 ike-version 1 local-key SECRET-VPN exit ! crypto map MAP1 ipsec-isakmp match address SELECTOR1 set isakmp-profile PROF1 exit ! interface GigaEthernet 1/1 vlan-id 2 bridge-group 2 channel-group 2 exit ! interface Port-channel 1 ip dhcp service client ip nat inside source list 1 interface exit ! interface Port-channel 2 ip address 192.168.1.1 255.255.255.0 exit ! ! interface Tunnel 1 tunnel mode ipsec map MAP1 link-state sync-sa exit ! interface LTE-Module 1 channel-group 1 sim-profile 1 SIM1 default sim-profile 2 SIM2 ip access-group 100 in ip access-group 111 in ip access-group 121 out exit ! sim-profile SIM1 account xxx123yyy@xxxxx.xx.jp XXX123 pdp ipv4 apn-name lte-ocn.ntt.com max-call 5 exit ! sim-profile SIM2 account xxx456yyy@xxxxx.xx.jp XXX456 pdp ipv4 apn-name lte-ocn.ntt.com max-call 5 exit ! ! end
ページの先頭へ