Embedded Files
IPsec接続によるVPNを行うための設定です。本社と2店舗との接続例です。本社は固定IPを持っていますが、店舗は固定IPを持たない設定です。
本社の設定
TUNNEL1とTUNNEL2は管理するための分かりやすい名前を付けます。IKE-KEYは本社と店舗で必ず同じ値にします。TENPO1とTENPO2は各店舗の名前と必ず同じ値にします。
ip lan1 address 192.168.254.254/24
ip route default gateway pp 1
ip route 192.168.1.0/24 gateway tunnel 1
ip route 192.168.2.0/24 gateway tunnel 2
tunnel disable all
tunnel select 1
tunnel name TUNNEL1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc md5-hmac
ipsec ike keepalive use 1 on
ipsec ike local address 1 192.168.254.254
ipsec ike pre-shared-key 1 text IKE-KEY
ipsec ike remote address 1 any
ipsec ike remote name 1 TENPO1
ip tunnel tcp mss limit auto
tunnel enable 1
tunnel select 2
tunnel name TUNNEL2
ipsec tunnel 2
ipsec sa policy 2 2 esp 3des-cbc md5-hmac
ipsec ike keepalive use 2 on
ipsec ike local address 2 192.168.254.254
ipsec ike pre-shared-key 2 text IKE-KEY
ipsec ike remote address 2 any
ipsec ike remote name 2 TENPO2
ip tunnel tcp mss limit auto
tunnel enable 2
nat descriptor type 1 masquerade
nat descriptor masquerade static 1 1 192.168.254.254 udp 500
nat descriptor masquerade static 1 2 192.168.254.254 esp
ipsec auto refresh on
店舗1の設定
ip lan1 address 192.168.1.254/24
ip route default gateway pp 1
ip route 192.168.0.0/16 gateway tunnel 1
tunnel disable all
tunnel select 1
tunnel name TUNNEL1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc md5-hmac
ipsec ike keepalive use 1 on
ipsec ike local address 1 192.168.1.254
ipsec ike local name 1 TENPO1 key-id
ipsec ike pre-shared-key 1 text IKE-KEY
ipsec ike remote address 1 本社固定IP
ip tunnel tcp mss limit auto
tunnel enable 1
nat descriptor type 1 masquerade
nat descriptor masquerade static 1 1 192.168.1.254 udp 500
nat descriptor masquerade static 1 2 192.168.1.254 esp
ipsec auto refresh on
店舗2の設定
ip lan1 address 192.168.2.254/24
ip route default gateway pp 1
ip route 192.168.0.0/16 gateway tunnel 1
tunnel disable all
tunnel select 1
tunnel name TUNNEL1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc md5-hmac
ipsec ike keepalive use 1 on
ipsec ike local address 1 192.168.2.254
ipsec ike local name 1 TENPO2 key-id
ipsec ike pre-shared-key 1 text IKE-KEY
ipsec ike remote address 1 本社固定IP
ip tunnel tcp mss limit auto
tunnel enable 1
nat descriptor type 1 masquerade
nat descriptor masquerade static 1 1 192.168.2.254 udp 500
nat descriptor masquerade static 1 2 192.168.2.254 esp
ipsec auto refresh on
Page updated
Google Sites
Report abuse