サンプルconfig
-------------------------------------------------------------------------
Router(config)$ show startup-config
Using 5162 out of 1048576 bytes
! NEC Portable Internetwork Core Operating System Software
! IX Series IX2215 (magellan-sec) Software, Version 10.9.11, RELEASE SOFTWARE
! Compiled Dec 15-Fri-2023 13:35:51 JST #2
! Last updated Jul 05-Fri-2024 21:51:07 JST
!
timezone +09 00
!
logging buffered 131072
logging subsystem all warn
logging timestamp datetime
!
username admin password hash 9xExxxx4xxeCX3XXX2C@ administrator
!
!
ip ufs-cache max-entries 20000
ip ufs-cache enable
ip route default Tunnel1.0
ip dhcp enable
ip access-list web-http-acl permit ip src any dest 192.168.0.1/32
!
!
ipv6 ufs-cache max-entries 10000
ipv6 ufs-cache enable
ipv6 dhcp enable
ipv6 access-list block-list deny ip src any dest any
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 546
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 547
ipv6 access-list icmpv6-list permit icmp src any dest any
ipv6 access-list other-list permit ip src any dest any
ipv6 access-list tunnel-list permit 4 src any dest any
ipv6 access-list dynamic cache 65535
ipv6 access-list dynamic dflt-list access other-list
!
!
!
nhrp local GigaEthernet2.0
!
proxy-dns ip enable
proxy-dns ip request both
!
http-server authentication-method digest
http-server username admin secret-password XxmxxIx4xxzXXv
http-server ip access-list web-http-acl
http-server ip enable
!
!
ikev2 authentication psk id ipv4 169.254.0.8 key char xx0xxx8x<--- VPNセンターpss
!
ddns enable
!
!
! wol 設定
wol terminal DS218j mac 00:xx:32:xx:5f:62 ip 192.168.0.224 interface GigaEthernet2.0
wol terminal NIPOGI_PC mac xx:1d:ef:xx:f1:75 ip 192.168.0.229 interface GigaEthernet2.0
wol terminal NIPOGI_Xp mac 68:xx:ef:xx:20:e1 ip 192.168.0.228 interface GigaEthernet2.0
wol terminal PT2 mac 00:xx:4d:xx:ec:94 ip 192.168.0.99 interface GigaEthernet2.0
wol terminal PT3 mac a8:a1:xx:db:xx:f8 ip 192.168.0.98 interface GigaEthernet2.0
!
route-map web-dmvpn-map permit 10
match interface GigaEthernet2.0
!
ip dhcp profile dhcpv4-sv
dns-server 192.168.0.1
!
ipv6 dhcp client-profile dhcpv6-cl
option-request dns-servers
ia-pd subscriber GigaEthernet2.0 ::/64 eui-64
!
ipv6 dhcp server-profile dhcpv6-sv
dns-server dhcp
!
router bgp 65535
timers 5 15
neighbor 169.254.255.254 remote-as 65535
neighbor 169.254.255.254 connect-interval 10
address-family ipv4 unicast
redistribute connected route-map web-dmvpn-map
!
ddns profile transix-update <--- IPv6 transixサービス
url http://update.transix.jp/request <--- IPv6 アップデートサーバのURL
query username=u1xxxxxxx0&password=0xxxxxxa <--- IPv6 id pass
transport ipv6
source-interface GigaEthernet2.0
!
device GigaEthernet0
!
device GigaEthernet1
!
device GigaEthernet2
!
device BRI0
isdn switch-type hsd128k
!
device USB0
shutdown
!
interface GigaEthernet0.0
no ip address
ip napt static GigaEthernet0.0 50
ip napt static GigaEthernet0.0 udp 500
ip napt static GigaEthernet0.0 udp 4500
ipv6 enable
ipv6 dhcp client dhcpv6-cl
ipv6 nd proxy GigaEthernet2.0
ipv6 filter dhcpv6-list 1 in
ipv6 filter icmpv6-list 2 in
ipv6 filter tunnel-list 3 in
ipv6 filter block-list 100 in
ipv6 filter dhcpv6-list 1 out
ipv6 filter icmpv6-list 2 out
ipv6 filter tunnel-list 3 out
ipv6 filter dflt-list 100 out
no shutdown
!
interface GigaEthernet1.0
no ip address
shutdown
!
interface GigaEthernet2.0
description LAN1
ip address 192.168.0.1/24
ip dhcp binding dhcpv4-sv
ipv6 enable
ipv6 interface-identifier 00:00:00:00:00:00:xx:xx <--- IPv6インタフェースID
ipv6 dhcp server dhcpv6-sv
ipv6 nd ra enable
ipv6 nd ra other-config-flag
no shutdown
!
interface BRI0.0
encapsulation ppp
no auto-connect
no ip address
shutdown
!
interface USB-Serial0.0
encapsulation ppp
no auto-connect
no ip address
shutdown
!
interface Loopback0.0
no ip address
!
interface Null0.0
no ip address
!
interface Tunnel0.0 <--- ダイナミックDNSトンネル設定
description DynamicVPN_#8 <--- VPN拠点No
tunnel mode mgre ipsec-ikev2
ip address 169.254.0.8/16
ip tcp adjust-mss auto
nhrp nhs 169.254.255.254/16 nbma 21x.xxx.xxx.x4xx <--- センターグローバルIP(固定)
ikev2 child-pfs 2048-bit
ikev2 child-proposal enc aes-cbc-256 aes-cbc-192 aes-cbc-128
ikev2 child-proposal integrity sha2-512 sha2-384 sha2-256
ikev2 dpd interval 10
ikev2 local-authentication psk id ipv4 169.254.0.8
ikev2 nat-traversal keepalive 20
ikev2 outgoing-interface Tunnel1.0 auto
ikev2 sa-proposal enc aes-cbc-256 aes-cbc-192 aes-cbc-128
ikev2 sa-proposal integrity sha2-512 sha2-384 sha2-256
ikev2 sa-proposal dh 2048-bit
ikev2 sa-proposal prf sha2-512 sha2-384 sha2-256
ikev2 ipsec-mode transport
ikev2 peer any authentication psk
no shutdown
!
interface Tunnel1.0 <--- IPv6トンネル設定
tunnel mode 4-over-6
tunnel destination 2xx4:xxx0::feed:1x0 <--- 固定IPトンネル終端装置のIPv6アドレス
tunnel source GigaEthernet2.0
ip address 2xx.xxx.x4x.x7x/32 <--- 本機のグローバルIP(固定)
ip tcp adjust-mss auto
ip napt enable
ip napt static Tunnel1.0 50
ip napt static Tunnel1.0 udp 500
ip napt static Tunnel1.0 udp 4500
no shutdown
!
system information lan 1 GigaEthernet2.0
system information wan 1 Tunnel1.0
system information wan 2 GigaEthernet0.0
!
web-console system information
Router(config)$
-------------------------------------------------------------------------
※フレッツ光クロスの場合、光電話無でもあり設定と同じPD方式で設定しないとIPv4が通りません
※フレッツ光クロスの場合、光電話無でもあり設定と同じPD方式で設定しないとIPv4が通りません
0 件のコメント:
コメントを投稿
注: コメントを投稿できるのは、このブログのメンバーだけです。