IPv6ダイナミックVPN(center)IX2215

NTT光NEXT回線　IPv6　transix（IPIP）　使ったダイナミックVPN(センター)

サンプルconfig
-------------------------------------------------------------------------

Router(config)$ show startup-config

Using 3995 out of 1048576 bytes

! NEC Portable Internetwork Core Operating System Software

! IX Series IX2215 (magellan-sec) Software, Version 10.9.11, RELEASE SOFTWARE

! Compiled Dec 15-Fri-2023 13:35:51 JST #2

! Last updated Jul 07-Sun-2024 14:22:37 JST

!

timezone +09 00

!

logging buffered 131072

logging subsystem all warn

logging timestamp datetime

!

username admin password hash 9xExxxx4xxeCX3XXX2C@ administrator

!

!

ip ufs-cache max-entries 20000

ip ufs-cache enable

ip route default Tunnel1.0

ip dhcp enable

ip access-list web-http-acl permit ip src any dest 192.168.111.1/32

!

!

ipv6 ufs-cache max-entries 10000

ipv6 ufs-cache enable

ipv6 dhcp enable

ipv6 access-list block-list deny ip src any dest any

ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 546

ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 547

ipv6 access-list icmpv6-list permit icmp src any dest any

ipv6 access-list other-list permit ip src any dest any

ipv6 access-list tunnel-list permit 4 src any dest any

ipv6 access-list dynamic cache 65535

ipv6 access-list dynamic dflt-list access other-list

!

!

!

!

!

!

nhrp local GigaEthernet2.0

!

proxy-dns ip enable

proxy-dns ip request both

!

http-server authentication-method digest

http-server username admin secret-password MxxYxx4fxzx9xx

http-server ip access-list web-http-acl

http-server ip enable

!

!

ddns enable

!

!

ikev authentication psk id ipv4 169.254.255.254 key char xxxxxxx8<--- VPNセンターpss

! WOL設定

wol terminal PT4 mac b4:6d:xx:xx:16:78 ip 192.168.111.98 interface GigaEthernet2.0

wol terminal PX-MLT5PE mac a8:xx:59:xx:28:d4 ip 192.168.111.100 interface GigaEthernet2.0

wol terminal intel_UNC mac 1c:69:xx:09:xx:78 ip 192.168.111.97 interface GigaEthernet2.0

!

route-map web-dmvpn-map permit 10

  match interface GigaEthernet2.0

!

route-map web-dmvpn-map-tunnel0.0 permit 10<--- ダイナミックDNSトンネル

  set ip next-hop 169.254.255.254

!

ip dhcp profile dhcpv4-sv

  dns-server 192.168.111.1

!

ipv6 dhcp client-profile dhcpv6-cl

  option-request dns-servers

  ia-pd subscriber GigaEthernet2.0 ::/64 eui-64

!

ipv6 dhcp server-profile dhcpv6-sv

  dns-server dhcp

!

router bgp 65535

  timers 5 15

  address-family ipv4 unicast

    redistribute connected route-map web-dmvpn-map

  peer-group web-dmvpn-group-tunnel0.0 remote-as 65535

    listen range 169.254.0.0/16

    connect-interval 10

    route-reflector-client

    address-family ipv4 route-map web-dmvpn-map-tunnel0.0 out

!

ddns profile transix-update　<--- IPv6  transixサービス

  url http://update.transix.jp/request　<--- IPv6  アップデートサーバのURL

  query username=u1xxxxxxxxxxxx4&password=x6xxxxx8x8　<--- IPv6  id  pass

  transport ipv6

  source-interface GigaEthernet2.0

!

device GigaEthernet0

!

device GigaEthernet1

!

device GigaEthernet2

!

device BRI0

  isdn switch-type hsd128k

!

device USB0

  shutdown

!

interface GigaEthernet0.0

  no ip address

  ip napt static GigaEthernet0.0 50

  ip napt static GigaEthernet0.0 udp 500

  ip napt static GigaEthernet0.0 udp 4500

  ipv6 enable

  ipv6 dhcp client dhcpv6-cl

  ipv6 nd proxy GigaEthernet2.0

  ipv6 filter dhcpv6-list 1 in

  ipv6 filter icmpv6-list 2 in

  ipv6 filter tunnel-list 3 in

  ipv6 filter block-list 100 in

  ipv6 filter dhcpv6-list 1 out

  ipv6 filter icmpv6-list 2 out

  ipv6 filter tunnel-list 3 out

  ipv6 filter dflt-list 100 out

  no shutdown

!

interface GigaEthernet1.0

  no ip address

  shutdown

!

interface GigaEthernet2.0

  description LAN1

  ip address 192.168.111.1/24

  ip dhcp binding dhcpv4-sv

  ipv6 enable

  ipv6 interface-identifier 00:00:00:00:00:00:xx:xx　<--- IPv6インタフェースID

  ipv6 dhcp server dhcpv6-sv

  ipv6 nd ra enable

  ipv6 nd ra other-config-flag

  no shutdown

!

interface BRI0.0

  encapsulation ppp

  no auto-connect

  no ip address

  shutdown

!

interface USB-Serial0.0

  encapsulation ppp

  no auto-connect

  no ip address

  shutdown

!

interface Loopback0.0

  no ip address

!

interface Null0.0

  no ip address

!

interface Tunnel0.0

  no ip address

  shutdown

!

interface Tunnel0.0　　<--- ダイナミックDNSトンネル設定

  description DynamicVPN

  tunnel mode mgre ipsec-ikev2

  ip address 169.254.255.254/16

  ip tcp adjust-mss auto

  ikev2 child-pfs 2048-bit

  ikev2 child-proposal enc aes-cbc-256 aes-cbc-192 aes-cbc-128

  ikev2 child-proposal integrity sha2-512 sha2-384 sha2-256

  ikev2 dpd interval 10

  ikev2 local-authentication psk id ipv4 169.254.255.254

  ikev2 nat-traversal keepalive 20

  ikev2 outgoing-interface Tunnel1.0 auto

  ikev2 sa-proposal enc aes-cbc-256 aes-cbc-192 aes-cbc-128

  ikev2 sa-proposal integrity sha2-512 sha2-384 sha2-256

  ikev2 sa-proposal dh 2048-bit

  ikev2 sa-proposal prf sha2-512 sha2-384 sha2-256

  ikev2 ipsec-mode transport

  ikev2 peer any authentication psk 

  no shutdown

!

!

interface Tunnel1.0　　<--- IPv6トンネル設定

  tunnel mode 4-over-6

  tunnel destination 2xx4:xx00::fxxd:1x0　<--- 固定IPトンネル終端装置のIPv6アドレス

  tunnel source GigaEthernet2.0

  ip address 2xx.xxx.x32.xxx/32　　<--- 本機のグローバルIP（固定）

  ip tcp adjust-mss auto

  ip napt enable

  ip napt static Tunnel1.0 50

  ip napt static Tunnel1.0 udp 500

  ip napt static Tunnel1.0 udp 4500

  no shutdown

!

system information lan 1 GigaEthernet2.0

system information wan 1 Tunnel1.0

system information wan 2 GigaEthernet0.0

!

web-console system information

Router(config)$ 

-------------------------------------------------------------------------