set1

センターと2つの拠点をダイアルアップVPNで接続するとき

--------------------------------------------------------------------------------

概要
1台のルータがセンターの役割を担い、残りの2拠点がセンターへ接続します。この例では説明の都合上、2つの拠点しかありませんが、拠点の数が大きい場合の一般的な構成になります。

構成図

Rev.6.02系のファームウェアの設定例です。
[ルータ1の設定例] 　[ルータ2の設定例] 　[ルータ3の設定例]

[ルータ1の設定例]

#
# LAN1 interface
#
ip lan1 address 192.168.0.1/24
#
# PP interface
#
pp select 1
pppoe use lan2
pp always-on on
ppp lcp mru on 1454
ip pp mtu 1454
ip route default gateway pp 1
ppp ccp type none
pp auth accept pap chap
pp auth myname NAME PASSWORD
ip pp address 172.16.0.1
ip pp nat descriptor 1
pp enable 1
#
# IKE
#
ipsec auto refresh on
#
# IKE (ルータ2に関する設定)
#
ipsec ike local address 1 172.16.0.1
ipsec ike remote address 1 any
ipsec ike remote name 1 router2
ipsec ike pre-shared-key 1 text himitsu1
ipsec sa policy 101 1 esp 3des-cbc sha1-hmac
#
# IKE (ルータ3に関する設定)
#
ipsec ike local address 2 172.16.0.1
ipsec ike remote address 2 any
ipsec ike remote name 2 router3
ipsec ike pre-shared-key 2 text himitsu2
ipsec sa policy 102 2 esp 3des-cbc sha1-hmac
#
# TUNNEL interface (ルータ2に関する設定)
#
tunnel select 1
ipsec tunnel 101
ip route 192.168.1.0/24 gateway tunnel 1
tunnel enable 1
#
# TUNNEL interface (ルータ3に関する設定)
#
tunnel select 2
ipsec tunnel 102
ip route 192.168.2.0/24 gateway tunnel 2
tunnel enable 2
#
# NAT descriptor
#
nat descriptor type 1 masquerade
nat descriptor address outer 1 172.16.0.1
nat descriptor address inner 1 172.16.0.1 192.168.0.1-192.168.0.254
nat descriptor masquerade static 1 1 172.16.0.1 udp 500
nat descriptor masquerade static 1 2 172.16.0.1 esp *

[ルータ2の設定例]

#
# LAN1 interface
#
ip lan1 address 192.168.1.1/24
#
# PP interface
#
pp select 1
pppoe use lan2
pp always-on on
ppp lcp mru on 1454
ip pp mtu 1454
ip route default gateway pp 1
ppp ccp type none
pp auth accept pap chap
pp auth myname NAME PASSWORD
ppp ipcp ipaddress on
ip pp nat descriptor 1
pp enable 1
#
# IKE
#
ipsec auto refresh on
ipsec ike local address 1 192.168.1.1
ipsec ike local name 1 router2
ipsec ike remote address 1 172.16.0.1
ipsec ike pre-shared-key 1 text himitsu1
ipsec sa policy 101 1 esp 3des-cbc sha1-hmac

#
# TUNNEL interface
#
tunnel select 1
ipsec tunnel 101
ip route 192.168.0.0/24 gateway tunnel 1
tunnel enable 1
#
# NAT descriptor
#
nat descriptor type 1 masquerade
nat descriptor address outer 1 ipcp
nat descriptor address inner 1 192.168.1.1-192.168.1.254
nat descriptor masquerade static 1 1 192.168.1.1 udp 500
nat descriptor masquerade static 1 2 192.168.1.1 esp *

[ルータ3の設定例]

#
# LAN1 interface
#
ip lan1 address 192.168.2.1/24
#
# PP interface
#
pp select 1
pppoe use lan2
pp always-on on
ppp lcp mru on 1454
ip pp mtu 1454
ip route default gateway pp 1
ppp ccp type none
pp auth accept pap chap
pp auth myname NAME PASSWORD
ppp ipcp ipaddress on
ip pp nat descriptor 1
pp enable 1
#
# IKE
#
ipsec auto refresh on
ipsec ike local address 1 192.168.2.1
ipsec ike local name 1 router3
ipsec ike remote address 1 172.16.0.1
ipsec ike pre-shared-key 1 text himitsu2
ipsec sa policy 101 1 esp 3des-cbc sha1-hmac

#
# TUNNEL interface
#
tunnel select 1
ipsec tunnel 101
ip route 192.168.0.0/24 gateway tunnel 1
tunnel enable 1
#
# NAT descriptor
#
nat descriptor type 1 masquerade
nat descriptor address outer 1 ipcp
nat descriptor address inner 1 192.168.2.1-192.168.2.254
nat descriptor masquerade static 1 1 192.168.2.1 udp 500
nat descriptor masquerade static 1 2 192.168.2.1 esp *

↑　TOP , KIKI & SET