# v6Direct/固定IP1 リモート接続用VPNサーバー設定 (PPTP + L2TP/IPsec) # # 25行目に 「インターフェースID」 # 44,94行目に「BRアドレス」 # 82行目に 「IPv4アドレス」 # # 以下、VPN接続設定 # 35行目に「ユーザー名、パスワード」 # 56行目にL2TP/IPsec用の「事前共有鍵」 # # 116行目 を「off」にすることで、PPTPを停止することが可能です。 # 117行目 を「off」にすることで、L2TP/IPsecを停止することが可能です。 # # お客様環境下にあわせてお使い下さい。 # # # # # # show config ip route default gateway tunnel 1 ipv6 prefix 1 ra-prefix@lan3::/64 ip lan1 address 192.168.100.1/24 ip lan1 proxyarp on ipv6 lan1 address ra-prefix@lan3::6f:6f6f:6f00:0/64 ipv6 lan1 rtadv send 1 o_flag=on ipv6 lan1 dhcp service server description lan3 v6Direct ipv6 lan3 secure filter in 102000 102001 102002 200 100 ipv6 lan3 secure filter out 102099 dynamic 102080 102081 102082 102083 102084 102085 102098 102099 ipv6 lan3 dhcp service client ir=on pp select anonymous pp bind tunnel2-tunnel3 pp auth request mschap-v2 pp auth username user1 password1 ppp ipcp ipaddress on ppp ipcp msext on ppp ccp type mppe-any ip pp remote address pool 192.168.100.192-192.168.100.199 ip pp mtu 1258 pp enable anonymous tunnel select 1 tunnel encapsulation ipip tunnel endpoint address 2222:2222:2222:2222::22 ip tunnel secure filter in 200030 200100 200101 200102 200103 200104 200105 100 ip tunnel secure filter out 200099 dynamic 200080 200082 200083 200084 200098 200099 ip tunnel nat descriptor 1 ip tunnel tcp mss limit auto tunnel enable 1 tunnel select 2 tunnel encapsulation l2tp ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive use 1 off ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text Jizen-Kyouyuu-Kagi ipsec ike remote address 1 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 2 tunnel select 3 tunnel encapsulation pptp pptp tunnel disconnect time off tunnel enable 3 ip filter 100 reject * * ip filter 200030 pass * 192.168.100.0/24 icmp * * ip filter 200099 pass * * * * * ip filter 200100 pass * 192.168.100.1 udp * 500 ip filter 200101 pass * 192.168.100.1 esp * * ip filter 200102 pass * 192.168.100.1 udp * 4500 ip filter 200103 pass * 192.168.100.1 udp * 1701 ip filter 200104 pass * 192.168.100.1 tcp * 1723 ip filter 200105 pass * 192.168.100.1 gre * * ip filter 500000 restrict * * * * * ip filter dynamic 200080 * * ftp ip filter dynamic 200082 * * www ip filter dynamic 200083 * * smtp ip filter dynamic 200084 * * pop3 ip filter dynamic 200098 * * tcp ip filter dynamic 200099 * * udp nat descriptor type 1 masquerade nat descriptor address outer 1 111.111.111.111 nat descriptor address inner 1 192.168.100.1-192.168.100.254 nat descriptor masquerade incoming 1 reject nat descriptor masquerade static 1 1 192.168.100.1 udp 500 nat descriptor masquerade static 1 2 192.168.100.1 esp nat descriptor masquerade static 1 3 192.168.100.1 udp 4500 nat descriptor masquerade static 1 4 192.168.100.1 udp 1701 nat descriptor masquerade static 1 5 192.168.100.1 tcp 1723 nat descriptor masquerade static 1 6 192.168.100.1 gre ipsec auto refresh on ipsec transport 2 1 udp 1701 ipv6 filter 100 reject * * ipv6 filter 200 pass 2222:2222:2222:2222::22 * 4 ipv6 filter 102000 pass * * icmp6 * * ipv6 filter 102001 pass * * tcp * ident ipv6 filter 102002 pass * * udp * 546 ipv6 filter 102099 pass * * * * * ipv6 filter dynamic 102080 * * ftp ipv6 filter dynamic 102081 * * domain ipv6 filter dynamic 102082 * * www ipv6 filter dynamic 102083 * * smtp ipv6 filter dynamic 102084 * * pop3 ipv6 filter dynamic 102085 * * submission ipv6 filter dynamic 102098 * * tcp ipv6 filter dynamic 102099 * * udp telnetd host lan dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 192.168.100.2-192.168.100.191/24 dns host lan1 dns service fallback on dns server dhcp lan3 dns server select 500000 dhcp lan3 any . dns private address spoof on pptp service on l2tp service on statistics traffic on statistics nat on