やっと某氏の自宅にあるIX2015との間でトンネルが開通しましたw
とりあえず成功した設定を置いておきますねw
hostname amu
timezone +09 00
ntp ip enable
ntp server 133.243.238.163
ntp server 133.243.238.243
ntp interval 3600
logging buffered 4096
logging subsystem all error
logging timestamp datetime
ip route default 自宅のdefault gateway
ip route 192.168.x.0/24 Tunnel0.0
ip route 192.168.y.0/24 Tunnel0.0
ip route 192.168.x.0/24 Tunnel0.0
ip access-list http-acl permit ip src x.x.x.x/32 dest any
ip access-list sec-list permit ip src any dest any
ip access-list telnet-acl permit ip src 10.x.0.0/24 dest any
ip access-list telnet-acl permit ip src 210.x.x.x/24 dest any
ip access-list telnet-acl permit ip src x.x.x.x/32 dest any
ip ufs-cache enable
arp auto-refresh
ike proposal ikeprop encryption aes hash sha
ike policy ike-policy peer any key 共有鍵 ikeprop
ipsec autokey-proposal secprop esp-aes esp-sha
ipsec autokey-map ipsec-policy sec-list peer 拠点SのIX2015global側IP secprop
ipsec local-id ipsec-policy 10.x.0.0/24
ipsec remote-id ipsec-policy x.x.x.x/16
snmp-agent ip enable
snmp-agent ip community コミュニティ名
snmp-agent contact minkypal
proxy-dns ip enable
proxy-dns server ISPのDNS
telnet-server ip enable
telnet-server ip access-list telnet-acl
http-server username admin
http-server ip access-list http-acl
http-server ip enable
device FastEthernet0/0
device FastEthernet0/1
device FastEthernet1/0
device BRI1/0
isdn switch-type hsd128k
interface FastEthernet0/0.0
ip address 自宅IX2015のglobal側IP/25
ip tcp adjust-mss auto
no shutdown
interface FastEthernet0/1.0
ip address 自宅IX2015のprivate側IP/24
no shutdown
interface FastEthernet1/0.0
no ip address
shutdown
interface BRI1/0.0
encapsulation ppp
no auto-connect
no ip address
shutdown
interface Loopback0.0
no ip address
interface Null0.0
no ip address
interface Tunnel0.0
description 某しゃ氏
tunnel mode ipsec
ip unnumbered FastEthernet0/0.0
ip tcp adjust-mss auto
ipsec policy tunnel ipsec-policy out
no shutdown
さて、次は実家とのVPNだ。ケーブルモデムの下だからかなりやりにくいんだよなぁ(^^;
コメント