!
! Century Systems NXR-120 Series ver 5.22.2 (build 29/16:42 01 02 2013)
!
hostname NXR
telnet-server enable
http-server enable
!
!
!
!
ipv6 forwarding
fast-forwarding enable
!
ppp account username android01 password android01pass
ppp account username android02 password android02pass
ppp account username test1@example.jp password test1pass
!
ipsec x509 enable
ipsec x509 ca-certificate nxrCA
ipsec x509 certificate nxr
ipsec x509 private-key nxr key
ipsec x509 private-key nxr password nxrpass
ipsec x509 crl nxrCA
!
l2tp udp source-port 1701
!
l2tpv3 udp source-port 40001
!
ipsec local policy 1
address ip
x509 certificate nxr
!
!
ipsec isakmp policy 1
description smartphone1
authentication rsa-sig
hash sha1
encryption aes128
group 5
lifetime 86400
isakmp-mode main
remote address ip any
remote identity dn C=JP,CN=smartphone1,E=smartphone@example.com
local policy 1
!
ipsec isakmp policy 2
description smartphone2
authentication rsa-sig
hash sha1
encryption aes128
group 5
lifetime 86400
isakmp-mode main
remote address ip any
remote identity dn C=JP,CN=smartphone2,E=smartphone@example.com
local policy 1
!
!
ipsec tunnel policy 1
description smartphone1
set transform esp-aes128 esp-sha1-hmac
no set pfs
set key-exchange isakmp 1
set sa lifetime 28800
match protocol l2tp-smartphone
!
ipsec tunnel policy 2
description smartphone2
set transform esp-aes128 esp-sha1-hmac
no set pfs
set key-exchange isakmp 2
set sa lifetime 28800
match protocol l2tp-smartphone
!
!
l2tp 1
tunnel address any ipsec
tunnel mode lns
tunnel virtual-template 0
!
interface virtual-template 0
ip address 172.16.0.1/32
no ip redirects
no ip rebound
ip tcp adjust-mss auto
peer ip pool smartphoneip
!
interface ppp 0
ip address 10.10.10.1/32
no ip redirects
ip tcp adjust-mss auto
ip access-group in ppp0_in
ip masquerade
ip spi-filter
ppp username test1@example.jp
ipsec policy 1
!
interface ethernet 0
ip address 192.168.10.1/24
!
interface ethernet 1
no ip address
pppoe-client ppp 0
!
dns
service enable
!
syslog
local enable
!
!
access-server profile 1
ppp username android01 ip 172.16.0.10
!
access-server profile 2
ppp username android02 ip 172.16.0.11
!
!
system led ext 0 signal-level mobile 0
!
!
!
!
!
!
ip route 0.0.0.0/0 ppp 0
!
ip local pool smartphoneip address 172.16.0.10 172.16.0.11
!
ip access-list ppp0_in permit any 10.10.10.1 udp 500 500
ip access-list ppp0_in permit any 10.10.10.1 50
!
!
!
end