!
! Century Systems NXR-125 Series ver 5.25.2 (build 1/21:01 17 01 2014)
!
hostname NXR
telnet-server enable
http-server enable
!
!
!
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
ipsec nat-traversal enable
!
ipsec local policy 1
 address ip
!
!
ipsec isakmp policy 1
 description WindowsAzure
 authentication pre-share ipseckey
 no keepalive
 hash sha1
 encryption aes256
 group 2
 lifetime 28800
 isakmp-mode main
 remote address ip 10.10.100.1
 local policy 1
!
!
ipsec tunnel policy 1
 description WindowsAzure
 set transform esp-aes256 esp-sha1-hmac
 no set pfs
 set key-exchange isakmp 1
 match address ipsec_acl
!
!
interface tunnel 1
 no ip address
 ip tcp adjust-mss 1350
 tunnel mode ipsec ipv4
 tunnel protection ipsec policy 1
!
interface ethernet 0
 ip address 192.168.10.1/24
!
interface ethernet 1
 ip address 10.10.10.1/30
 no ip redirects
 ip tcp adjust-mss auto
 ip access-group in eth1_in
 ip masquerade
 ip spi-filter
 ipsec policy 1
!
dns
 service enable
 address 10.255.1.1
!
syslog
 local enable
!
!
!
system led ext 0 signal-level mobile 0
!
!
!
!
!
!
ip route 172.16.0.0/20 tunnel 1
ip route 172.16.0.0/20 null 254
ip route 0.0.0.0/0 10.10.10.2
!
ip access-list eth1_in permit any 10.10.10.1 udp any 500
ip access-list eth1_in permit any 10.10.10.1 udp any 4500
ip access-list eth1_in permit any 10.10.10.1 50
!
ipsec access-list ipsec_acl ip 192.168.10.0/24 172.16.0.0/20
!
!
!
end