!
! Century Systems NXR-G100 Series ver 6.6.1 (build 11/17:20 05 03 2015)
!    DIP-SW : 1:off 2:off 3:off 4:off
!
hostname NXR
telnet-server enable
http-server enable
!
!
system power-management mode balance
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
!
ipsec x509 enable
ipsec x509 ca-certificate nxrCA pem
ipsec x509 certificate nxr pem
ipsec x509 private-key nxr key pem
ipsec x509 private-key nxr password nxrpass
ipsec x509 crl nxrCA pem
!
ipsec local policy 1
 address ip
 x509 certificate nxr
!
!
ipsec isakmp policy 1
 description Windows
 version 2
 authentication rsa-sig
 hash sha1
 encryption aes256
 group 2
 lifetime 86400
 client configuration address-pool local RAC
 remote address ip any
 local policy 1
!
!
ipsec tunnel policy 1
 description Windows
 negotiation-mode responder
 set transform esp-aes256 esp-sha1-hmac
 no set pfs
 set key-exchange isakmp 1
 set sa lifetime 28800
 match address RemoteAccess
!
!
interface ppp 0
 ip address 10.10.10.1/32
 no ip redirects
 ip tcp adjust-mss auto
 ip access-group in ppp0_in
 ip masquerade
 ip spi-filter
 ppp username test1@example.jp password test1pass
 ipsec policy 1
!
interface ethernet 0
 ip address 192.168.10.1/24
!
interface ethernet 1
 no ip address
 pppoe-client ppp 0
!
dns
 service enable
!
syslog
 local enable
!
!
!
!
!
!
!
!
!
!
ip route 0.0.0.0/0 ppp 0
!
ipsec local pool RAC address 172.16.0.0/24
!
ip access-list ppp0_in permit any 10.10.10.1 udp any 500
ip access-list ppp0_in permit any 10.10.10.1 udp any 4500
ip access-list ppp0_in permit any 10.10.10.1 50
!
ipsec access-list RemoteAccess ip any host
!
!
end