!
! Century Systems NXR-G100 Series ver 6.11.0 (build 22/15:54 29 02 2016)
!
hostname NXR_B
telnet-server enable
http-server enable
!
!
system power-management mode balance
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
ppp account username test2@example.jp password test2pass
ppp account username [ユーザID] password [パスワード]
!
ipsec priority-ignore enable
!
ipsec local policy 1
 address ip
 self-identity fqdn nxrb_m
!
ipsec local policy 2
 address ip
 self-identity fqdn nxrb_b
!
!
ipsec isakmp policy 1
 description NXR_A1
 authentication pre-share ipseckey1
 hash sha256
 encryption aes128
 group 5
 isakmp-mode aggressive
 remote address ip 10.10.10.1
 local policy 1
!
ipsec isakmp policy 2
 description NXR_A2
 authentication pre-share ipseckey2
 hash sha256
 encryption aes128
 group 5
 isakmp-mode aggressive
 remote address ip 10.10.20.1
 local policy 2
!
!
ipsec tunnel policy 1
 description NXR_A1
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 1
 match address ipsec_acl
!
ipsec tunnel policy 2
 description NXR_A2
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 2
 match address ipsec_acl
!
!
interface loopback 0
 ip address 10.10.0.2/32
!
interface tunnel 1
 no ip address
 ip tcp adjust-mss auto
 tunnel mode ipsec ipv4
 tunnel protection ipsec policy 1
!
interface tunnel 2
 no ip address
 ip tcp adjust-mss auto
 tunnel mode ipsec ipv4
 tunnel protection ipsec policy 2
!
interface ppp 0
 ip address negotiated
 ip tcp adjust-mss auto
 ip access-group in ppp0_in
 ip masquerade
 ip spi-filter
 ppp username test2@example.jp
 ipsec policy 1
!
interface ppp 1
 ip address negotiated
 ip send-source
 ip tcp adjust-mss auto
 ip access-group in ppp1_in
 ip masquerade
 ip spi-filter
 ppp username [ユーザID]
 dial-up string *99***[CID]#
 dial-up timeout 30
 mobile apn [APN] cid [CID] pdp-type [PDPタイプ]
 ipsec policy 2
 netevent 1 connect
!
interface ethernet 0
 ip address 192.168.20.1/24
!
interface ethernet 1
 no ip address
 pppoe-client ppp 0
!
router bgp 65100
 network 192.168.20.0/24
 neighbor 10.10.0.1 remote-as 65000
 neighbor 10.10.0.1 ebgp-multihop 255
 neighbor 10.10.0.1 update-source loopback 0
 neighbor 10.10.0.1 timers 30 90
!
dns
 service enable
!
syslog
 local enable
!
!
mobile 1 ppp 1
mobile error-recovery-reset
mobile termination-recovery reset
!
!
!
!
!
track 1 bgp neighbor 10.10.0.1 initial-timeout 30 delay 60
!
!
!
ip route 192.168.10.0/24 tunnel 2 30
ip route 192.168.10.0/24 null 254
ip route 10.10.0.1/32 tunnel 1
ip route 10.10.0.1/32 null 254
ip route 0.0.0.0/0 ppp 0
ip route 0.0.0.0/0 ppp 1 10
!
ip access-list ppp0_in permit 10.10.10.1 any udp 500 500
ip access-list ppp0_in permit 10.10.10.1 any 50
ip access-list ppp1_in permit 10.10.20.1 any udp 500 500
ip access-list ppp1_in permit 10.10.20.1 any 50
!
ipsec access-list ipsec_acl ip any any
!
!
end