!
! Century Systems NXR-230 Series ver 5.26.13 (build 1/20:51 07 06 2016)
!
hostname NXR_A
telnet-server enable
http-server enable
!
!
!
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
ipsec local policy 1
 address ip
!
!
ipsec isakmp policy 1
 description NXR_B
 authentication pre-share ipseckey1
 hash sha256
 encryption aes128
 group 5
 isakmp-mode main
 remote address ip 10.10.20.1
 local policy 1
!
ipsec isakmp policy 2
 description NXR_C
 authentication pre-share ipseckey2
 keepalive 30 3 periodic clear
 hash sha256
 encryption aes128
 group 5
 isakmp-mode aggressive
 remote address ip any
 remote identity fqdn nxrc
 local policy 1
!
!
ipsec tunnel policy 1
 description NXR_B
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 1
 match address NXR_B
!
ipsec tunnel policy 2
 description NXR_C
 negotiation-mode responder
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 2
 match address NXR_C
!
!
interface tunnel 1
 description NXR_B
 no ip address
 ip tcp adjust-mss auto
 tunnel source 192.168.10.1
 tunnel destination 192.168.20.1
 tunnel ttl 255
!
interface tunnel 2
 description NXR_C
 no ip address
 ip tcp adjust-mss auto
 tunnel source 192.168.10.1
 tunnel destination 192.168.30.1
 tunnel ttl 255
!
interface ethernet 0
 ip address 192.168.10.1/24
!
interface ethernet 1
 ip address 10.10.10.1/30
 ip access-group in eth1_in
 ip masquerade
 ip spi-filter
 ipsec policy 1
!
interface ethernet 2
 no ip address
!
dns
 service enable
 address 10.10.10.2
!
syslog
 local enable
!
!
!
system led ext 0 signal-level mobile 0
!
!
!
!
!
!
ip route 192.168.20.0/24 tunnel 1
ip route 192.168.30.0/24 tunnel 2
ip route 0.0.0.0/0 10.10.10.2
!
ip access-list eth1_in permit any 10.10.10.1 udp 500 500
ip access-list eth1_in permit any 10.10.10.1 50
!
ipsec access-list NXR_B ip 192.168.10.1/32 192.168.20.1/32
ipsec access-list NXR_C ip 192.168.10.1/32 192.168.30.1/32
!
!
!
end