!
! Century Systems NXR-G100 Series ver 6.14.2 (build 4/16:05 18 05 2017)
!    DIP-SW : 1:off 2:off 3:off 4:off
!    USB transfer-mode : dma
!
hostname nxrg100
telnet-server enable
http-server enable
!
!
system power-management mode balance
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
!
ipsec priority-ignore enable
!
ipsec local policy 1
 address ip
!
!
ipsec isakmp policy 1
 description IPSecTunnel1
 authentication pre-share ipseckey1
 keepalive 10 3 periodic
 hash sha1
 encryption aes128
 group 2
 lifetime 28800
 isakmp-mode main
 remote address ip 10.10.100.1
 local policy 1
!
ipsec isakmp policy 2
 description IPSecTunnel2
 authentication pre-share ipseckey2
 keepalive 10 3 periodic
 hash sha1
 encryption aes128
 group 2
 lifetime 28800
 isakmp-mode main
 remote address ip 10.10.100.2
 local policy 1
!
!
ipsec tunnel policy 1
 description IPSecTunnel1
 set transform esp-aes128 esp-sha1-hmac
 set pfs group2
 set key-exchange isakmp 1
 match address ipsec_acl
!
ipsec tunnel policy 2
 description IPSecTunnel2
 set transform esp-aes128 esp-sha1-hmac
 set pfs group2
 set key-exchange isakmp 2
 match address ipsec_acl
!
!
interface tunnel 1
 ip address 169.254.25.38/30
 ip tcp adjust-mss 1379
 mtu 1436
 tunnel mode ipsec ipv4
 no tunnel path-mtu-discovery
 tunnel protection ipsec policy 1
!
interface tunnel 2
 ip address 169.254.24.254/30
 ip tcp adjust-mss 1379
 mtu 1436
 tunnel mode ipsec ipv4
 no tunnel path-mtu-discovery
 tunnel protection ipsec policy 2
!
interface ethernet 0
 ip address 192.168.10.1/24
!
interface ethernet 1
 ip address 10.10.10.1/30
 ip access-group in eth1_in
 ip masquerade
 ip spi-filter
 ipsec policy 1
!
dns
 service enable
 address 10.10.10.2
!
syslog
 local enable
!
!
!
!
!
!
!
!
!
!
ip route 10.0.1.0/24 tunnel 1
ip route 10.0.1.0/24 tunnel 2 10
ip route 10.0.1.0/24 null 254
ip route 0.0.0.0/0 10.10.10.2
!
ip access-list eth1_in permit 10.10.100.1 10.10.10.1 udp 500 500
ip access-list eth1_in permit 10.10.100.1 10.10.10.1 50
ip access-list eth1_in permit 10.10.100.2 10.10.10.1 udp 500 500
ip access-list eth1_in permit 10.10.100.2 10.10.10.1 50
!
ipsec access-list ipsec_acl ip any any
!
!
!
end