! ! Century Systems NXR-G100 Series ver 6.20.0 (build 11/11:57 18 06 2019) ! DIP-SW : 1:off 2:off 3:off 4:off ! USB transfer-mode : dma ! hostname NXR_B telnet-server enable http-server enable ! ! system power-management mode balance ! ! ! ipv6 forwarding fast-forwarding enable ! ! ! ppp account username [モバイル接続用ユーザID] password [モバイル接続用パスワード] ! ipsec nat-traversal enable ipsec priority-ignore enable ! ipsec local policy 1 address ipv6 ! ipsec local policy 2 address ip self-identity fqdn nxrb ! ! ipsec isakmp policy 1 description NXR_A_main authentication pre-share ipseckey hash sha256 encryption aes128 group 5 lifetime 86400 isakmp-mode main remote address ipv6 sample1.i.open.ad.jp local policy 1 ! ipsec isakmp policy 2 description NXR_A_backup authentication pre-share ipseckey hash sha256 encryption aes128 group 5 lifetime 86400 isakmp-mode aggressive remote address ip 203.0.113.1 local policy 2 netevent 1 connect ! ! ipsec tunnel policy 1 description NXR_A_main set transform esp-aes128 esp-sha256-hmac set pfs group5 set key-exchange isakmp 1 set sa lifetime 28800 match address ipsec_acl ! ipsec tunnel policy 2 description NXR_A_backup set transform esp-aes128 esp-sha256-hmac set pfs group5 set key-exchange isakmp 2 set sa lifetime 28800 match address ipsec_acl ! ! interface tunnel 1 no ip address no ip rebound ip tcp adjust-mss auto tunnel mode ipsec ipv6 tunnel protection ipsec policy 1 ! interface tunnel 2 no ip address ip tcp adjust-mss auto tunnel mode ipsec ipv4 tunnel protection ipsec policy 2 ! interface ppp 0 ip address negotiated ip tcp adjust-mss auto ip access-group in ppp0_in ip masquerade ip spi-filter ppp username [モバイル接続用ユーザID] ppp ipcp dns reject dial-up string *99***[CID]# dial-up timeout 30 mobile apn [APN] cid [CID] pdp-type ip ipsec policy 2 ! interface ethernet 0 ip address 192.168.20.1/24 ! interface ethernet 1 no ip address ipv6 access-group in eth1_in ipv6 spi-filter ipv6 address autoconfig interface-id ::1 ipv6 dhcp client ipv6dhcpc ipsec policy 1 ! dns service enable edns-query enable ! ddns service enable ddns-provider http-client account username [DDNS用ユーザID] password [DDNS用パスワード] bind-interface ethernet 1 url ipv6 http://ddnsapi-v6.open.ad.jp/api/renew/ query [ホストキー] forced-update-interval 1 ! syslog local enable ! ! ipv6 dhcp-client ipv6dhcpc information-only enable option-request dns-servers ! mobile 1 ppp 0 mobile 1 carrier [キャリア] mobile error-recovery-reset mobile termination-recovery reset ! ! ! ! ! track 1 ipsec isakmp 1 ! ! ! ip route 203.0.113.1/32 ppp 0 ip route 192.168.10.0/24 tunnel 2 ip route 0.0.0.0/0 tunnel 1 ip route 0.0.0.0/0 null 254 ! ip access-list ppp0_in permit 203.0.113.1 any udp 500 500 ip access-list ppp0_in permit 203.0.113.1 any udp 4500 4500 ip access-list ppp0_in permit 203.0.113.1 any 50 ! ipv6 access-list eth1_in permit any any icmpv6 ipv6 access-list eth1_in permit any any udp any 546 ipv6 access-list eth1_in permit any any udp 500 500 ipv6 access-list eth1_in permit any any 50 ! ipsec access-list ipsec_acl ip any any ! ! ! end