!
! Century Systems NXR-G240 Series ver 9.12.1 (build 2/11:21 29 07 2020)
!    DIP-SW : 1:off 2:off 3:off 4:off
!
hostname NXR_B
telnet-server enable
telnet-server ip forbidden-access-wan
telnet-server ipv6 forbidden-access-wan
http-server enable
http-server ip forbidden-access-wan
http-server ipv6 forbidden-access-wan
no rest http enable
no rest https enable
!
!
system power-management mode balance
!
!
!
ipv6 forwarding
no fast-forwarding enable
!
!
!
!
ppp account username test2@example.jp password test2pass
!
!
l2tp udp source-port 40001
!
!
ipsec local policy 1
 address ip
!
!
ipsec isakmp policy 1
 description NXR_A
 authentication pre-share ipseckey1
 hash sha256
 encryption aes128
 group 5
 lifetime 86400
 isakmp-mode main
 remote address ip 203.0.113.1
 local policy 1
!
!
ipsec tunnel policy 1
 description NXR_A
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 1
 set sa lifetime 28800
 match protocol etherip
!
!
interface bridge 0
 ip address 192.168.10.2/24
 ip access-group in br0_in
!
interface tunnel 1
 mtu 1500
 bridge-group 0 port 2
 no ip address
 tunnel mode ethernet ip
 tunnel source ppp 0
 tunnel destination 203.0.113.1
!
interface ppp 0
 ip address 192.0.2.2/32
 ip tcp adjust-mss auto
 ip access-group in ppp0_in
 ip access-group out ppp0_out
 ip masquerade
 ip spi-filter
 ppp username test2@example.jp
 ipsec policy 1
!
interface ethernet 0
 bridge-group 0 port 1
 no ip address
!
interface ethernet 1
 no ip address
 pppoe-client ppp 0
!
interface ethernet 2
 no ip address
!
dns
 service enable
!
!
syslog
 local enable
 exit-syslog
!
!
!
!
!
!
!
!
!
!
ip route 0.0.0.0/0 ppp 0
!
!
!
ip access-list br0_in permit 192.168.10.0/24 192.168.10.2 tcp any 23
ip access-list br0_in permit 192.168.10.0/24 192.168.10.2 tcp any 880
ip access-list ppp0_in permit 203.0.113.1 192.0.2.2 udp 500 500
ip access-list ppp0_in permit 203.0.113.1 192.0.2.2 50
ip access-list ppp0_out deny 192.0.2.2 203.0.113.1 97
!
!
!
end