!
! Century Systems NXR-650 Series ver 21.11.2C (build 1/15:16 24 08 2021)
!
hostname NXR_A-M
telnet-server enable
http-server enable
no rest http enable
no rest https enable
!
!
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
!
ppp account username [ISP_A接続用ユーザID] password [ISP_A接続用パスワード]
!
!
l2tp udp source-port 40001
!
!
ipsec local policy 1
 address ip
!
!
ipsec isakmp policy 1
 description NXR_B
 authentication pre-share IPsecKEY1
 keepalive 30 3 periodic clear
 hash sha256
 encryption aes128
 group 5
 lifetime 86400
 isakmp-mode aggressive
 remote address ip any
 remote identity fqdn NXRB
 local policy 1
 netevent 2 disconnect
!
!
ipsec tunnel policy 1
 description NXR_B
 negotiation-mode responder
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 1
 set sa lifetime 28800
 match address IPsec_ACL
!
!
interface tunnel 1
 no ip address
 ip tcp adjust-mss auto
 tunnel mode ipsec ipv4
 tunnel protection ipsec policy 1
!
interface ppp 0
 ip address 192.0.2.1/32
 ip tcp adjust-mss auto
 ip access-group in ppp0_IN
 ip masquerade
 ip spi-filter
 ppp username [ISP_A接続用ユーザID]
 ppp ipcp enable
 ipsec policy 1
!
interface ethernet 0
 ip address 192.168.10.1/24
 no ip redirects
 vrrp ip 1 address 192.168.10.254
 vrrp ip 1 priority 254
 vrrp ip 1 timers advertise 5
 vrrp ip 1 netevent 1 priority 50
!
interface ethernet 1
 no ip address
 pppoe-client ppp 0
!
interface ethernet 2
 no ip address
!
dns
 service enable
!
!
syslog
 local enable
 exit-syslog
!
!
!
system led ext 0 signal-level mobile 0
!
!
!
!
track 1 interface ppp 0 initial-timeout 30
track 2 interface ethernet 0
!
!
!
ip route 192.168.20.0/24 tunnel 1
ip route 192.168.20.0/24 192.168.10.2 10
ip route 0.0.0.0/0 ppp 0
!
!
!
ip access-list ppp0_IN permit any 192.0.2.1 udp 500 500
ip access-list ppp0_IN permit any 192.0.2.1 50
!
ipsec access-list IPsec_ACL ip any any
!
!
!
end