!
! Century Systems NXR-G110 Series ver 21.7.6 (build 55/10:18 23 12 2020)
!    DIP-SW : 1:off 2:off 3:off 4:off
!
hostname NXR
telnet-server enable
telnet-server ip forbidden-access-wan
telnet-server ipv6 forbidden-access-wan
http-server enable
http-server ip forbidden-access-wan
http-server ipv6 forbidden-access-wan
no rest http enable
no rest https enable
!
!
system power-management mode balance
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
!
ppp account username android01 password android01pass
ppp account username android02 password android02pass
ppp account username android03 password android03pass
ppp account username [ISP接続用ユーザID] password [ISP接続用パスワード]
!
ipsec nat-traversal enable
!
l2tp udp source-port 1701
!
l2tpv3 udp source-port 40001
!
ipsec local policy 1
 address ip
!
!
ipsec isakmp policy 1
 description smartdevice
 authentication pre-share ipseckey
 hash sha256
 encryption aes128
 group 5
 lifetime 86400
 isakmp-mode main
 remote address ip any
 local policy 1
!
!
ipsec tunnel policy 1
 description smartdevice
 set transform esp-aes128 esp-sha256-hmac
 no set pfs
 set key-exchange isakmp 1
 set sa lifetime 28800
 match protocol l2tp-smartphone nat-traversal
!
!
l2tp 1
 tunnel address any ipsec
 tunnel mode lns
 tunnel virtual-template 0
!
interface virtual-template 0
 ip address 192.168.10.1/32
 no ip rebound
 ip tcp adjust-mss auto
 peer ip proxy-arp
 peer ip pool smartdevice
!
interface ppp 0
 ip address 192.0.2.1/32
 ip tcp adjust-mss auto
 ip access-group in ppp0_in
 ip masquerade
 ip spi-filter
 ppp username [ISP接続用ユーザID]
 ppp ipcp enable
 ipsec policy 1
!
interface ethernet 0
 ip address 192.168.10.1/24
!
interface ethernet 1
 no ip address
 pppoe-client ppp 0
!
dns
 service enable
!
!
syslog
 local enable
 exit-syslog
!
!
access-server profile 1
 ppp username android01 ip 192.168.10.100
!
!
!
!
!
!
!
!
!
ip route 0.0.0.0/0 ppp 0
!
ip local pool smartdevice address 192.168.10.101 192.168.10.102
!
!
!
ip access-list ppp0_in permit any 192.0.2.1 udp any 500
ip access-list ppp0_in permit any 192.0.2.1 udp any 4500
ip access-list ppp0_in permit any 192.0.2.1 50
!
!
!
end