! ! Century Systems NXR-G110 Series ver 21.7.8 (build 4/10:02 11 03 2021) ! DIP-SW : 1:off 2:off 3:off 4:off ! hostname NXR telnet-server enable telnet-server ip forbidden-access-wan telnet-server ipv6 forbidden-access-wan http-server enable http-server ip forbidden-access-wan http-server ipv6 forbidden-access-wan no rest http enable no rest https enable ! ! system power-management mode balance ! ! ! ipv6 forwarding no fast-forwarding enable ! ! ! ! ! ipsec nat-traversal enable ! l2tp udp source-port 40001 ! ! ipsec local policy 1 address ip self-identity fqdn nxr ! ! ipsec isakmp policy 1 description VXR authentication pre-share ipseckey hash sha256 encryption aes128 group 5 lifetime 86400 isakmp-mode aggressive remote address ip 203.0.113.1 remote identity fqdn vxr local policy 1 ! ! ipsec tunnel policy 1 description VXR set transform esp-aes128 esp-sha256-hmac set pfs group5 set key-exchange isakmp 1 set sa lifetime 28800 match address ipsec_acl ! ! interface tunnel 1 no ip address ip tcp adjust-mss auto tunnel mode ipsec ipv4 tunnel protection ipsec policy 1 ! interface ethernet 0 ip address 192.168.10.1/24 ! interface ethernet 1 no ip address ! interface wwan 0 ip address dhcp ip tcp adjust-mss auto ip access-group in wwan0_in ip masquerade ip spi-filter wwan username [WWAN接続用ユーザID] password [WWAN接続用パスワード] wwan authentication chap mobile apn [APN] cid 1 pdp-type ip ipsec policy 1 ! dns service enable ! ! syslog local enable exit-syslog ! ! mobile 1 carrier [キャリア] mobile error-recovery-reset ! ! ! ! ! ! ! ! ip route 10.0.1.0/24 tunnel 1 ip route 10.0.1.0/24 null 254 ! ! ! ip access-list wwan0_in permit 203.0.113.1 any udp any 500 ip access-list wwan0_in permit 203.0.113.1 any udp any 4500 ! ipsec access-list ipsec_acl ip any any ! ! ! end