! ! Century Systems NXR-530 Series ver 21.11.13 (build 10/16:18 09 03 2023) ! hostname NXR_B telnet-server enable telnet-server ip forbidden-access-wan telnet-server ipv6 forbidden-access-wan http-server enable http-server ip forbidden-access-wan http-server ipv6 forbidden-access-wan no rest http enable no rest https enable ! ! ! ! ! ipv6 forwarding fast-forwarding enable ! ! ! ! ! ipsec nat-traversal enable ! l2tp udp source-port 40001 ! ! mape-rule VIRTUALCONNECT type ocn auto ! ! ipsec local policy 1 address ip self-identity fqdn NXRB ! ! ipsec isakmp policy 1 description NXR_A authentication pre-share IPsecKEY hash sha256 encryption aes128 group 5 lifetime 86400 isakmp-mode aggressive remote address ip 203.0.113.1 local policy 1 ! ! ipsec tunnel policy 1 description NXR_A set transform esp-aes128 esp-sha256-hmac set pfs group5 set key-exchange isakmp 1 set sa lifetime 28800 match address IPsec_ACL ! ! interface tunnel 1 no ip address ip tcp adjust-mss auto tunnel mode ipsec ipv4 tunnel protection ipsec policy 1 ! interface map 0 no shutdown ip address mape-rule ip tcp adjust-mss auto ip spi-filter tunnel mode ipipv6 mape-rule VIRTUALCONNECT no tunnel encap-limit ipsec policy 1 ! interface ethernet 0 ip address 192.168.20.1/24 ip access-linkdown ipv6 address autoconfig interface-id mape-rule VIRTUALCONNECT ipv6 nd other-config-flag ipv6 nd ra-dns-server dhcp-client ethernet 1 ipv6 nd send-ra ipv6 dhcp server IPv6DHCPS ipv6 access-linkdown ! interface ethernet 1 no ip address ipv6 access-group in eth1_IN ipv6 spi-filter ipv6 nd accept-ra proxy ethernet 0 ipv6 dhcp client IPv6DHCPC ! interface ethernet 2 no ip address ! dns service enable edns-query enable ! ! syslog local enable exit-syslog ! dhcp-server 1 network 192.168.20.0/24 range 192.168.20.200 192.168.20.210 gateway 192.168.20.1 dns-server 192.168.20.1 ! ! ipv6 dhcp-client IPv6DHCPC information-only enable option-request dns-servers ! ipv6 dhcp-server IPv6DHCPS option-send dns-server add ipv6 dhcp-client ethernet 1 ! ! system led ext 0 signal-level mobile 0 ! ! ! ! ! ! ! ip route 192.168.10.0/24 tunnel 1 ip route 192.168.10.0/24 null 254 ip route 0.0.0.0/0 map 0 ! ! ! ipv6 access-list eth1_IN permit any any icmpv6 ipv6 access-list eth1_IN permit any any udp any 546 ipv6 access-list eth1_IN permit any any 4 ! ipsec access-list IPsec_ACL ip any any ! ! ! end