!
! Century Systems NXR-530 Series ver 21.11.13 (build 10/16:18 09 03 2023)
!
hostname NXR_B
telnet-server enable
telnet-server ip forbidden-access-wan
telnet-server ipv6 forbidden-access-wan
http-server enable
http-server ip forbidden-access-wan
http-server ipv6 forbidden-access-wan
no rest http enable
no rest https enable
!
!
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
!
!
ipsec nat-traversal enable
!
l2tp udp source-port 40001
!
!
mape-rule VIRTUALCONNECT type ocn auto
!
!
ipsec local policy 1
 address ip
 self-identity fqdn NXRB
!
!
ipsec isakmp policy 1
 description NXR_A
 authentication pre-share IPsecKEY
 hash sha256
 encryption aes128
 group 5
 lifetime 86400
 isakmp-mode aggressive
 remote address ip 203.0.113.1
 local policy 1
!
!
ipsec tunnel policy 1
 description NXR_A
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 1
 set sa lifetime 28800
 match address IPsec_ACL
!
!
interface tunnel 1
 no ip address
 ip tcp adjust-mss auto
 tunnel mode ipsec ipv4
 tunnel protection ipsec policy 1
!
interface map 0
 no shutdown
 ip address mape-rule
 ip tcp adjust-mss auto
 ip spi-filter
 tunnel mode ipipv6 mape-rule VIRTUALCONNECT
 no tunnel encap-limit
 ipsec policy 1
!
interface ethernet 0
 ip address 192.168.20.1/24
 ip access-linkdown
 ipv6 address autoconfig interface-id mape-rule VIRTUALCONNECT
 ipv6 nd other-config-flag
 ipv6 nd ra-dns-server dhcp-client ethernet 1
 ipv6 nd send-ra
 ipv6 dhcp server IPv6DHCPS
 ipv6 access-linkdown
!
interface ethernet 1
 no ip address
 ipv6 access-group in eth1_IN
 ipv6 spi-filter
 ipv6 nd accept-ra proxy ethernet 0
 ipv6 dhcp client IPv6DHCPC
!
interface ethernet 2
 no ip address
!
dns
 service enable
 edns-query enable
!
!
syslog
 local enable
 exit-syslog
!
dhcp-server 1
 network 192.168.20.0/24 range 192.168.20.200 192.168.20.210
 gateway 192.168.20.1
 dns-server 192.168.20.1
!
!
ipv6 dhcp-client IPv6DHCPC
 information-only enable
 option-request dns-servers
!
ipv6 dhcp-server IPv6DHCPS
 option-send dns-server add ipv6 dhcp-client ethernet 1
!
!
system led ext 0 signal-level mobile 0
!
!
!
!
!
!
!
ip route 192.168.10.0/24 tunnel 1
ip route 192.168.10.0/24 null 254
ip route 0.0.0.0/0 map 0
!
!
!
ipv6 access-list eth1_IN permit any any icmpv6
ipv6 access-list eth1_IN permit any any udp any 546
ipv6 access-list eth1_IN permit any any 4
!
ipsec access-list IPsec_ACL ip any any
!
!
!
end