!
! Century Systems NXR-650 Series ver 21.11.2C (build 1/15:16 24 08 2021)
!
hostname NXR_A
telnet-server enable
http-server enable
no rest http enable
no rest https enable
!
!
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
!
!
!
ipsec x509 enable
ipsec x509 ca-certificate NXR pem
ipsec x509 certificate NXRA pem
ipsec x509 private-key NXRA key pem
ipsec x509 private-key NXRA password [NXR_Aの秘密鍵パスフレーズ]
ipsec x509 crl NXR pem
!
l2tp udp source-port 40001
!
!
ipsec local policy 1
 address ip
 self-identity dn /C=JP/CN=nxra
 x509 certificate NXRA
!
!
ipsec isakmp policy 1
 description NXR_B
 authentication rsa-sig
 hash sha256
 encryption aes128
 group 5
 lifetime 86400
 isakmp-mode main
 remote address ip 203.0.113.5
 remote identity dn /C=JP/CN=nxrb
 local policy 1
!
!
ipsec tunnel policy 1
 description NXR_B
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 1
 set sa lifetime 28800
 match address IPsec_ACL
!
!
interface ethernet 0
 ip address 192.168.10.1/24
!
interface ethernet 1
 ip address 203.0.113.1/30
 ipsec policy 1
!
interface ethernet 2
 no ip address
!
dns
 service enable
!
!
syslog
 local enable
 exit-syslog
!
!
!
system led ext 0 signal-level mobile 0
!
!
!
!
!
!
!
ip route 203.0.113.5/32 203.0.113.2
!
!
!
ipsec access-list IPsec_ACL ip 192.168.10.0/24 192.168.20.0/24
!
!
!
end