!
! Century Systems NXR-G120 Series ver 21.15.1 (build 6/14:16 26 07 2023)
!
hostname NXR_B
telnet-server enable
telnet-server ip forbidden-access-wan
telnet-server ipv6 forbidden-access-wan
http-server enable
http-server ip forbidden-access-wan
http-server ipv6 forbidden-access-wan
no rest http enable
no rest https enable
!
!
system power-management mode balance
!
!
!
ipv6 forwarding
no fast-forwarding enable
!
!
!
ppp account username [CARRIER_A接続用ユーザID] password [CARRIER_A接続用パスワード]
ppp account username [CARRIER_B接続用ユーザID] password [CARRIER_B接続用パスワード]
!
ipsec nat-traversal enable
!
l2tp udp source-port 40001
!
!
ipsec local policy 1
 address ip
 self-identity fqdn NXRB
!
ipsec local policy 2
 address ip
 self-identity fqdn NXRB
!
!
ipsec isakmp policy 1
 description NXR_A
 authentication pre-share IPsecKEY
 hash sha256
 encryption aes128
 group 5
 lifetime 86400
 isakmp-mode aggressive
 remote address ip 203.0.113.1
 local policy 1 netevent 2048 change 2
!
!
ipsec tunnel policy 1
 description NXR_A
 set transform esp-aes128 esp-sha256-hmac
 set pfs group5
 set key-exchange isakmp 1
 set sa lifetime 28800
 match address IPsec_ACL
!
!
interface tunnel 1
 no ip address
 ip tcp adjust-mss auto
 tunnel mode ipsec ipv4
 tunnel protection ipsec policy 1
!
interface ppp 0
 description CARRIER_A
 ip address negotiated
 ip tcp adjust-mss auto
 ip access-group in WAN_IN
 ip masquerade
 ip spi-filter
 ppp username [CARRIER_A接続用ユーザID]
 ppp ipcp enable
 dial-up string *99***1#
 dial-up timeout 30
 mobile apn [CARRIER_A接続用APN] cid 1 pdp-type ip
 ipsec policy 1
!
interface ppp 1
 description CARRIER_B
 ip address negotiated
 ip tcp adjust-mss auto
 ip access-group in WAN_IN
 ip masquerade
 ip spi-filter
 ppp username [CARRIER_B接続用ユーザID]
 ppp ipcp enable
 dial-up string *99***1#
 dial-up timeout 30
 mobile apn [CARRIER_B接続用APN] cid 1 pdp-type ip
 ipsec policy 2
!
interface ethernet 0
 ip address 192.168.20.1/24
!
interface ethernet 1
 no ip address
!
dns
 service enable
!
!
syslog
 local enable
 exit-syslog
!
!
mobile 1 ppp 0
mobile 1 carrier [CARRIER_A]
mobile 1 standby ppp 1
mobile 1 standby carrier [CARRIER_B]
mobile 1 sim change-timer 1440
mobile 1 sim netevent 2048 failover
mobile error-recovery-reset
mobile termination-recovery reset
!
!
!
!
!
!
track 2048 ip reachability
 destination 203.0.113.1
 source interface ppp 0
 transmit interval 30 variable
 transmit retries 4
!
!
!
!
ip route 192.168.10.0/24 tunnel 1
ip route 192.168.10.0/24 null 254
ip route 0.0.0.0/0 ppp 0
ip route 0.0.0.0/0 ppp 1
!
!
!
ip access-list WAN_IN permit 203.0.113.1 any udp any 500
ip access-list WAN_IN permit 203.0.113.1 any udp any 4500
ip access-list WAN_IN permit 203.0.113.1 any 50
!
ipsec access-list IPsec_ACL ip any any
!
!
!
end