Skip to content

Instantly share code, notes, and snippets.

@panakuma

panakuma/RTXとNEC IXでNGN網折り返しIPSec IX側

Last active November 2, 2023 13:38
Show Gist options
  • Save panakuma/9d0eece207c1e348661da54b961d998f to your computer and use it in GitHub Desktop.
Save panakuma/9d0eece207c1e348661da54b961d998f to your computer and use it in GitHub Desktop.
Download ZIP
RTXとNEC IXでNGN網折り返しIPSec構築 (RTXはVPNに必要な部分だけ)
Raw
RTXとNEC IXでNGN網折り返しIPSec IX側
! NEC Portable Internetwork Core Operating System Software
! IX Series IX2105 (magellan-sec) Software, Version 10.1.14, RELEASE SOFTWARE
! Compiled Mar 06-Wed-2019 14:03:05 JST #2
! Current time Mar 26-Tue-2019 04:29:21 JST
!
timezone +09 00
!
logging buffered 204800
!
ntp server 133.243.238.163
!
!
ip ufs-cache enable
ip route <対向のIPアドレスレンジ/サブネットマスク> Tunnel0.0
ip dhcp enable
ip access-list ipsec_acl permit ip src any dest any
!
!
ipv6 ufs-cache enable
!
ike proposal ike_proposal encryption aes hash sha group 1024-bit
!
ike policy ike_policy peer-fqdn-ipv6 <自機のホスト名>.i.open.ad.jp key <事前共有キー> ike_proposal
ike keepalive ike_policy 10 3
!
ipsec autokey-proposal ipsec_proposal esp-aes esp-sha
!
ipsec autokey-map ipsec_map ipsec_acl peer-fqdn-ipv6 <対向のホスト名>.i.open.ad.jp ipsec_proposal
ipsec local-id ipsec_map <自機のIPv4アドレス>
ipsec remote-id ipsec_map <対向のIPv4アドレス>
!
!
!
!
!
!
!
proxy-dns ip enable
proxy-dns ip request both
proxy-dns ipv6 enable
!
!
ddns enable
!
!
!
watch-group host 10
event 10 ip unreach-host <対向のIPv4アドレス> Tunnel0.0 source GigaEthernet1.0
!
network-monitor host enable
!
!
ip dhcp profile dhcpv4-sv
dns-server <自機のIPアドレス>
!
ipv6 dhcp client-profile dhcpv6_client
information-request
option-request dns-servers
!
ipv6 dhcp server-profile dhcpv6-sv
dns-server dhcp
!
ip router rip
redistribute connected
!
ddns profile UPDATE_DDNS
url http://ddnsapi-v6.open.ad.jp/api/renew/
query <自機のi.open.ad.jpドメインのホストキー>
transport ipv6
notify-interface GigaEthernet1.0
source-interface GigaEthernet1.0
update-interval 1
!
device GigaEthernet0
!
device GigaEthernet1
!
interface GigaEthernet0.0
ip address dhcp receive-default
ip nat enable
ip napt enable
ipv6 enable
ipv6 dhcp client dhcpv6_client
ipv6 nd proxy GigaEthernet1.0
no shutdown
!
interface GigaEthernet1.0
ip address <自機ののIPアドレスレンジ/サブネットマスク>
ip rip enable
ip dhcp binding dhcpv4-sv
ipv6 dhcp server dhcpv6-sv
ipv6 nd ra enable
ipv6 nd ra other-config-flag
no shutdown
!
interface Loopback0.0
no ip address
!
interface Null0.0
no ip address
!
interface Tunnel0.0
tunnel mode ipsec
ip unnumbered GigaEthernet1.0
ip tcp adjust-mss auto
ip rip enable
ipsec policy tunnel ipsec_map df-bit ignore out
no shutdown
Raw
RTXとNEC IXでNGN網折り返しIPSec RTX側
tunnel select 25
description tunnel ix2105-ipv6
ipsec tunnel 25
ipsec sa policy 25 25 esp aes-cbc sha-hmac
ipsec ike duration ipsec-sa 25 28800 rekey 90%
ipsec ike duration isakmp-sa 25 28800 rekey 90%
ipsec ike encryption 25 aes-cbc
ipsec ike esp-encapsulation 25 off
ipsec ike group 25 modp1024
ipsec ike hash 25 sha
ipsec ike keepalive log 25 off
ipsec ike keepalive use 25 auto
ipsec ike log 25 key-info message-info payload-info
ipsec ike payload type 25 2
ipsec ike pfs 25 on
ipsec ike pre-shared-key 25 text <事前共有キー>
ipsec ike remote address 25 <対向のホスト名>.i.open.ad.jp
ipsec ike remote id 25 <対向のIPv4アドレス>
ipsec ike remote name 25 <対向のIPv4アドレス> ipv4-addr
ipsec ike restrict-dangling-sa 25 auto
ip tunnel rip send on version 2
ip tunnel rip receive on version 1 2
ip tunnel tcp mss limit auto
tunnel enable 25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment