2011年6月24日金曜日

memo 2

console prompt R1
ip lan1 address 1.1.1.2/24
ip lan1 ospf area backbone
ip lan1 nat descriptor 1
ip lan2 address 1.1.2.1/24
ip lan2 ospf area backbone
ip lan2 nat descriptor 2
tunnel select 1
ipsec tunnel 101
tunnel enable 1
ip route 100.100.100.1 gateway 1.1.1.1
ip route default gateway 1.1.2.3
ip route 1.1.4.0/24 gateway tunnel 1
nat descriptor type 1 nat-masquerade
nat descriptor address outer 1 1.1.50.1-1.1.50.10
nat descriptor address inner 1 1.1.4.1-1.1.4.10
nat descriptor type 2 nat-masquerade
nat descriptor address outer 2 1.1.99.1-1.1.99.10
nat descriptor address inner 2 1.1.1.1-1.1.1.10
nat descriptor type 3 nat-masquerade
nat descriptor address outer 3 100.100.100.1
nat descriptor address inner 3 1.1.1.2
ospf use on
ospf router id 1.1.2.1
ospf import from static filter 100
ospf import filter 100 equal 100.100.100.1/32 metric=900
ospf area backbone
ipsec auto refresh on
ipsec ike duration ipsec-sa 1 24000
ipsec ike duration isakmp-sa 1 24000
ipsec ike local address 1 1.1.2.1
ipsec ike pre-shared-key 1 text himitsu
ipsec ike remote address 1 1.1.3.2
ipsec sa policy 101 1 esp des-cbc
R1#


R2# show config
# RT105e Rev.6.03.28 (Thu Jul 24 16:44:14 2003)
# MAC Address : 00:a0:de:16:86:65, 00:a0:de:16:86:66
# Memory 16Mbytes, 2LAN
administrator password *
security class 1 on on
console prompt R2
ip lan1 address 1.1.3.2/24
ip lan1 ospf area backbone
ip lan2 address 1.1.4.1/24
ip lan2 ospf area backbone
tunnel select 1
ipsec tunnel 101
tunnel enable 1
ip route 100.100.100.1 gateway 1.1.4.10
ip route 10.10.10.1 gateway 1.1.3.3
ip route 1.1.1.0/24 gateway tunnel 1
ip route default gateway tunnel 1 filter 1
ip filter 1 pass 1.1.4.1-1.1.4.10 *
ospf use on
ospf router id 1.1.3.2
ospf import from static filter 100
ospf import filter 10 equal 10.10.10.1/32 metric=300
ospf import filter 100 equal 100.100.100.1/32 metric=10
ospf area backbone
ipsec auto refresh on
ipsec ike duration ipsec-sa 1 24000
ipsec ike duration isakmp-sa 1 24000
ipsec ike local address 1 1.1.3.2
ipsec ike pre-shared-key 1 text himitsu
ipsec ike remote address 1 1.1.2.1
ipsec sa policy 101 1 esp des-cbc
投稿者 時刻:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)