インターネット接続はPR400KI
フレッツVPNワイドセンター拠点はRTX1200
フレッツVPNワイド参加者拠点はRTX810
LAN型払い出しと端末型払い出しについて。ルーターの設定画面を見ていると、こんがらがりますが、フレッツVPNワイド端末型接続IPIP設計を行う。
経路情報の書き込み、NTTPR400KIでは、【静的ルーティング設定】から入ります。
外からのpingのための【静的IPマスカレード】を記述。
途中、ヤマハサポートセンターさんに助けを求めて救われ、ようやく、RTX1200、RTX810のconfig保存版を作成!!
※今回はRTX1200からinternetに出る構成ではなく、別ルーターから(PR400KI)出る構成。
センター(RTX1200)
ip route 192.168.10.0/24 gateway tunnel 1
ip route 192.168.100.0/24 gateway pp 1
ip keepalive 1 icmp-echo 10 6 192.168.100.2
ip lan1 address 192.168.20.77/24
switch control use lan1 on
provider type isdn-terminal
provider filter routing connection
provider lan1 name LAN:
provider lan2 name PPPoE/0/4/0/0/0/0:MMC_VPN
pp select 1
description pp PRV/PPPoE/0:MMC_VPN
pp keepalive interval 30 retry-interval=30 count=12
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname user01@cvn00000***** user01
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ccp type none
provider set 1 MMC_VPN
provider pp bind 1 1
tunnel select 1
tunnel name miwa
tunnel encapsulation ipip
tunnel endpoint address 192.168.100.2
ip tunnel tcp mss limit auto
tunnel enable 1
ip filter 500000 restrict * * * * *
nat descriptor type 1 masquerade
nat descriptor address outer 1 primary
nat descriptor address inner 1 auto
nat descriptor masquerade static 1 1 192.168.20.77 udp 500
nat descriptor masquerade static 1 2 192.168.20.77 udp 4500
nat descriptor masquerade static 1 3 192.168.20.77 udp 1701
nat descriptor masquerade static 1 4 192.168.20.77 tcp https
nat descriptor masquerade static 1 5 192.168.20.77 tcp 5555
nat descriptor type 1000 masquerade
nat descriptor masquerade static 1000 1 192.168.20.77 4
url filter use off
dhcp server rfc2131 compliant except remain-silent
dns private address spoof on
statistics cpu on
statistics memory on
参加者(RTX810)
administrator password ********
ip route default gateway tunnel 1
ip route 192.168.100.0/24 gateway pp 1
ip route 192.168.100.2 gateway pp 1
ip keepalive 1 icmp-echo 10 6 192.168.100.1
ip lan1 address 192.168.10.1/24
provider type isdn-terminal
provider filter routing connection
provider lan1 name LAN:
provider lan2 name PPPoE/0/1/5/0/0/0:miwa
pp disable all
pp select 1
pp name PRV/1/1/5/0/0/0:miwa
pp keepalive interval 30 retry-interval=30 count=12
pp always-on on
pppoe use lan2
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname user02@cvn00000***** user02
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ccp type none
ip pp nat descriptor 1000
pp enable 1
provider set 1 miwa
provider dns server 1 192.168.20.1
provider pp bind 1 1
no tunnel enable all
tunnel select 1
tunnel name MMC_VPN
tunnel encapsulation ipip
tunnel endpoint address 192.168.100.1
ip tunnel tcp mss limit auto
tunnel enable 1
ip filter 500000 restrict * * * * *
nat descriptor type 1000 masquerade
nat descriptor masquerade static 1000 1 192.168.10.1 4
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 3 192.168.10.2-192.168.10.100/24
dns server 192.168.20.1
dns server select 500001 192.168.20.1 any . restrict pp 1
dns private address spoof on
alarm entire off
NTTPR400KI 【静的ルーティング設定】
ip=192.168.10.0(255.255.255.0) gw=192.168.20.77
【静的IPマスカレード】
UDP 500/UDP 4500/192.168.20.77
