2021/03/01
メーカー | Yamaha |
機種 | RTX830 |
ファームリビジョン | Rev.15.02.17 |
ip route "Azureの仮想ネットワークのアドレス空間を指定" gateway tunnel 1 tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes256-cbc sha256-hmac anti-replay-check=off ipsec ike version 1 2 ipsec ike duration child-sa 1 27000 ipsec ike duration ike-sa 1 28800 ipsec ike group 1 modp1024 ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on rfc4306 ipsec ike local address 1 "ルーターのLAN側IPアドレス" ipsec ike local name 1 "ルーターのDDNSのホスト名" fqdn //※グローバル固定IPアドレスを指定する場合は、以下を指定 // ipsec ike local name 1 "ルーターの固定グローバルIPアドレス" ipv4-addr ipsec ike nat-traversal 1 on ipsec ike message-id-control 1 on ipsec ike child-exchange type 1 2 ipsec ike pre-shared-key 1 text "事前共有鍵" ipsec ike remote address 1 "AzureのゲートウェイIPアドレス" ipsec ike remote name 1 "AzureのゲートウェイIPアドレス" ipv4-addr ipsec ike negotiation receive 1 off ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on ip filter 200080 pass * "ルーターのLAN側IPアドレス" udp * 500 ip filter 200081 pass * "ルーターのLAN側IPアドレス" esp * * ip filter 200082 pass * "ルーターのLAN側IPアドレス" udp * 4500 nat descriptor type 1000 masquerade nat descriptor address outer 1000 ipcp //※グローバル固定IPアドレスを指定する場合は、以下を指定 // nat descriptor address outer 1000 "ルーターの固定グローバルIPアドレス" nat descriptor masquerade static 1000 1 192.168.50.1 udp 500 nat descriptor masquerade static 1000 2 192.168.50.1 esp nat descriptor masquerade static 1000 3 192.168.50.1 udp 4500設定例)
ip route 10.2.0.0/16 gateway tunnel 1 tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes256-cbc sha256-hmac anti-replay-check=off ipsec ike version 1 2 ipsec ike duration child-sa 1 27000 ipsec ike duration ike-sa 1 28800 ipsec ike group 1 modp1024 ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on rfc4306 ipsec ike local address 1 192.168.50.1 ipsec ike local name 1 xxxxx.aa0.netvolante.jp fqdn ipsec ike nat-traversal 1 on ipsec ike message-id-control 1 on ipsec ike child-exchange type 1 2 ipsec ike pre-shared-key 1 text abc123 ipsec ike remote address 1 xxx.xxx.xxx.xxx ipsec ike remote name 1 xxx.xxx.xxx.xxx ipv4-addr ipsec ike negotiation receive 1 off ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on ip filter 200080 pass * 192.168.50.1 udp * 500 ip filter 200081 pass * 192.168.50.1 esp * * ip filter 200082 pass * 192.168.50.1 udp * 4500 nat descriptor type 1000 masquerade nat descriptor address outer 1000 ipcp nat descriptor masquerade static 1000 1 192.168.50.1 udp 500 nat descriptor masquerade static 1000 2 192.168.50.1 esp nat descriptor masquerade static 1000 3 192.168.50.1 udp 4500
show status tunnel 1