NTT東日本様が提供する「フレッツ・VPNプライオ」を利用した構成における弊社IOSルータのサンプル設定を公開します。
*「フレッツ・VPNプライオ」については、こちらを参照ください
https://business.ntt-east.co.jp/service/vpnprio/
トポロジ
プラットフォーム
Cisco1111
拠点LAN側設定情報
| LAN側サブネット | |
| A拠点 | 192.168.10.0/24 |
| B拠点 | 192.168.11.0/24 |
| C拠点 | 192.168.12.0/24 |
R1(A拠点)
crypto ikev2 proposal PHASE1-prop encryption aes-cbc-128 integrity md5 group 2 ! crypto ikev2 policy site-pol proposal PHASE1-prop ! crypto ikev2 keyring KEYRNG peer Branch address 0.0.0.0 0.0.0.0 pre-shared-key local cisco pre-shared-key remote cisco ! ! crypto ikev2 profile IKEV2-SETUP match identity remote address 0.0.0.0 authentication remote pre-share authentication local pre-share keyring local KEYRNG ! crypto ipsec transform-set PRIOSET esp-aes esp-sha-hmac mode tunnel ! crypto ipsec profile PRIO set transform-set PRIOSET set ikev2-profile IKEV2-SETUP ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Tunnel0 ip unnumbered Loopback0 ip mtu 1374 tunnel source 192.168.10.2 tunnel mode ipsec ipv4 tunnel destination 192.168.11.2 tunnel protection ipsec profile PRIO ! interface Tunnel1 ip unnumbered Loopback0 ip mtu 1374 tunnel source 192.168.10.2 tunnel mode ipsec ipv4 tunnel destination 192.168.12.2 tunnel protection ipsec profile PRIO ! interface GigabitEthernet0/0/0 ip address 192.168.10.2 255.255.255.0 negotiation auto ! interface GigabitEthernet0/1/0 ! interface GigabitEthernet0/1/1 ! interface GigabitEthernet0/1/2 ! interface GigabitEthernet0/1/3 ! interface Vlan1 ip address 172.16.1.254 255.255.255.0 ip tcp adjust-mss 1334 ! ip route 0.0.0.0 0.0.0.0 172.16.1.1 ip route 172.16.2.0 255.255.255.0 Tunnel0 ip route 172.16.3.0 255.255.255.0 Tunnel1 ip route 192.168.11.0 255.255.255.0 192.168.10.1 ip route 192.168.12.0 255.255.255.0 192.168.10.1
R2(B拠点)
crypto ikev2 proposal PHASE1-prop encryption aes-cbc-128 integrity md5 group 2 ! crypto ikev2 policy site-pol proposal PHASE1-prop ! crypto ikev2 keyring KEYRNG peer Center address 192.168.10.2 255.255.255.0 pre-shared-key local cisco pre-shared-key remote cisco ! ! crypto ikev2 profile IKEV2-SETUP match identity remote address 192.168.10.2 255.255.255.255 authentication remote pre-share authentication local pre-share keyring local KEYRNG ! crypto ipsec transform-set PRIOSET esp-aes esp-sha-hmac mode tunnel ! crypto ipsec profile PRIO set transform-set PRIOSET set ikev2-profile IKEV2-SETUP ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Tunnel0 ip unnumbered Loopback0 ip mtu 1374 tunnel source 192.168.11.2 tunnel mode ipsec ipv4 tunnel destination 192.168.10.2 tunnel protection ipsec profile PRIO ! interface GigabitEthernet0/0/0 ip address 192.168.11.2 255.255.255.0 negotiation auto ! interface GigabitEthernet0/1/0 ! interface GigabitEthernet0/1/1 ! interface GigabitEthernet0/1/2 ! interface GigabitEthernet0/1/3 ! interface Vlan1 ip address 172.16.2.254 255.255.255.0 ip tcp adjust-mss 1334 ! ip route 0.0.0.0 0.0.0.0 Tunnel0 ip route 192.168.10.0 255.255.255.0 192.168.11.1
R3(C拠点)
crypto ikev2 proposal PHASE1-prop encryption aes-cbc-128 integrity md5 group 2 ! crypto ikev2 policy site-pol proposal PHASE1-prop ! crypto ikev2 keyring KEYRNG peer Center address 192.168.10.2 255.255.255.0 pre-shared-key local cisco pre-shared-key remote cisco ! ! crypto ikev2 profile IKEV2-SETUP match identity remote address 192.168.10.2 255.255.255.255 authentication remote pre-share authentication local pre-share keyring local KEYRNG ! crypto ipsec transform-set PRIOSET esp-aes esp-sha-hmac mode tunnel ! crypto ipsec profile PRIO set transform-set PRIOSET set ikev2-profile IKEV2-SETUP ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface Tunnel0 ip unnumbered Loopback0 ip mtu 1374 tunnel source 192.168.12.2 tunnel mode ipsec ipv4 tunnel destination 192.168.10.2 tunnel protection ipsec profile PRIO ! interface GigabitEthernet0/0/0 ip address 192.168.12.2 255.255.255.0 negotiation auto ! interface GigabitEthernet0/1/0 ! interface GigabitEthernet0/1/1 ! interface GigabitEthernet0/1/2 ! interface GigabitEthernet0/1/3 ! interface Vlan1 ip address 172.16.3.254 255.255.255.0 ip tcp adjust-mss 1334 ! ip route 0.0.0.0 0.0.0.0 Tunnel0 ip route 192.168.10.0 255.255.255.0 192.168.12.1
検索バーにキーワード、フレーズ、または質問を入力し、お探しのものを見つけましょう
シスコ コミュニティをいち早く使いこなしていただけるよう役立つリンクをまとめました。みなさんのジャーニーがより良いものとなるようお手伝いします
