1台のルータがセンターの役割を担い、残りの2拠点がセンターへ接続します。 この例では説明の都合上、2つの拠点しかありませんが、 拠点の数が大きい場合の一般的な構成になります。
---------+---- 192.168.0.0/24
|
|
| 192.168.0.1/24
+--------+--------+
| |
| ルータ1 | (センター側ルータ)
| 名前:router1 |
| |
+--------+--------+
# # |
# # | アドレス: 固定
# # | 172.16.0.1
# # |
# # | PPPoE
# # |
# インターネットへ
# #
#################### ########################
# #
インターネットへ インターネットへ
# | 暗号方式: 3DES-CBC # |
# | PPPoE 認証方式: HMAC-SHA1 # | PPPoE
# | # |
# | アドレス: 不定 # | アドレス: 不定
# | IPCP # | IPCP
# | # |
+--------+--------+ +--------+--------+
| | | |
| ルータ2 | | ルータ3 |
| 名前:router2 | | 名前:router3 |
| | | |
+--------+--------+ +--------+--------+
| 192.168.1.1/24 | 192.168.2.1/24
| |
| |
---------+---- 192.168.1.0/24 ---------+---- 192.168.2.0/24
Rev.6.02系のファームウェアの設定例です。
[ルータ1の設定例]
# # LAN1 interface # ip lan1 address 192.168.0.1/24 # # PP interface # pp select 1 pppoe use lan2 pp always-on on ppp lcp mru on 1454 ip pp mtu 1454 ip route default gateway pp 1 ppp ccp type none pp auth accept pap chap pp auth myname NAME PASSWORD ip pp address 172.16.0.1 ip pp nat descriptor 1 pp enable 1 # # IKE # ipsec auto refresh on # # IKE (ルータ2に関する設定) # ipsec ike local address 1 172.16.0.1 ipsec ike remote address 1 any ipsec ike remote name 1 router2 ipsec ike pre-shared-key 1 text himitsu1 ipsec sa policy 101 1 esp 3des-cbc sha-hmac # # IKE (ルータ3に関する設定) # ipsec ike local address 2 172.16.0.1 ipsec ike remote address 2 any ipsec ike remote name 2 router3 ipsec ike pre-shared-key 2 text himitsu2 ipsec sa policy 102 2 esp 3des-cbc sha-hmac # # TUNNEL interface (ルータ2に関する設定) # tunnel select 1 ipsec tunnel 101 ip route 192.168.1.0/24 gateway tunnel 1 tunnel enable 1 # # TUNNEL interface (ルータ3に関する設定) # tunnel select 2 ipsec tunnel 102 ip route 192.168.2.0/24 gateway tunnel 2 tunnel enable 2 # # NAT descriptor # nat descriptor type 1 masquerade nat descriptor address outer 1 172.16.0.1 nat descriptor address inner 1 172.16.0.1 192.168.0.1-192.168.0.254 nat descriptor masquerade static 1 1 172.16.0.1 udp 500 nat descriptor masquerade static 1 2 172.16.0.1 esp *
[ルータ2の設定例]
# # LAN1 interface # ip lan1 address 192.168.1.1/24 # # PP interface # pp select 1 pppoe use lan2 pp always-on on ppp lcp mru on 1454 ip pp mtu 1454 ip route default gateway pp 1 ppp ccp type none pp auth accept pap chap pp auth myname NAME PASSWORD ppp ipcp ipaddress on ip pp nat descriptor 1 pp enable 1 # # IKE # ipsec auto refresh on ipsec ike local address 1 192.168.1.1 ipsec ike local name 1 router2 ipsec ike remote address 1 172.16.0.1 ipsec ike pre-shared-key 1 text himitsu1 ipsec sa policy 101 1 esp 3des-cbc sha-hmac # # TUNNEL interface # tunnel select 1 ipsec tunnel 101 ip route 192.168.0.0/24 gateway tunnel 1 tunnel enable 1 # # NAT descriptor # nat descriptor type 1 masquerade nat descriptor address outer 1 ipcp nat descriptor address inner 1 192.168.1.1-192.168.1.254 nat descriptor masquerade static 1 1 192.168.1.1 udp 500 nat descriptor masquerade static 1 2 192.168.1.1 esp *
[ルータ3の設定例]
# # LAN1 interface # ip lan1 address 192.168.2.1/24 # # PP interface # pp select 1 pppoe use lan2 pp always-on on ppp lcp mru on 1454 ip pp mtu 1454 ip route default gateway pp 1 ppp ccp type none pp auth accept pap chap pp auth myname NAME PASSWORD ppp ipcp ipaddress on ip pp nat descriptor 1 pp enable 1 # # IKE # ipsec auto refresh on ipsec ike local address 1 192.168.2.1 ipsec ike local name 1 router3 ipsec ike remote address 1 172.16.0.1 ipsec ike pre-shared-key 1 text himitsu2 ipsec sa policy 101 1 esp 3des-cbc sha-hmac # # TUNNEL interface # tunnel select 1 ipsec tunnel 101 ip route 192.168.0.0/24 gateway tunnel 1 tunnel enable 1 # # NAT descriptor # nat descriptor type 1 masquerade nat descriptor address outer 1 ipcp nat descriptor address inner 1 192.168.2.1-192.168.2.254 nat descriptor masquerade static 1 1 192.168.2.1 udp 500 nat descriptor masquerade static 1 2 192.168.2.1 esp *