RTシリーズのIPsec&IKE&VPN&...に関するFAQ
IPv6と併用するときの設定はどうなりますか?
| 最終変更日 | 2018/Nov/06 |
| 文書サイズ | 7.3KB |
[IPv4のIPsecとIPv6のIPsecを併用するとき]
IPsecでは、IPv4とIPv6は完全に別の扱いになっています。したがって、 IPsecに関係する設定を、IPv4とIPv6に分ける必要があります。
インターネットへ インターネットへ
| |
| 172.16.1.1 | 172.16.2.1
| fec0:10::1 | fec0:20::1
+---+----+ +---+----+
| RT 1 | <------------ IPv6 IPsec -----------> | RT 2 |
+---+----+ <------------ IPv4 IPsec -----------> +---+----+
| 192.168.1.1 | 192.168.2.1
| fec0:1::1 | fec0:2::1
| |
----+------------ 192.168.1.0/24 --------+---- 192.168.2.0/24
fec0:1::/64 fec0:2::/64
# IPv4 ipsec ike local address 1 172.16.1.1 ipsec ike remote address 1 172.16.2.1 ipsec ike pre-shared-key 1 text key1 ipsec sa policy 101 1 esp 3des-cbc sha-hmac tunnel select 1 ipsec tunnel 101 tunnel enable 1 ip route 192.168.2.0/24 gateway tunnel 1 # IPv6 ipsec ike local address 2 fec0:10::1 ipsec ike remote address 2 fec0:20::1 ipsec ike pre-shared-key 2 text key2 ipsec sa policy 102 2 esp 3des-cbc sha-hmac tunnel select 2 ipsec tunnel 102 tunnel enable 2 ipv6 route fec0:2::/64 gateway tunnel 2
# IPv4 ipsec ike local address 1 172.16.2.1 ipsec ike remote address 1 172.16.1.1 ipsec ike pre-shared-key 1 text key1 ipsec sa policy 101 1 esp 3des-cbc sha-hmac tunnel select 1 ipsec tunnel 101 tunnel enable 1 ip route 192.168.1.0/24 gateway tunnel 1 # IPv6 ipsec ike local address 2 fec0:20::1 ipsec ike remote address 2 fec0:10::1 ipsec ike pre-shared-key 2 text key2 ipsec sa policy 102 2 esp 3des-cbc sha-hmac tunnel select 2 ipsec tunnel 102 tunnel enable 2 ipv6 route fec0:1::/64 gateway tunnel 2
[IPv6のIPsecとIPv6 over IPv4トンネルを併用するとき]
IPv6のIPsecで暗号化してから、IPv6 over IPv4トンネルで送信するケースです。
インターネットへ インターネットへ
| |
| 172.16.1.1 | 172.16.2.1
+---+----+ +---+----+
| RT 1 | <----- IPv6 over IPv4 トンネル -----> | RT 2 |
+---+----+ <------------ IPv6 IPsec -----------> +---+----+
| fec0:1::1 | fec0:2::1
| fec0:10::1 | fec0:20::1
| |
----+------------ fec0:1::/64 --------+---- fec0:2::/64
ipsec ike local address 1 fec0:10::1 ipsec ike remote address 1 fec0:20::1 ipsec ike pre-shared-key 1 text key ipsec sa policy 101 1 esp 3des-cbc sha-hmac tunnel select 1 ipsec tunnel 101 tunnel enable 1 ipv6 route fec0:2::/64 gateway tunnel 1 tunnel select 2 tunnel encapsulation ipip tunnel endpoint adddress 172.16.1.1 172.16.2.1 tunnel enable 2 ipv6 route default gateway tunnel 2
ipsec ike local address 1 fec0:20::1 ipsec ike remote address 1 fec0:10::1 ipsec ike pre-shared-key 1 text key ipsec sa policy 101 1 esp 3des-cbc sha-hmac tunnel select 1 ipsec tunnel 101 tunnel enable 1 ipv6 route fec0:1::/64 gateway tunnel 1 tunnel select 2 tunnel encapsulation ipip tunnel endpoint adddress 172.16.2.1 172.16.1.1 tunnel enable 2 ipv6 route default gateway tunnel 2
[IPv4のIPsecとIPv6 over IPv4トンネルを併用するとき]
IPv6 over IPv4トンネルでIPv6パケットをIPv4パケットで包んでから IPv4のIPsecで暗号化するケースです。
インターネットへ インターネットへ
| |
| 172.16.1.1 | 172.16.2.1
+---+----+ +---+----+
| RT 1 | <------------ IPv4 IPsec -----------> | RT 2 |
+---+----+ <----- IPv6 over IPv4 トンネル -----> +---+----+
| 192.168.1.1 | 192.168.2.1
| fec0:1::1 | fec0:2::1
| |
----+------------ fec0:1::/64 --------+---- fec0:2::/64
tunnel select 1 tunnel encapsulation ipip tunnel endpoint adddress 192.168.1.1 192.168.2.1 tunnel enable 1 ipv6 route default gateway tunnel 1 ipsec ike local address 1 172.16.1.1 ipsec ike remote address 1 172.16.2.1 ipsec ike pre-shared-key 1 text key ipsec sa policy 101 1 esp 3des-cbc sha-hmac tunnel select 2 ipsec tunnel 101 tunnel enable 2 ip route 192.168.2.0/24 gateway tunnel 2
tunnel select 1 tunnel encapsulation ipip tunnel endpoint adddress 192.168.2.1 192.168.1.1 tunnel enable 1 ipv6 route default gateway tunnel 1 ipsec ike local address 1 172.16.2.1 ipsec ike remote address 1 172.16.1.1 ipsec ike pre-shared-key 1 text key ipsec sa policy 101 1 esp 3des-cbc sha-hmac tunnel select 2 ipsec tunnel 101 tunnel enable 2 ip route 192.168.1.0/24 gateway tunnel 2