PC2
| .2
------+------------+--------------- 192.168.0.0/24
| .1
+-----------+
| RT Router | Security Gateway
+-----------+
|
| pppoe接続
|
+--------+-------+
| インターネット |
+--------+-------+
|
| PIAFS等
|
PDA
|
ip route default gateway pp 1 ip filter source-route on ip filter directed-broadcast on ip lan1 address 192.168.0.1/24 pp select 1 pp always-on on pppoe use lan2 pp auth accept pap chap pp auth myname (インターネット接続ID) (インターネット接続PASSWORD) ppp lcp mru on 1454 ip pp address (グローバルIPアドレス) ............(*4) ip pp mtu 1454 ip pp nat descriptor 1 pp enable 1 tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp des-cbc md5-hmac ipsec ike encryption 1 3des-cbc ipsec ike group 1 modp1024 ipsec ike hash 1 sha ipsec ike local address 1 192.168.0.1 ipsec ike payload type 1 3 ipsec ike pre-shared-key 1 text secret.........(*1) ipsec ike remote address 1 any ipsec ike remote name 1 remote_pda ............(*2) ipsec ike xauth request 1 on 1 tunnel enable 1 ipsec auto refresh on nat descriptor type 1 masquerade nat descriptor address outer 1 (グローバルIPアドレス) nat descriptor masquerade static 1 1 192.168.0.1 udp 500 nat descriptor masquerade static 1 2 192.168.0.1 esp dns server (DNSサーバのアドレス) dns private address spoof on auth user 1 pdauser pdapass ......... (*3) auth user group 1 1 auth user attribute 1 xauth=on xauth-address=172.16.0.1/24 |
| Gateway | Gateway Type : Netscreen Series
Gateway Address : (グローバルIPアドレス) (RTの設定例の(*4)) |
| Account | Group name : remote_pda (RTの設定例の(*2))
Group password : secret (RTの設定例の(*1)) User name : pdauser (RTの設定例の(*3)) User password : pdapass (RTの設定例の(*3)) |
| Proposals | IKE Group : Group 2(DH1024)
IPSec Group : Group 2(DH1024) |
| Subnets | Subnet 1 IP : 192.168.0.0
Subnet 1 mask : 255.255.255.0 |
| DNS/WINS | Query DNS(チェック) |
|
|