保管しておいたcisco 1812Jのconfigが吹っ飛んだので、ここに記録しておくことにする。
PPPoEとVPNの設定。XXXとなってる場所は隠し。
無駄にDDNS updateしてたりするけど気にしない方向で…
#3/18 ACLの辺りを変更。VPNでちゃんと繋がるようにした。
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
!
aaa session-id common
clock timezone JST 9
!
!
dot11 syslog
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.0.50
ip dhcp excluded-address 10.0.0.150
!
ip dhcp pool LAN
network 10.0.0.0 255.255.255.0
dns-server 10.0.0.1
default-router 10.0.0.1
!
ip dhcp pool server
host 10.0.0.50 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.0.0.1
lease infinite
!
ip dhcp pool MAC
host 10.0.0.100 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.0.0.1
lease infinite
!
ip dhcp pool NAS
host 10.0.0.150 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.0.0.1
lease infinite
!
no ip bootp server
ip host Router 10.0.0.1
ip inspect alert-off
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC ftp
ip inspect name CBAC icmp
ip ddns update method xxxxx
HTTP
add http://mydnsxxxx:xxxxx@www.mydns.jp/login.html
interval maximum 1 0 0 0
!
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
!
username xxxxxx password 0 xxxxxx
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key xxxxx
dns 10.0.0.1
pool ezvpn-pool
acl 100
save-password
crypto isakmp profile vpnclient-profile
match identity group vpnclient
client authentication list userauth
isakmp authorization list groupauth
client configuration address respond
!
!
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set vpnset
set isakmp-profile vpnclient-profile
reverse-route
!
!
crypto map ezvpnmap 1 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
ip ftp username xxxxxx
ip ftp password xxxxxx
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
ip ddns update hostname xxxxxx.mydns.jp
ip ddns update xxxxxx
no ip address
ip verify unicast reverse-path
duplex auto
speed auto
pppoe enable group global
ipv6 address autoconfig
ipv6 enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1414
!
interface Dialer0
mtu 1454
ip ddns update hostname xxxxxxx.mydns.jp
ip ddns update xxxxxx
ip address negotiated
ip flow ingress
ip flow egress
ip nat outside
ip inspect CBAC out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxxx@one.ocn.ne.jp
ppp chap password 0 xxxxx
ppp ipcp dns request accept
crypto map ezvpnmap
!
ip local pool ezvpn-pool 192.168.100.1 192.168.100.20
ip default-gateway 10.0.0.1
no ip forward-protocol nd
ip forward-protocol udp echo
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip dns server
ip nat translation timeout 180
ip nat inside source static tcp 10.0.0.100 5001 interface Dialer0 5001
ip nat inside source static tcp 10.0.0.50 4181 interface Dialer0 4181
ip nat inside source static tcp 10.0.0.50 1723 interface Dialer0 1723
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended NAT
deny ip 10.0.0.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended TELNET
permit ip 10.0.0.0 0.255.255.255 any
permit ip 172.16.0.0 0.0.255.255 any
permit ip 192.168.0.0 0.0.255.255 any
!
logging facility local0
logging source-interface FastEthernet0
logging xxx.xxx.xxx.xxx
logging 10.0.0.50
access-list 100 deny ip 10.0.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
access-class TELNET in
exec-timeout 360 0
privilege level 15
password xxxxxx
logging synchronous
transport input telnet
!
scheduler allocate 3000 1000
ntp logging
ntp clock-period 17180064
ntp update-calendar
ntp server xxx.xxx.xxx.xxx
event manager applet ddns
event timer cron name “ddns-batch” cron-entry “0 0 * * *”
action 1.0 syslog msg “# DDNS Update Begin”
action 2.0 cli command “enable”
action 3.0 cli command “copy ftp://mydnsxxxxxx:xxxxxxxxx@www.mydns.jp/login.html null:”
action 4.0 cli command “exit”
action 5.0 syslog msg “# DDNS Update End”
!
end