# # IPsecを使用したVPN拠点間接続(2拠点) + 内蔵無線WAN : NVR700W Web GUI設定 # # # 拠点1 NVR700W(1) # ip route default gateway pdp wan1 ip route 192.168.2.0/24 gateway tunnel 1 ip lan1 address 192.168.1.1/24 ip wan1 address pdp ip wan1 secure filter in 300003 300020 300021 300022 300023 300024 300025 300030 300032 300100 300101 300102 ip wan1 secure filter out 300013 300020 300021 300022 300023 300024 300025 300026 300027 300099 dynamic 300080 300081 300082 300083 300084 300085 300098 300099 ip wan1 nat descriptor 31000 wan1 bind wwan 1 wwan select 1 description wwan Wireless_wan wwan always-on on wwan auth accept chap wwan auth myname (無線WANのユーザーID) (無線WANの接続パスワード) wwan auto connect on wwan disconnect time off wwan disconnect input time off wwan disconnect output time off wwan access-point name (アクセスポイント名) wwan access limit length off wwan access limit time off wwan enable 1 tunnel select 1 description tunnel kyoten1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on heartbeat 10 6 ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text (事前共有鍵) ipsec ike remote address 1 (拠点2の固定グローバルIPアドレス) ip tunnel tcp mss limit auto tunnel enable 1 ip filter 300000 reject 10.0.0.0/8 * * * * ip filter 300001 reject 172.16.0.0/12 * * * * ip filter 300002 reject 192.168.0.0/16 * * * * ip filter 300003 reject 192.168.1.0/24 * * * * ip filter 300010 reject * 10.0.0.0/8 * * * ip filter 300011 reject * 172.16.0.0/12 * * * ip filter 300012 reject * 192.168.0.0/16 * * * ip filter 300013 reject * 192.168.1.0/24 * * * ip filter 300020 reject * * udp,tcp 135 * ip filter 300021 reject * * udp,tcp * 135 ip filter 300022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 300023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 300024 reject * * udp,tcp 445 * ip filter 300025 reject * * udp,tcp * 445 ip filter 300026 restrict * * tcpfin * www,21,nntp ip filter 300027 restrict * * tcprst * www,21,nntp ip filter 300030 pass * 192.168.1.0/24 icmp * * ip filter 300031 pass * 192.168.1.0/24 established * * ip filter 300032 pass * 192.168.1.0/24 tcp * ident ip filter 300033 pass * 192.168.1.0/24 tcp ftpdata * ip filter 300034 pass * 192.168.1.0/24 tcp,udp * domain ip filter 300035 pass * 192.168.1.0/24 udp domain * ip filter 300036 pass * 192.168.1.0/24 udp * ntp ip filter 300037 pass * 192.168.1.0/24 udp ntp * ip filter 300099 pass * * * * * ip filter 300100 pass * 192.168.1.1 udp * 500 ip filter 300101 pass * 192.168.1.1 esp * * ip filter 300102 pass * 192.168.1.1 udp * 4500 ip filter 500000 restrict * * * * * ip filter dynamic 300080 * * ftp ip filter dynamic 300081 * * domain ip filter dynamic 300082 * * www ip filter dynamic 300083 * * smtp ip filter dynamic 300084 * * pop3 ip filter dynamic 300085 * * submission ip filter dynamic 300098 * * tcp ip filter dynamic 300099 * * udp nat descriptor type 31000 masquerade nat descriptor address outer 31000 primary nat descriptor masquerade static 31000 1 192.168.1.1 udp 500 nat descriptor masquerade static 31000 2 192.168.1.1 esp nat descriptor masquerade static 31000 3 192.168.1.1 udp 4500 ipsec auto refresh on dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 192.168.1.2-192.168.1.191/24 dns host lan1 dns server pdp wan1 dns server select 500401 pdp wan1 any . dns private address spoof on dns private name setup.netvolante.jp analog supplementary-service pseudo call-waiting analog extension dial prefix sip prefix="9#" dashboard accumulate traffic on wwan-module use on