#
# 2本のIPsecを使用したAWS(vRX)-拠点間接続(冗長構成)
#

#
# vRX(1)の設定
#

vrx user (vRXのユーザーID) (vRXのユーザーパスワード)
ip route default gateway dhcp lan2
ip route 192.168.100.0/24 gateway tunnel 1
ip lan1 address dhcp
ip lan2 address dhcp
ip lan2 nat descriptor 1
tunnel select 1
 ipsec tunnel 1
  ipsec sa policy 1 1 esp aes-cbc sha-hmac
  ipsec ike keepalive use 1 on heartbeat
  ipsec ike local address 1 (172.16.1.254)
  ipsec ike nat-traversal 1 on
  ipsec ike pre-shared-key 1 text (事前共有鍵)
  ipsec ike remote address 1 any
  ipsec ike remote name 1 (拠点のセキュリティー・ゲートウェイの名前) key-id
 tunnel enable 1
nat descriptor type 1 masquerade
nat descriptor masquerade static 1 1 (172.16.1.254) udp 500
nat descriptor masquerade static 1 2 (172.16.1.254) udp 4500
nat descriptor masquerade static 1 3 (172.16.1.254) tcp 22
ipsec auto refresh on
telnetd service off
dns server dhcp lan2
snmpv2c host any
sshd service on
sshd host key generate *