# # L2TP/IPsecを使用したAWSへのリモートアクセス # # # vRXの設定 # vrx user (vRXのユーザーID) (vRXのユーザーパスワード) ip route default gateway dhcp lan2 ip lan1 address dhcp ip lan2 address dhcp ip lan2 nat descriptor 1 pp select anonymous pp bind tunnel1-tunnel3 pp auth request mschap-v2 pp auth username (PPP認証のユーザー名1) (PPP認証のパスワード1) pp auth username (PPP認証のユーザー名2) (PPP認証のパスワード2) pp auth username (PPP認証のユーザー名3) (PPP認証のパスワード3) ppp ipcp ipaddress on ppp ipcp msext on ip pp remote address pool 192.168.10.10-192.168.10.100 ip pp mtu 1258 pp enable anonymous tunnel select 1 tunnel encapsulation l2tp ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive use 1 off ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text (事前共有鍵) ipsec ike remote address 1 any l2tp tunnel disconnect time off l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 1 tunnel select 2 tunnel encapsulation l2tp ipsec tunnel 2 ipsec sa policy 2 2 esp aes-cbc sha-hmac ipsec ike keepalive use 2 off ipsec ike nat-traversal 2 on ipsec ike pre-shared-key 2 text keypass ipsec ike remote address 2 any l2tp tunnel disconnect time off l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 2 tunnel select 3 tunnel encapsulation l2tp ipsec tunnel 3 ipsec sa policy 3 3 esp aes-cbc sha-hmac ipsec ike keepalive use 3 off ipsec ike nat-traversal 3 on ipsec ike pre-shared-key 3 text keypass ipsec ike remote address 3 any l2tp tunnel disconnect time off l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 3 nat descriptor type 1 masquerade nat descriptor address outer 1 primary nat descriptor masquerade static 1 1 172.16.1.254 udp 500 nat descriptor masquerade static 1 2 172.16.1.254 udp 4500 nat descriptor masquerade static 1 3 172.16.1.254 tcp 22 ipsec auto refresh on ipsec transport 1 1 udp 1701 ipsec transport 2 2 udp 1701 ipsec transport 3 3 udp 1701 telnetd service off dns server dhcp lan2 l2tp service on sshd service on sshd host key generate *