ip route default gateway pp 1
ip route 192.168.Z.0/24 gateway 192.168.AAA.BBB
ip route 192.168.Y.0/24 gateway 192.168.AAA.BBB
LAN設定
ip lan1 address 192.168.100.1/24
ip lan1 proxyarp on
プロバイダとの接続設定
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname c123456789@test.dion.ne.jp *
ppp lcp mru on 1454
ppp ipcp msext on
ppp ccp type none
ip pp address AAA.BBB.CCC.DDD/32
ip pp mtu 1454
ip pp nat descriptor 1
pp enable 1
IPSec接続を受け入れるための設定
pp select anonymous
pp bind tunnel11-tunnel15
pp auth request mschap
pp auth username test1 *
pp auth username test2 *
pp auth username test3 *
pp auth username test4 *
pp auth username test5 *
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type mppe-any
ip pp remote address pool 192.168.100.101-192.168.100.105
ip pp mtu 1280
pp enable anonymous
IPSec接続で使用するトンネル設定
tunnel select 11
tunnel encapsulation ipsec
ipsec tunnel 11
ipsec sa policy 11 1 esp 3des-cbc md5-hmac
ipsec ike local address 1 192.168.100.1
ipsec ike pre-shared-key 1 text *
ipsec ike remote address 1 any
ipsec ike remote name 1 testA
tunnel enable 11
tunnel select 12
tunnel encapsulation ipsec
ipsec tunnel 12
ipsec sa policy 12 2 esp 3des-cbc md5-hmac
ipsec ike local address 2 192.168.100.1
ipsec ike pre-shared-key 2 text *
ipsec ike remote address 2 any
ipsec ike remote name 2 testB
tunnel enable 12
tunnel select 13
tunnel encapsulation ipsec
ipsec tunnel 13
ipsec sa policy 13 3 esp 3des-cbc md5-hmac
ipsec ike local address 3 192.168.100.1
ipsec ike pre-shared-key 3 text *
ipsec ike remote address 3 any
ipsec ike remote name 3 testC
tunnel enable 13
tunnel select 14
tunnel encapsulation ipsec
ipsec tunnel 14
ipsec sa policy 14 4 esp 3des-cbc md5-hmac
ipsec ike local address 4 192.168.100.1
ipsec ike pre-shared-key 4 text *
ipsec ike remote address 4 any
ipsec ike remote name 4 testD
tunnel enable 14
tunnel select 15
tunnel encapsulation ipsec
ipsec tunnel 15
ipsec sa policy 15 5 esp 3des-cbc md5-hmac
ipsec ike local address 5 192.168.100.1
ipsec ike pre-shared-key 5 text *
ipsec ike remote address 5 any
ipsec ike remote name 5 testE
tunnel enable 15
ip route default gateway pp 1
ip route 192.168.Z.0/24 gateway 192.168.AAA.BBB
ip route 192.168.Y.0/24 gateway 192.168.AAA.BBB
LAN設定
ip lan1 address 192.168.100.1/24
ip lan1 proxyarp on
プロバイダとの接続設定
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname c123456789@test.dion.ne.jp *
ppp lcp mru on 1454
ppp ipcp msext on
ppp ccp type none
ip pp address AAA.BBB.CCC.DDD/32
ip pp mtu 1454
ip pp nat descriptor 1
pp enable 1
PPTP接続を受け入れるための設定
pp select anonymous
pp bind tunnel11-tunnel15
pp auth request mschap
pp auth username test1 *
pp auth username test2 *
pp auth username test3 *
pp auth username test4 *
pp auth username test5 *
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type mppe-any
ip pp remote address pool 192.168.100.101-192.168.100.105
ip pp mtu 1280
pptp service type server
pp enable anonymous
質問
IPSecとPPTPのconfig設定について質問が2つあります。
一つは、PPTPはクライアントが固定IP出ないとダメなのか?また、IPSecはクライアントが固定IP出なくても大丈夫なのか?ということです。
もう一つは以下のIPSec、PPTPのconfig設定を2つ載せましたが、この設定であっているかということです。
[IPSec]
----------------- ここから ----------------------
経路設定
ip route default gateway pp 1
ip route 192.168.Z.0/24 gateway 192.168.AAA.BBB
ip route 192.168.Y.0/24 gateway 192.168.AAA.BBB
LAN設定
ip lan1 address 192.168.100.1/24
ip lan1 proxyarp on
プロバイダとの接続設定
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname c123456789@test.dion.ne.jp *
ppp lcp mru on 1454
ppp ipcp msext on
ppp ccp type none
ip pp address AAA.BBB.CCC.DDD/32
ip pp mtu 1454
ip pp nat descriptor 1
pp enable 1
IPSec接続を受け入れるための設定
pp select anonymous
pp bind tunnel11-tunnel15
pp auth request mschap
pp auth username test1 *
pp auth username test2 *
pp auth username test3 *
pp auth username test4 *
pp auth username test5 *
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type mppe-any
ip pp remote address pool 192.168.100.101-192.168.100.105
ip pp mtu 1280
pp enable anonymous
IPSec接続で使用するトンネル設定
tunnel select 11
tunnel encapsulation ipsec
ipsec tunnel 11
ipsec sa policy 11 1 esp 3des-cbc md5-hmac
ipsec ike local address 1 192.168.100.1
ipsec ike pre-shared-key 1 text *
ipsec ike remote address 1 any
ipsec ike remote name 1 testA
tunnel enable 11
tunnel select 12
tunnel encapsulation ipsec
ipsec tunnel 12
ipsec sa policy 12 2 esp 3des-cbc md5-hmac
ipsec ike local address 2 192.168.100.1
ipsec ike pre-shared-key 2 text *
ipsec ike remote address 2 any
ipsec ike remote name 2 testB
tunnel enable 12
tunnel select 13
tunnel encapsulation ipsec
ipsec tunnel 13
ipsec sa policy 13 3 esp 3des-cbc md5-hmac
ipsec ike local address 3 192.168.100.1
ipsec ike pre-shared-key 3 text *
ipsec ike remote address 3 any
ipsec ike remote name 3 testC
tunnel enable 13
tunnel select 14
tunnel encapsulation ipsec
ipsec tunnel 14
ipsec sa policy 14 4 esp 3des-cbc md5-hmac
ipsec ike local address 4 192.168.100.1
ipsec ike pre-shared-key 4 text *
ipsec ike remote address 4 any
ipsec ike remote name 4 testD
tunnel enable 14
tunnel select 15
tunnel encapsulation ipsec
ipsec tunnel 15
ipsec sa policy 15 5 esp 3des-cbc md5-hmac
ipsec ike local address 5 192.168.100.1
ipsec ike pre-shared-key 5 text *
ipsec ike remote address 5 any
ipsec ike remote name 5 testE
tunnel enable 15
NAT設定
nat descriptor type 1 masquerade
nat descriptor address outer 1 AAA.BBB.CCC.DDD
nat descriptor masquerade static 1 2 192.168.100.1 udp 500
nat descriptor masquerade static 1 3 192.168.100.1 esp
SAの自動更新
ipsec auto refresh on
DNSの設定
dns server pp 1
dns private address spoof on
----------------- ここまで ----------------------
[PPTP]
----------------- ここから ----------------------
経路設定
ip route default gateway pp 1
ip route 192.168.Z.0/24 gateway 192.168.AAA.BBB
ip route 192.168.Y.0/24 gateway 192.168.AAA.BBB
LAN設定
ip lan1 address 192.168.100.1/24
ip lan1 proxyarp on
プロバイダとの接続設定
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname c123456789@test.dion.ne.jp *
ppp lcp mru on 1454
ppp ipcp msext on
ppp ccp type none
ip pp address AAA.BBB.CCC.DDD/32
ip pp mtu 1454
ip pp nat descriptor 1
pp enable 1
PPTP接続を受け入れるための設定
pp select anonymous
pp bind tunnel11-tunnel15
pp auth request mschap
pp auth username test1 *
pp auth username test2 *
pp auth username test3 *
pp auth username test4 *
pp auth username test5 *
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type mppe-any
ip pp remote address pool 192.168.100.101-192.168.100.105
ip pp mtu 1280
pptp service type server
pp enable anonymous
PPTP接続で使用するトンネル設定(anonymous)
tunnel select 11
tunnel encapsulation pptp
pptp tunnel disconnect time 600
tunnel enable 11
tunnel select 12
tunnel encapsulation pptp
pptp tunnel disconnect time 600
tunnel enable 12
tunnel select 13
tunnel encapsulation pptp
pptp tunnel disconnect time 600
tunnel enable 13
tunnel select 14
tunnel encapsulation pptp
pptp tunnel disconnect time 600
tunnel enable 14
tunnel select 15
tunnel encapsulation pptp
pptp tunnel disconnect time 600
tunnel enable 15
NAT設定
nat descriptor type 1 masquerade
nat descriptor masquerade static 1 2 192.168.100.1 esp
PPTPパススルー
nat descriptor masquerade static 1 3 192.168.100.1 tcp 1723
nat descriptor masquerade static 1 4 192.168.100.1 gre
DNSの設定
dns server pp 1
dns private address spoof on
PPTP設定
pptp service on
----------------- ここまで ----------------------
設定漏れや設定間違いがあるようでしたら教えてください。
ところどころ都合の悪い部分はアルファベットで表現しているので、見づらいかもしれませんが、よろしくお願いします。