Cisco-Yamaha IPSEC

Cisco-Yamaha間 IPSEC VPN SAMPLE

10.0.5.0/24-LAN:Cisco-WAN:1.1.1.2/24-1.1.1.1/24:WAN-Router-LAN:2.2.2.1 /24-2.2.2.1/24-YAMAHA-172.16.0.0/24

Cisco

  LAN：10.0.5.254/24

 WAN：1.1.1.2/24

中間ルータ

 Cisco側：1.1.1.1/24

 Yamaha側：2.2.2.1/24

Yamaha

 LAN：172.16.0.254/24

 WAN：2.2.2.2/24

Cisco

crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key IPSECPASSWORD address 2.2.2.2
!
crypto ipsec transform-set IPSEC esp-aes 256 esp-sha-hmac
!
crypto map TOKYO local-address GigabitEthernet0
crypto map TOKYO 1 ipsec-isakmp
 set peer 2.2.2.2
 set transform-set IPSEC
 match address 100
!
interface GigabitEthernet0
 ip address 1.1.1.2 255.255.255.0
 duplex auto
 speed auto
 crypto map TOKYO
!
interface Vlan1
 ip address 10.0.5.254 255.255.255.0
 ip tcp adjust-mss 1350
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
access-list 100 permit ip 10.0.5.0 0.0.0.255 172.16.0.0 0.0.0.255

Yamaha

ip route 1.1.1.0/24 gateway 2.2.2.1
ip route 10.0.5.0/24 gateway tunnel 1
ip lan1 address 172.16.0.254/24
ip lan2 address 2.2.2.2/24
tunnel select 1
 ipsec tunnel 101
  ipsec sa policy 101 1 esp aes256-cbc sha-hmac
  ipsec ike duration isakmp-sa 1 28800
  ipsec ike encryption 1 aes-cbc
  ipsec ike group 1 modp1024
  ipsec ike hash 1 sha
  ipsec ike local address 1 2.2.2.2
  ipsec ike local id 1 172.16.0.0/24
  ipsec ike pre-shared-key 1 text IPSECPASSWORD
  ipsec ike remote address 1 1.1.1.2
  ipsec ike remote id 1 10.0.5.0/24
 ip tunnel tcp mss limit 1350
 tunnel enable 1
ipsec auto refresh on