YMS-VPN1を使ってIPsecによるリモートアクセス

管理人

17年 ago

Categories: IPsec

YMS-VPN1を使ってIPsecによるリモートアクセス

PPTPã«ãããªã¢ã¼ãã¢ã¯ã»ã¹è¨å®ãç´¹ä»ãã¾ããããå®å¨æ§ãèæ®ããå ´åPPTPã«ããå¸¸ææ¥ç¶ã¯åé¡ãããã¾ããç¡ç·LANã®WEPã®ããã«ç°¡åã«ç ´ãããããã§ã¯ãªãã®ã§ãä¸æçãªãªã¢ã¼ãã¢ã¯ã»ã¹ãªãåé¡ããã¾ããã&NewLine;PPTPã«ãããªã¢ã¼ãã¢ã¯ã»ã¹ãä½¿ããããªãå ´åãIPsecã«ãããªã¢ã¼ãã¢ã¯ã»ã¹ãä½¿ããã¨ã«ãªãã¾ãã&NewLine;Windowsã«ã¯IPsecã«ãããªã¢ã¼ãã¢ã¯ã»ã¹ãè£åãã¦ã¾ããããã¢ã°ã¬ãã·ãã¢ã¼ããã«å¯¾å¿ãã¦ããªãã®ã§ãã¡ã¤ã³ã¢ã¼ãããä½¿ãäºã«ãªãã¾ããã¡ã¤ã³ã¢ã¼ãã ã¨ã¤ãã·ã¨ã¼ã¿ã¼å´ï¼çºä¿¡å´ï¼ã«ãåºå®ã¢ãã¬ã¹ãå¿è¦ã¨ãªãããªã¢ã¼ãã¢ã¯ã»ã¹ã ã¨ä½¿ãã«ããã&NewLine;YAMAHAã§ã¯IPsecã«ãããªã¢ã¼ãã¢ã¯ã»ã¹ãå®ç¾ããããã«ãYMS-VPN1ããæä¾ãã¦ãã¾ããã¢ã°ã¬ãã·ãã¢ã¼ãã«ãå¯¾å¿ã&NewLine;ä»åã¯YMS-VPN1ãä½¿ã£ãIPsecã«ãããªã¢ã¼ãã¢ã¯ã»ã¹è¨å®ãç´¹ä»ãã¾ãã&NewLine;&nbsp&semi;&NewLine;<h3>YMS-VPN1ã®è¨å®æ¹æ³</h3>&NewLine;RTX1100å´ã®LANã¢ãã¬ã¹ã192&period;168&period;100&period;1/24ã¨ãã¾ãã &NewLine;ãªã¢ã¼ãã¢ã¯ã»ã¹å´ã®YMS-VPN1ã®ä»®æ³åé¨ã¢ãã¬ã¹ã192&period;168&period;110&period;1/24ã¨ãã¾ãã&NewLine;<h4>RTX1100å´</h4>&NewLine;<pre class="lang&colon;default decode&colon;true ">ip route default gateway pp 1 &NewLine;ip route 192&period;168&period;110&period;0/24 gateway tunnel 1 &NewLine;&srarr;ipsecã«ãããªã¢ã¼ãã¢ã¯ã»ã¹ã®å ´åã¯éççµè·¯æå ±ãå¿è¦ &NewLine;ip filter source-route on &NewLine;ip filter directed-broadcast on &NewLine;ip lan1 address 192&period;168&period;100&period;1/24 &NewLine;ã¤ã³ã¿ã¼ãããæ¥ç¶ç¨ppè¨å® &NewLine;pp select 1 &NewLine;pp always-on on &NewLine;pppoe use lan2 &NewLine;pp auth accept pap chap mschap mschap-v2 &NewLine;pp auth myname (ISPã®ID)ãï¼ISPæ¥ç¶ãã¹ã¯ã¼ãï¼ &NewLine;ppp lcp mru on 1454 &NewLine;ppp ipcp ipaddress on &NewLine;ip pp mtu 1454 &NewLine;ip pp secure filter in 1000 1001 1002 1003 1004 1020 1021 1022 1023 1024 1025 1041 1042 4000 2000 &NewLine;ip pp secure filter out 1010 1011 1012 1013 1014 1020 1021 1022 1023 1024 1025 3000 dynamic 1080 1081 1082 1083 1084 105 1098 1099 &NewLine;ip pp intrusion detection in on reject=on &NewLine;ip pp intrusion detection out on reject=on &NewLine;ip pp nat descriptor 1 &NewLine;pp enable 1 &NewLine;&starf;ä»¥ä¸ãã£ã«ã¿ã¼è¨å® &NewLine; &NewLine;ip filter 1010 reject &ast; &ast; udp,tcp 135 &ast; &NewLine;ip filter 1011 reject &ast; &ast; udp,tcp &ast; 135 &NewLine;ip filter 1012 reject &ast; &ast; udp,tcp netbios&lowbar;ns-netbios&lowbar;ssn &ast; &NewLine;ip filter 1013 reject &ast; &ast; udp,tcp &ast; netbios&lowbar;ns-netbios&lowbar;ssn &NewLine;ip filter 1014 reject &ast; &ast; udp,tcp 445 &ast; &NewLine;ip filter 1015 reject &ast; &ast; udp,tcp &ast; 445 &NewLine;ip filter 1020 reject 192&period;168&period;100&period;0/24 &ast; &NewLine;ip filter 1030 pass &ast; 192&period;168&period;100&period;0/24 icmp &NewLine;ip filter 1041 pass &ast; 192&period;168&period;100&period;1 udp &ast; 500 &NewLine;ip filter 1042 pass &ast; 192&period;168&period;100&period;1 esp &NewLine;&srarr;ipsecã®éä¿¡ãã»ã³ã¿ã¼å´ãã©ã¤ãã¼ãã¢ãã¬ã¹ã«ééããã &NewLine;ip filter 2000 reject &ast; &ast; &NewLine;ip filter 3000 pass &ast; &ast; &NewLine;ip filter 4000 pass &ast; 192&period;168&period;100&period;0/24 icmp &ast; &ast; &NewLine;ip filter dynamic 1080 &ast; &ast; ftp &NewLine;ip filter dynamic 1081 &ast; &ast; www &NewLine;ip filter dynamic 1082 &ast; &ast; domain &NewLine;ip filter dynamic 1083 &ast; &ast; smtp &NewLine;ip filter dynamic 1084 &ast; &ast; pop3 &NewLine;ip filter dynamic 1098 &ast; &ast; tcp &NewLine;ip filter dynamic 1099 &ast; &ast; udp &NewLine;&starf;ä»¥ä¸natã®è¨å® &NewLine; &NewLine;nat descriptor type 1 masquerade &NewLine;nat descriptor address inner 1 192&period;168&period;100&period;1-192&period;168&period;100&period;254 &NewLine;nat descriptor address outer 1 ipcp &NewLine;nat descriptor masquerade static 1 1 192&period;168&period;100&period;1 udp 500 &NewLine;nat descriptor masquerade static 1 2 192&period;168&period;100&period;1 esp &NewLine;&srarr;IPsecã§å©ç¨ããudp500ã¨espãNATãã¾ãã &NewLine;tunnelè¨å® &NewLine;tunnel select 1 &NewLine;ipsec tunnel 1 &NewLine;ipsec sa policy 1 1 esp aes-cbc sha-hmac &NewLine;ipsec ike pre-shared-key 1 text ï¼äºåå±æéµï¼ &NewLine;&srarr;äºåå±æéµãä»®ã«ABCD1234ã¨ãã &NewLine;ipsec ike remote address 1 any &NewLine;&srarr;æ¥ç¶ãããªã¢ã¼ãå´ãå¶éããªããanonymousæå® &NewLine;ipsec ike remote name 1 ï¼æ¥ç¶åï¼ &NewLine;&srarr;æ¥ç¶åãä»®ã«IPsec-VPNã¨ãã &NewLine;ipsec ike local address 1 192&period;168&period;100&period;1 &NewLine;&srarr;ã»ã³ã¿ã¼å´ã«ã¼ã¿ã¼ã®ãã©ã¤ãã¼ãã¢ãã¬ã¹ãæå®ãã &NewLine;tunnel enable 1</pre>&NewLine;&nbsp&semi;&NewLine;<h4>ã¤ããVPNã¯ã©ã¤ã¢ã³ã YMS-VPN1ã®è¨å®</h4>&NewLine;ã¤ããã®HPããYMS-VPN1ããã¦ã³ãã¼ããã¦ã¤ã³ã¹ãã¼ã«ãã¾ãã &NewLine;<a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0db3cff5&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0db3cff5&period;jpg" alt="" width="440" border="0" /></a> <a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0dc4b4cd&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0dc4b4cd&period;jpg" alt="" width="440" border="0" /></a> <a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0dd5c59f&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0dd5c59f&period;jpg" alt="" width="440" border="0" /></a> <a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0de9894a&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0de9894a&period;jpg" alt="" width="440" border="0" /></a> <a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0dfcb665&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0dfcb665&period;jpg" alt="" width="440" border="0" /></a> <a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e0d1835&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e0d1835&period;jpg" alt="" width="440" border="0" /></a> <a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e2453b8&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e2453b8&period;jpg" alt="" width="440" border="0" /></a> <a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e3be43a&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e3be43a&period;jpg" alt="" width="440" border="0" /></a> äºåå±æéµã¯RTX1100ã§ä»®ã«è¨å®ããABCD1234ãå¥åããæ¥ç¶åã²ã¼ãã¦ã§ã¤ã¯RTX1100ã®ã°ãã¼ãã«ã¢ãã¬ã¹ãå¥åããã &NewLine;<a href="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e4ab702&period;jpg" target="&lowbar;blank"><img src="https&colon;//bacque&period;biz/wp-content/uploads/imgs/blog&lowbar;import&lowbar;525bb0e4ab702&period;jpg" alt="" width="440" border="0" /></a>&NewLine;

Desktop VPNで簡単にリモートアクセス »

« PPTPによるリモートアクセス

Tags: リモートアクセス

管理人: