RTX1000
\n% telnet rtx1000<\/p>\n
\r\n# RTX1000 Rev.8.01.29 (Fri Apr 15 11:50:44 2011)\r\n# MAC Address : 00:a0:de:\r\n# Memory 16Mbytes, 3LAN, 1BRI\r\n# main: RTX1000 ver=b0 serial=XXXXXXXXX MAC-Address=00:a0:de: \r\nlogin password *\r\nadministrator password *\r\nsecurity class 2 on on\r\nconsole character ascii\r\nconsole columns 148\r\nip route default gateway pp 1\r\nip route 192.168.1.0\/24 gateway tunnel 1\r\nip route 172.16.1.0\/16 gateway tunnel 1\r\nip lan1 address 192.168.2.1\/24\r\nlan type lan2 auto\r\nip lan3 address 172.16.2.1\/16\r\npp select 1\r\n pp always-on on\r\n pppoe use lan2\r\n pppoe auto disconnect off\r\n pp auth accept pap chap\r\n pp auth myname ASAHINET *PASSWORD*\r\n ppp lcp mru on 1454\r\n ppp ipcp msext on\r\n ip pp address XXX.XXX.XXX.XXX\/32\r\n ip pp mtu 1454\r\n ip pp intrusion detection in on\r\n ip pp intrusion detection out on\r\n ip pp nat descriptor 1 3\r\n pp enable 1\r\ntunnel select 1\r\n ipsec tunnel 101\r\n ipsec sa policy 101 1 esp aes-cbc sha-hmac\r\n ipsec ike keepalive use 1 on\r\n ipsec ike local address 1 192.168.2.1\r\n ipsec ike pre-shared-key 1 text *PRESHAREDKEY*\r\n ipsec ike remote address 1 YYY.YYY.YYY.YYY\r\n ipsec ike remote name 1 rtx1000\r\n tunnel enable 1\r\nnat descriptor type 1 masquerade\r\nnat descriptor address outer 1 XXX.XXX.XXX.XXX\r\nnat descriptor masquerade static 1 1 192.168.2.1 udp 500\r\nnat descriptor masquerade static 1 2 192.168.2.1 esp\r\nipsec auto refresh on\r\nsyslog notice on\r\nsyslog info on\r\nsyslog debug on\r\ntelnetd service on\r\ntelnetd host any\r\ndhcp service server\r\ndhcp server rfc2131 compliant except remain-silent\r\ndhcp scope 1 192.168.2.101-192.168.2.120\/24\r\ndns server 202.224.32.1 202.224.32.2\r\ndns server dhcp lan2\r\ndns private address spoof on\r\n<\/pre>\nRTX1200 \u30c8\u30f3\u30cd\u30eb\u8a2d\u5b9a\u4ee5\u5916\u306f\u629c\u7c8b
\n% ssh rtx1200<\/p>\n\r\nip route 192.168.2.0\/24 gateway tunnel 21\r\nip route 172.16.2.0\/16 gateway tunnel 21\r\nip lan1 address 192.168.1.1\/24\r\nip lan3 address 172.16.1.1\/16\r\n\r\npp select 1\r\n ip pp address YYY.YYY.YYY.YYY\/32\r\n\r\ntunnel select 21\r\n ipsec tunnel 101\r\n ipsec sa policy 101 1 esp aes-cbc sha-hmac\r\n ipsec ike keepalive use 1 on\r\n ipsec ike local address 1 192.168.1.1\r\n ipsec ike pre-shared-key 1 text *PRESHAREDKEY*\r\n ipsec ike remote address 1 XXX.XXX.XXX.XXX\r\n ipsec ike remote name 1 rtx1200 key-id\r\n ip tunnel tcp mss limit auto\r\n tunnel enable 1\r\nnat descriptor address outer 1 ipcp\r\nnat descriptor address inner 1 auto\r\nnat descriptor masquerade static 1 1 192.168.1.1 esp\r\nnat descriptor masquerade static 1 2 192.168.1.1 udp 500\r\n<\/pre>\n% ssh rtx1200<\/p>\n
\r\n# show status tunnel 21\r\nTUNNEL[21]:\r\nDescription:\r\n Interface type: IPsec\r\n Current status is Online.\r\n from 2011\/11\/30 15:25:47.\r\n 10 minutes 33 seconds connection.\r\n Received: (IPv4) 218 packets [23091 octets]\r\n (IPv6) 0 packet [0 octet]\r\n Transmitted: (IPv4) 187 packets [31024 octets]\r\n (IPv6) 0 packet [0 octet]\r\n#\r\n# show ipsec sa\r\nTotal: isakmp:1 send:2 recv:2\r\n\r\nsa sgw isakmp connection dir life[s] remote-id\r\n-----------------------------------------------------------------------------\r\n3 1 - isakmp - 28303 YYY.YYY.YYY.YYY\r\n4 1 3 tun[021]esp send 28305 YYY.YYY.YYY.YYY\r\n5 1 3 tun[021]esp recv 28305 YYY.YYY.YYY.YYY\r\n6 1 3 tun[021]esp send 28305 YYY.YYY.YYY.YYY\r\n7 1 3 tun[021]esp recv 28305 YYY.YYY.YYY.YYY\r\n\r\n#\r\n# show ipsec sa 3\r\nSA[3] Duration: 28239s\r\nLocal ID: 192.168.1.1\r\nRemote ID: YYY.YYY.YYY.YYY (rtx1200)\r\nProtocol: IKE\r\nAlgorithm: 3DES-CBC, SHA-1, MODP 1024bit\r\nSPI: 01 02 03 04 05 06 06 07 08 09 0a 0b 0c 0d 0e 0f\r\nKey: ** ** ** ** ** (confidential) ** ** ** ** **\r\n----------------------------------------------------\r\n\r\n#\r\n# show ipsec sa 4\r\nSA[4] Duration: 28228s\r\nLocal ID: 192.168.1.1\r\nRemote ID: YYY.YYY.YYY.YYY (rtx1200)\r\nDirection: send\r\nProtocol: ESP (Mode: tunnel)\r\nAlgorithm: AES-CBC (for Auth.: HMAC-SHA)\r\nSPI: 11 22 33 44\r\nKey: ** ** ** ** ** (confidential) ** ** ** ** **\r\n----------------------------------------------------\r\n\r\n#\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"RTX1000 % telnet rtx1000 # RTX1000 Rev.8.01.29 (Fri Apr 15 11:50:44 2011) # MAC Address : 00:a0:de: # Memory 1…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-668","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts\/668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=668"}],"version-history":[{"count":6,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts\/668\/revisions"}],"predecessor-version":[{"id":671,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts\/668\/revisions\/671"}],"wp:attachment":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}