# config parameters # OfficeLAN 192.168.1.0/24 # HomeLAN 192.168.100.1/24 HomeLAN2 192.168.11.250(for access to HGW) # Home HGW address 192.168.11.1 # Home to Office # # RTX810 Rev.11.01.34 (Tue Nov 26 18:39:12 2019) # MAC Address : **:**:**:**:**:** # Memory 128Mbytes, 2LAN # main: RTX810 ver=00 serial=******** MAC-Address=**:**:**:**:**:** MAC-Address=**:**:**:**:**:** # Reporting Date: May 8 06:39:20 2021 # login timer login timer 1800 # IP configuration ip route default gateway tunnel 1 gateway pp 1 filter 100001 100002 100003 100004 ip route 192.168.1.0/24 gateway tunnel 3 ip filter source-route on ip filter directed-broadcast on # IPv6 configuration ipv6 route default gateway dhcp lan2 ipv6 prefix 1 dhcp-prefix@lan2::/64 # LAN1 configuration description lan1 LAN ip lan1 address 192.168.100.1/24 ip lan1 proxyarp on ipv6 lan1 address dhcp-prefix@lan2::1/64 ipv6 lan1 rtadv send 1 o_flag=on ipv6 lan1 dhcp service server # LAN2 configuration description lan2 WAN ip lan2 address 192.168.11.250/24 ipv6 lan2 address dhcp ipv6 lan2 prefix change log on ipv6 lan2 mtu 1500 ipv6 lan2 secure filter in 1010 1011 1012 2000 ipv6 lan2 secure filter out 3000 dynamic 100 101 102 103 104 105 108 109 ipv6 lan2 dhcp service client ngn type lan2 ntt # Provider Type configuration(only RTX810) provider lan1 name LAN: provider lan2 name "PPPoE/0/1/5/0/0/0:asahi-net_ipv4" provider lan2 name ipv6 PRV/0/4/0/0/2/1:asahi-net_ipv6 ### PP 1 ### pp select 1 pp name "PRV/1/1/5/0/0/0:ISP_ipv4" pp keepalive interval 30 retry-interval=30 count=12 pp always-on on pppoe use lan2 pppoe auto disconnect off pp auth accept pap chap pp auth myname ***ISP_ID*** **ISP_Pass** ppp lcp mru on 1454 ppp ipcp ipaddress on ppp ccp type none ip pp secure filter in 200003 200030 200082 200081 200083 200080 200097 100001 100002 100003 100004 ip pp secure filter out 200013 200020 200021 200022 200023 200024 200025 200026 200027 200099 dynamic 200080 200081 200082 200083 200084 200085 200098 200099 ip pp nat descriptor 1000 netvolante-dns use pp server=1 auto netvolante-dns hostname host pp server=1 ***.aa0.netvolante.jp pp enable 1 # Provider information(only RTX810) provider set 1 "ISP_ipv4" provider dns server 1 8.8.8.8 8.8.4.4 provider select 1 ### PP anonymous ### pp select anonymous pp name regno-l2tp pp bind tunnel2 pp auth request chap-pap pp auth username *l2tpuse1** *l2tppass* ppp ipcp ipaddress on ppp ipcp msext on ip pp remote address pool dhcp ip pp mtu 1258 pp enable anonymous # TUNNEL configuration tunnel select 1 tunnel name DS-Lite description tunnel DS-Lite tunnel encapsulation ipip tunnel endpoint address ***AFTR_address*** ip tunnel mtu 1460 ip tunnel secure filter in 200000 200001 200002 201003 200003 200021 200022 200023 200024 200025 200030 200032 ip tunnel secure filter out 200010 200011 200012 200013 200020 200021 200022 200023 200024 200025 200026 200027 200099 dynamic 200080 200081 200082 200083 200084 200085 200098 200099 ip tunnel tcp mss limit auto tunnel enable 1 ### TUNNEL 2 ### tunnel select 2 tunnel encapsulation l2tp ipsec tunnel 101 ipsec sa policy 101 2 esp aes-cbc sha-hmac ipsec ike keepalive log 2 off ipsec ike keepalive use 2 off ipsec ike local address 2 192.168.100.1 ipsec ike local id 2 192.168.100.1/24 ipsec ike local name 2 **L2TP_Name** key-id ipsec ike nat-traversal 2 on ipsec ike pre-shared-key 2 text **L2TP_PSK*** ipsec ike remote address 2 any l2tp tunnel disconnect time 300 l2tp keepalive use on ip tunnel tcp mss limit auto tunnel enable 2 ### TUNNEL 3 ### tunnel select 3 tunnel name i2-VPN ipsec tunnel 102 ipsec sa policy 102 3 esp aes-cbc sha-hmac ipsec ike keepalive log 3 off ipsec ike keepalive use 3 on heartbeat 10 6 ipsec ike local address 3 192.168.100.1 ipsec ike local id 3 192.168.100.1/24 ipsec ike local name 3 **IPSec_Name** key-id ipsec ike nat-traversal 3 on ipsec ike pre-shared-key 3 text **OfficeIPSecPSK*** ipsec ike remote address 3 **Office_WAM_Address** ip tunnel tcp mss limit auto tunnel enable 3 # IP filter configuration ip filter 100001 pass * * udp 500 * ip filter 100002 pass * * udp 4500 * ip filter 100003 pass * * udp 1701 * ip filter 100004 pass * * esp ip filter 200000 reject 10.0.0.0/8 * * * * ip filter 200001 reject 172.16.0.0/12 * * * * ip filter 200002 reject 192.168.0.0/16 * * * * ip filter 200003 reject 192.168.100.0/24 * * * * ip filter 200010 reject * 10.0.0.0/8 * * * ip filter 200011 reject * 172.16.0.0/12 * * * ip filter 200012 reject * 192.168.0.0/16 * * * ip filter 200013 reject * 192.168.100.0/24 * * * ip filter 200020 reject * * udp,tcp 135 * ip filter 200021 reject * * udp,tcp * 135 ip filter 200022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 200023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 200024 reject * * udp,tcp 445 * ip filter 200025 reject * * udp,tcp * 445 ip filter 200026 restrict * * tcpfin * www,21,nntp ip filter 200027 restrict * * tcprst * www,21,nntp ip filter 200030 pass * 192.168.100.0/24 icmp * * ip filter 200031 pass * 192.168.100.0/24 established * * ip filter 200032 pass * 192.168.100.0/24 tcp * ident ip filter 200033 pass * 192.168.100.0/24 tcp ftpdata * ip filter 200034 pass * 192.168.100.0/24 tcp,udp * domain ip filter 200035 pass * 192.168.100.0/24 udp domain * ip filter 200036 pass * 192.168.100.0/24 udp * ntp ip filter 200037 pass * 192.168.100.0/24 udp ntp * ip filter 200080 pass * 192.168.100.1 udp * 1701 ip filter 200081 pass * 192.168.100.1 udp * 500 ip filter 200082 pass * 192.168.100.1 esp * * ip filter 200083 pass * 192.168.100.1 udp * 4500 ip filter 200097 reject * * ip filter 200098 reject-nolog * * established ip filter 200099 pass * * * * * # IP dynamic filter configuration ip filter dynamic 200080 * * ftp ip filter dynamic 200081 * * domain ip filter dynamic 200082 * * www ip filter dynamic 200083 * * smtp ip filter dynamic 200084 * * pop3 ip filter dynamic 200085 * * submission ip filter dynamic 200098 * * tcp ip filter dynamic 200099 * * udp ip filter dynamic 201080 * * ftp ip filter dynamic 201081 * * domain ip filter dynamic 201082 * * www ip filter dynamic 201083 * * smtp ip filter dynamic 201084 * * pop3 ip filter dynamic 201085 * * submission ip filter dynamic 201098 * * tcp ip filter dynamic 201099 * * udp # NAT Descriptor configuration nat descriptor type 1000 masquerade nat descriptor masquerade static 1000 1 192.168.100.1 udp 1701 nat descriptor masquerade static 1000 2 192.168.100.1 udp 500 nat descriptor masquerade static 1000 3 192.168.100.1 esp nat descriptor masquerade static 1000 4 192.168.100.1 udp 4500 nat descriptor masquerade static 1000 5 192.168.100.1 gre # IPSEC configuration ipsec auto refresh on ipsec ike keepalive log 1 off ipsec ike keepalive use 1 off ipsec ike nat-traversal 1 on ipsec transport 2 101 udp 1701 ipsec transport 3 102 udp 1701 # IPv6 filter configuration ipv6 filter 1010 pass * * icmp6 * * ipv6 filter 1011 pass * * tcp * ident ipv6 filter 1012 pass * * udp * 546 ipv6 filter 2000 reject * * * * * ipv6 filter 3000 pass * * * * * ipv6 filter dynamic 100 * * ftp ipv6 filter dynamic 101 * * domain ipv6 filter dynamic 102 * * www ipv6 filter dynamic 103 * * smtp ipv6 filter dynamic 104 * * pop3 ipv6 filter dynamic 105 * * submission ipv6 filter dynamic 108 * * tcp ipv6 filter dynamic 109 * * udp # SYSLOG configuration syslog notice on # TELNETD configuration telnetd host 192.168.100.1-192.168.100.199 192.168.1.1-192.168.1.199 # DHCP configuration dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 2 192.168.100.11-192.168.100.199/24 # DHCPC configuration dhcp client release linkdown on # DNS configuration dns host lan1 dns service fallback on dns server 8.8.8.8 8.8.4.4 dns server dhcp lan2 dns private address spoof on # Schedule configuration schedule at 1 */* 01:00:00 * ntpdate ntp.nict.jp syslog # L2TP configuration l2tp service on # HTTPD configuration httpd host host 192.168.100.1-192.168.100.199 192.168.1.1-192.168.1.199 #