なにか見落としていることがあるのでしょうか 0010anonymous@fusianasan2022/06/13(月) 16:14:43.06ID:??? 見落としてるとしたらここはVPNの質問スレではないって事かな どうせ後出しで揉めるんだからコンフィグ全部張りなよ 0011anonymous@fusianasan2022/06/13(月) 17:24:06.88ID:??? PC2のデフォゲとファイヤウォールの設定を再確認 0012anonymous@fusianasan2022/06/14(火) 01:07:40.97ID:???>>9のConfigです。すこし長くなりますが、まずはix2106(固定IP)側から ip ufs-cache max-entries 20000 ip ufs-cache enable ip route default Tunnel0.0 ip route 192.168.1.0/24 Tunnel1.0 ip dhcp enable ip access-list web-http-acl permit ip src any dest 192.168.0.254/32 ip access-list web_vpnlist permit ip src any dest any ipv6 ufs-cache max-entries 10000 ipv6 ufs-cache enable ipv6 dhcp enable ipv6 access-list block-list deny ip src any dest any ipv6 access-list permit-list permit ip src any dest any ipv6 access-list web-permit-list permit udp src any sport any dest any dport eq 546 ipv6 access-list web-permit-list permit udp src any sport any dest any dport eq 547 ipv6 access-list web-permit-list permit icmp src any dest any ipv6 access-list web-permit-list permit 4 src any dest any ipv6 access-list dynamic cache 65535 ipv6 access-list dynamic dflt-list access permit-list ike nat-traversal ike proposal web_vpn2ikeprop encryption aes-256 hash sha2-256 group 2048-bit ike policy web_vpn2ikepolicy peer any key **************** mode aggressive web_vpn2ikeprop ike remote-id web_vpn2ikepolicy fqdn satellite1 ipsec autokey-proposal web_vpn2secprop esp-aes-256 esp-sha2-256 ipsec dynamic-map web_vpn2secpolicy web_vpnlist web_vpn2secprop ike-binding web_vpn2ikepolicy ipsec remote-id web_vpn2secpolicy 192.168.1.0/24 proxy-dns ip enable proxy-dns ip request both ddns enable 0013anonymous@fusianasan2022/06/14(火) 01:08:46.71ID:??? ip dhcp profile lan100 assignable-range 192.168.1.2 192.168.1.250 default-gateway 192.168.1.254 dns-server 192.168.1.254 lease-time 7200 ip dhcp profile web-dhcp-gigaethernet1.0 dns-server 192.168.0.254 ipv6 dhcp client-profile dhcpv6-cl option-request dns-servers ia-pd subscriber GigaEthernet1.0 ::/64 eui-64 ipv6 dhcp server-profile dhcpv6-sv dns-server dhcp ddns profile v6plus-update url http://***.******.ne.jp/ query user=**********&pass=******** transport ipv6 source-interface GigaEthernet1.0 update-interval 10 interface GigaEthernet0.0 no ip address ip napt static GigaEthernet0.0 50 ip napt static GigaEthernet0.0 udp 500 ip napt static GigaEthernet0.0 udp 4500 ipv6 enable ipv6 autoselect enable ipv6 autoselect ra-delay 0 ipv6 dhcp client dhcpv6-cl ipv6 nd proxy GigaEthernet1.0 ipv6 filter web-permit-list 51 in ipv6 filter block-list 200 in ipv6 filter web-permit-list 51 out ipv6 filter dflt-list 200 out 0014anonymous@fusianasan2022/06/14(火) 01:09:37.87ID:??? no shutdown
interface GigaEthernet1.0 ip address 192.168.0.254/24 ipv6 enable ipv6 interface-identifier **:**:**:**:**:**:**:** ipv6 dhcp server dhcpv6-sv ipv6 nd ra enable ipv6 nd ra other-config-flag no shutdown interface Tunnel0.0 tunnel mode 4-over-6 tunnel destination xxxx:xxxx:xxxx:xxxx::xx tunnel source GigaEthernet1.0 ip address xxx.xxx.xxx.xxx/32 ip tcp adjust-mss auto ip napt enable ip napt static Tunnel0.0 50 ip napt static Tunnel0.0 udp 500 ip napt static Tunnel0.0 udp 4500 no shutdown interface Tunnel1.0 description testVPN tunnel mode ipsec ip unnumbered GigaEthernet1.0 ip tcp adjust-mss auto ipsec policy tunnel web_vpn2secpolicy out no shutdown 0015anonymous@fusianasan2022/06/14(火) 01:11:00.37ID:???>>9次にix2105(動的IP)側 ip ufs-cache enable ip route default GigaEthernet0.1 ip route 192.168.0.0/24 Tunnel0.0 ip dhcp enable ip access-list web-http-acl permit ip src any dest 192.168.1.254/32 ip access-list web_vpnlist permit ip src any dest any arp auto-refresh ike nat-traversal ike proposal web_vpn1ikeprop encryption aes-256 hash sha2-256 group 2048-bit ike policy web_vpn1ikepolicy peer ***.***.***.*** key **************** mode aggressive web_vpn1ikeprop ike keepalive web_vpn1ikepolicy 30 6 ike local-id web_vpn1ikepolicy fqdn satellite1 ike suppress-dangling web_vpn1ikepolicy ipsec autokey-proposal web_vpn1secprop esp-aes-256 esp-sha2-256 ipsec autokey-map web_vpn1secpolicy web_vpnlist peer ***.***.***.*** web_vpn1secprop ipsec local-id web_vpn1secpolicy 192.168.1.0/24 proxy-dns ip enable proxy-dns interface GigaEthernet0.1 priority 254 ppp profile web-ppp-gigaethernet0.1 authentication myname ********@*************.ne.jp authentication password ********@*************.ne.jp ******** ip dhcp profile lan100 assignable-range 192.168.1.2 192.168.1.250 default-gateway 192.168.1.254 dns-server 192.168.1.254 lease-time 7200 interface GigaEthernet0.0 no ip address shutdown 0016anonymous@fusianasan2022/06/14(火) 01:11:34.03ID:??? interface GigaEthernet1.0 description LAN1 ip address 192.168.1.254/24 ip dhcp binding lan100 linkmgr enable no shutdown interface GigaEthernet0.1 description WAN1 encapsulation pppoe auto-connect ppp binding web-ppp-gigaethernet0.1 ip address ipcp ip tcp adjust-mss auto ip napt enable ip napt hairpinning ip napt static GigaEthernet0.1 50 ip napt static GigaEthernet0.1 udp 500 ip napt static GigaEthernet0.1 udp 4500 no shutdown interface Tunnel0.0 description testVPN tunnel mode ipsec ip unnumbered GigaEthernet1.0 ip tcp adjust-mss auto ipsec policy tunnel web_vpn1secpolicy out no shutdown 0017anonymous@fusianasan2022/06/14(火) 01:19:42.83ID:??? 長くて失礼しました。