!
! Century Systems NXR-120 Series ver 5.24.1C (build 1/13:44 26 09 2013)
!
hostname NXR_B
telnet-server enable
http-server enable
!
!
!
!
ipv6 forwarding
fast-forwarding enable
!
!
ipsec x509 enable
ipsec x509 ca-certificate nxr
ipsec x509 certificate nxrb
ipsec x509 private-key nxrb key
ipsec x509 private-key nxrb password nxrbpass
ipsec x509 crl nxr
!
ipsec local policy 1
 address ip
 self-identity dn /C=JP/CN=nxrb/E=nxrb@example.com
 x509 certificate nxrb
!
!
ipsec isakmp policy 1
 description NXR_A
 authentication rsa-sig
 hash sha1
 encryption aes128
 group 5
 isakmp-mode main
 remote address ip 10.10.10.1
 remote identity dn /C=JP/CN=nxra/E=nxra@example.com
 local policy 1
!
!
ipsec tunnel policy 1
 description NXR_A
 set transform esp-aes128 esp-sha1-hmac
 set pfs group5
 set key-exchange isakmp 1
 match address ipsec_acl
!
!
interface tunnel 1
 no ip address
 ip tcp adjust-mss auto
 tunnel mode ipsec ipv4
 tunnel protection ipsec policy 1
!
interface ethernet 0
 ip address 192.168.20.1/24
!
interface ethernet 1
 ip address 10.10.20.1/24
 ipsec policy 1
!
dns
 service enable
!
syslog
 local enable
!
!
!
system led ext 0 signal-level mobile 0
!
!
!
!
!
!
ip route 192.168.10.0/24 tunnel 1
ip route 192.168.10.0/24 null 254
ip route 0.0.0.0/0 10.10.20.254
!
ipsec access-list ipsec_acl ip any any
!
!
!
end