これでスループット上り下り130Mbpsくらい。。
L2TP接続時はMAX20Mbpsレベル。
! aaa new-model ! aaa authentication login local_access local aaa authentication ppp default local aaa authentication ppp VPDN_AUTH local ! ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 10.10.10.100 10.10.10.120 ! ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.128 default-router 10.10.10.1 dns-server 10.10.10.1 lease 0 2 ! ip inspect name CBAC tcp router-traffic ip inspect name CBAC udp router-traffic ip inspect name CBAC icmp router-traffic ip cef no ipv6 cef ! vpdn enable ! vpdn-group L2TP ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 no l2tp tunnel authentication ! username **** privilege 0 password 0 **** ! crypto keyring L2TP pre-shared-key address 0.0.0.0 0.0.0.0 key ********* ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 28800 crypto isakmp keepalive 3600 ! crypto ipsec transform-set TS1 esp-aes esp-sha-hmac mode transport ! crypto dynamic-map DYN_MAP 10 set nat demux set transform-set TS1 ! crypto map CRYP_MAP 6000 ipsec-isakmp dynamic DYN_MAP ! interface GigabitEthernet0/4 description PrimaryWANDesc_ no ip address ip tcp adjust-mss 1314 duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Virtual-Template1 ip unnumbered Dialer1 ip nat inside ip virtual-reassembly in peer default ip address pool L2pool ppp mtu adaptive ppp authentication ms-chap-v2 VPDN_AUTH ! interface Vlan1 description $ETH_LAN$ ip address 10.10.10.1 255.255.255.128 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1314 ! interface Dialer1 description PrimaryWANDesc__GigabitEthernet0/4 mtu 1454 ip address negotiated ip access-group WAN-IN in ip nat outside ip inspect CBAC out ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp mtu adaptive ppp authentication chap pap callin ppp chap hostname **** ppp chap password 0 **** ppp pap sent-username **** password 0 **** ppp ipcp dns request no cdp enable crypto map CRYP_MAP ! ip local pool L2pool 10.10.10.110 10.10.10.120 ! ip dns server ip nat inside source list 1 interface Dialer1 overload ip nat inside source static tcp ***.***.***.*** **** interface Dialer1 ***** ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip access-list extended WAN-IN permit tcp any any eq ***** permit udp any any eq isakmp permit udp any any eq non500-isakmp permit esp any any permit ahp any any permit udp any any eq 1701 deny ip any any log ! ip sla 100 http get http://www.**** frequency 1200 ip sla schedule 100 life forever start-time now dialer-list 1 protocol ip permit !! access-list 1 permit 10.10.10.0 0.0.0.127 !
