{"id":1622,"date":"2025-11-22T16:05:26","date_gmt":"2025-11-22T07:05:26","guid":{"rendered":"https:\/\/mylifeisbeautiful555.net\/?page_id=1622"},"modified":"2025-11-22T16:05:26","modified_gmt":"2025-11-22T07:05:26","slug":"vpn%e3%81%8c%e8%b2%bc%e3%82%8c%e3%81%aa%e3%81%84%e5%8e%9f%e5%9b%a0","status":"publish","type":"page","link":"https:\/\/mylifeisbeautiful555.net\/?page_id=1622","title":{"rendered":"VPN\u304c\u8cbc\u308c\u306a\u3044\u539f\u56e0"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">1. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306e\u539f\u56e0\uff08AnyConnect \/ Secure Client\uff09<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2460 \u30e6\u30fc\u30b6\u30fc\u540d\u30fb\u30d1\u30b9\u30ef\u30fc\u30c9 \/ \u8a3c\u660e\u66f8\u304c\u4e0d\u6b63<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RADIUS \/ LDAP \u8a8d\u8a3c\u5931\u6557<\/li>\n\n\n\n<li>\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u672a\u4f5c\u6210<\/li>\n\n\n\n<li>\u8a3c\u660e\u66f8\u671f\u9650\u5207\u308c\u3001CA\u8a3c\u660e\u66f8\u672a\u30a4\u30f3\u30dd\u30fc\u30c8<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2461 DNS \u3067 VPN \u30b5\u30fc\u30d0\u306e\u540d\u524d\u304c\u5f15\u3051\u306a\u3044<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>vpn.example.com<\/code> \u304c\u89e3\u6c7a\u3067\u304d\u306a\u3044<\/li>\n\n\n\n<li>hosts \u30d5\u30a1\u30a4\u30eb\u306e\u8aa4\u8a18<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2462 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u53e4\u3044<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firepower \u304c <strong>IKEv2 only<\/strong>\u8a2d\u5b9a\u306a\u306e\u306b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u53e4\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u304c IKEv2 \u3092\u4f7f\u3048\u306a\u3044<\/li>\n\n\n\n<li>Windows \u66f4\u65b0\u3067\u4e92\u63db\u6027\u554f\u984c<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2463 Windows\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u4fdd\u8b77\u7cfb\u306e\u5e72\u6e09<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Windows Defender \/ Firewall \u306e\u30d6\u30ed\u30c3\u30af<\/li>\n\n\n\n<li>\u4f1a\u793ePC\u3067\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u304c\u5f37\u3059\u304e\u308b<\/li>\n\n\n\n<li>\u4ed6\u306eVPN\u30bd\u30d5\u30c8\uff08FortiClient\u3001GlobalProtect \u306a\u3069\uff09\u3068\u7af6\u5408<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">2. \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5074\u306e\u539f\u56e0<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2460 UDP\/443 \u304c\u9589\u3058\u3066\u3044\u308b\uff08AnyConnect \u5fc5\u9808\u30dd\u30fc\u30c8\uff09<\/strong><\/h2>\n\n\n\n<p>AnyConnect\uff08Secure Client\uff09\u306f\u57fa\u672c\u7684\u306b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>TCP\/443<\/strong><\/li>\n\n\n\n<li><strong>UDP\/443\uff08DTLS\uff09<\/strong><\/li>\n\n\n\n<li><strong>UDP\/500 \/ UDP\/4500\uff08IPsec\uff09<\/strong><\/li>\n<\/ul>\n\n\n\n<p>\u306e\u3069\u308c\u304b\u3092\u4f7f\u7528\u3002<br><strong>\u4f01\u696d\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3067\u306fUDP\/443\u304c\u585e\u304c\u308c\u3066\u3044\u308b<\/strong>\u3053\u3068\u304c\u591a\u3044\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2461 NAT \/ PAT \u5468\u308a\u306e\u554f\u984c<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>NAT-T \u304c\u4f7f\u3048\u305a\u3001IPsec \u304c\u901a\u3089\u306a\u3044<\/li>\n\n\n\n<li>FW \u304c ESP\uff08IP Protocol 50\uff09\u3092\u30d6\u30ed\u30c3\u30af<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2462 \u30d1\u30d6\u30ea\u30c3\u30afIP \u304c\u88c5\u7f6e\u307e\u3067\u5c4a\u304b\u306a\u3044<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>WAN \u30eb\u30fc\u30bf\u30fc\u3067 hairpin NAT \u304c\u767a\u751f<\/li>\n\n\n\n<li>\u30b0\u30ed\u30fc\u30d0\u30ebIP \u304c ASA\/Firepower \u307e\u3067\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u3055\u308c\u3066\u3044\u306a\u3044<\/li>\n\n\n\n<li>ISP \u5074\u306e CGN\uff08Carrier NAT\uff09\u74b0\u5883<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">3. VPN \u88c5\u7f6e\uff08ASA \/ Firepower\uff09\u5074\u306e\u5178\u578b\u7684\u306a\u539f\u56e0<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2460 AnyConnect \u3092\u683c\u7d0d\u3057\u3066\u3044\u306a\u3044\uff08ASA \u7279\u6709\uff09<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>webvpn\n enable outside\n anyconnect image disk0:\/anyconnect-win.msi 1\n anyconnect enable\n<\/code><\/pre>\n\n\n\n<p>\u304c\u7121\u3044\u3068\u63a5\u7d9a\u3067\u304d\u306a\u3044\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2461 \u30c8\u30f3\u30cd\u30eb\u30b0\u30eb\u30fc\u30d7\uff08tunnel-group\uff09\u306e\u8a2d\u5b9a\u6f0f\u308c<\/strong><\/h2>\n\n\n\n<p>\u7279\u306b\u3053\u308c\u304c\u591a\u3044\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tunnel-group MYGROUP type remote-access\ntunnel-group MYGROUP general-attributes\n address-pool VPNPOOL\n default-group-policy DFLT-GROUP-POLICY\n<\/code><\/pre>\n\n\n\n<p><code>default-group-policy<\/code> \u304c\u7121\u3044 \u2192 \u8a8d\u8a3c\u6210\u529f\u3067\u3082\u63a5\u7d9a\u3067\u304d\u306a\u3044\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2462 IP \u30d7\u30fc\u30eb\u8a2d\u5b9a\u6f0f\u308c<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>ip local pool VPNPOOL 192.168.100.1-192.168.100.50\n<\/code><\/pre>\n\n\n\n<p>\u306e\u672a\u8a2d\u5b9a or \u91cd\u8907\u3002<\/p>\n\n\n\n<p>\u203b \u30d7\u30fc\u30eb\u3068\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304c\u91cd\u306a\u308b\u3068\u975e\u5e38\u306b\u4e0d\u5b89\u5b9a\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2463 ACL \u306e\u30b9\u30d7\u30ea\u30c3\u30c8\u30c8\u30f3\u30cd\u30ea\u30f3\u30b0\u8a2d\u5b9a\u30df\u30b9<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4f01\u696dLAN\u304c\u30c8\u30f3\u30cd\u30eb\u5916\u30eb\u30fc\u30c8\u306b\u51fa\u3066\u3057\u307e\u3046<\/li>\n\n\n\n<li>\u5fc5\u8981\u306a\u5b9b\u5148\u304c\u30b9\u30d7\u30ea\u30c3\u30c8ACL\u306b\u5165\u3063\u3066\u3044\u306a\u3044<\/li>\n<\/ul>\n\n\n\n<p>\u4f8b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>access-list SPLIT standard permit 192.168.10.0 255.255.255.0<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2464 NAT exemption\uff08NAT\u9664\u5916\uff09\u306e\u6f0f\u308c\uff08ASA\u3067\u6700\u91cd\u8981\uff09<\/strong><\/h2>\n\n\n\n<p>ASA \u3067\u306f <strong>VPN\u2192\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af<\/strong> \u306e\u901a\u4fe1\u3092 NAT \u304b\u3089\u9664\u5916\u3057\u306a\u3044\u3068\u5230\u9054\u3057\u307e\u305b\u3093\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nat (inside,outside) source static inside inside destination static VPNPOOL VPNPOOL no-proxy-arp route-lookup\n<\/code><\/pre>\n\n\n\n<p>\u3053\u308c\u304c\u7121\u3044\u3068 <strong>VPN\u63a5\u7d9a\u306f\u6210\u529f\u3059\u308b\u304c_ping\u901a\u3089\u306a\u3044_<\/strong> \u3068\u3044\u3046\u5178\u578b\u75c7\u72b6\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2465 IKE \/ IPsec \u30d1\u30e9\u30e1\u30fc\u30bf\u4e0d\u4e00\u81f4<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6697\u53f7\u65b9\u5f0f<\/li>\n\n\n\n<li>DH group<\/li>\n\n\n\n<li>Lifetime<\/li>\n\n\n\n<li>\u30cf\u30c3\u30b7\u30e5\u65b9\u5f0f<br>ASA \u3068 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a2d\u5b9a\u304c\u4e00\u81f4\u3057\u3066\u3044\u306a\u3044\u3068 Phase1 \/ Phase2 \u3067\u5931\u6557\u3002<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2466 AnyConnect \u30e9\u30a4\u30bb\u30f3\u30b9\u4e0d\u8db3<\/strong><\/h2>\n\n\n\n<p>Firepower \/ ASA \u3067\u540c\u6642\u63a5\u7d9a\u6570\u4ee5\u4e0a \u2192 \u65b0\u898f\u63a5\u7d9a\u62d2\u5426\u3002<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">4. \u52d5\u4f5c\u78ba\u8a8d\u306e\u9806\u756a\uff08\u6700\u77ed\u3067\u539f\u56e0\u3092\u7279\u5b9a\u3059\u308b\u65b9\u6cd5\uff09<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u2460 ping \u3067\u5230\u9054\u6027\u78ba\u8a8d<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>ping &lt;ASA\/FW\u306e\u5916\u5074IP&gt;\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u2461 ASA \u306e\u30ed\u30b0\u78ba\u8a8d<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>show log | i WebVPN\nshow log | i SSL\nshow log | i IKE\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u2462 \u30bb\u30c3\u30b7\u30e7\u30f3\u72b6\u6cc1<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>show vpn-sessiondb anyconnect\nshow vpn-sessiondb detail<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u2463 NAT\u30c6\u30fc\u30d6\u30eb\u78ba\u8a8d<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>show nat detail\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u2464 AnyConnect\u306e\u30ed\u30b0<\/strong><\/h3>\n\n\n\n<p>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u753b\u9762 \u2192 &#8220;Message History&#8221;<br>\u3053\u3053\u306b\u7406\u7531\u304c\u307b\u307c\u5fc5\u305a\u51fa\u3066\u3044\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306e\u539f\u56e0\uff08AnyConnect \/ Secure Client\uff09 \u2460 \u30e6\u30fc\u30b6\u30fc\u540d\u30fb\u30d1\u30b9\u30ef\u30fc\u30c9 \/ \u8a3c\u660e\u66f8\u304c\u4e0d\u6b63 \u2461 DNS \u3067 VPN \u30b5\u30fc\u30d0\u306e\u540d\u524d\u304c\u5f15\u3051\u306a\u3044 \u2462 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u53e4\u3044 \u2463 W [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1622","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1622"}],"version-history":[{"count":1,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1622\/revisions"}],"predecessor-version":[{"id":1623,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1622\/revisions\/1623"}],"wp:attachment":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}