564 lines
37 KiB
Text
564 lines
37 KiB
Text
set clock dst-off
|
|
set clock timezone 5
|
|
set vrouter trust-vr sharable
|
|
set vrouter "untrust-vr"
|
|
exit
|
|
set vrouter "trust-vr"
|
|
unset auto-route-export
|
|
exit
|
|
set service "EN_SAG_FIN" protocol tcp src-port 0-65535 dst-port 48002-48002
|
|
set service "EN_SAG_FAct" protocol tcp src-port 0-65535 dst-port 48003-48003
|
|
set service "SWP_TCP48600" protocol tcp src-port 0-65535 dst-port 48600-48600
|
|
set auth-server "Local" id 0
|
|
set auth-server "Local" server-name "Local"
|
|
set auth-server "RSA_Server" id 1
|
|
set auth-server "RSA_Server" server-name "192.168.206.100"
|
|
set auth-server "RSA_Server" account-type auth xauth
|
|
set auth-server "RSA_Server" type securid
|
|
set auth default auth server "Local"
|
|
set auth radius accounting port 27911
|
|
set admin name "ENSBadmin"
|
|
set admin password "nBd5PIrLLusBciHPhs0PBnMtk5Dm5n"
|
|
set admin user "juy" password "nG5aE+reBeQIcQYK4sPHRuHtGdG0Kn" privilege "all"
|
|
set admin user "adesear" password "nLtbNIrRDSPEcrMDFs7MT5Htz8Cifn" privilege "all"
|
|
set admin user "msaeed" password "nF3dKrrkHDHCckxALsfARkBtenLoAn" privilege "all"
|
|
set admin user "kbaluyot" password "nMSQP4rHLyxHcWqBmsqP9pMtnMGPYn" privilege "all"
|
|
set admin ssh port 2194
|
|
set admin auth timeout 10
|
|
set admin auth server "Local"
|
|
set admin auth banner telnet login "EastNets Service Bureau: AUTHORIZED PERSON ONLY! "
|
|
set admin auth banner console login "EastNets Service Bureau: AUTHORIZED PERSON ONLY! "
|
|
set admin format dos
|
|
set zone "Trust" vrouter "trust-vr"
|
|
set zone "Untrust" vrouter "trust-vr"
|
|
set zone "DMZ" vrouter "trust-vr"
|
|
set zone "VLAN" vrouter "trust-vr"
|
|
set zone "Untrust-Tun" vrouter "trust-vr"
|
|
set zone "Trust" tcp-rst
|
|
set zone "Untrust" block
|
|
unset zone "Untrust" tcp-rst
|
|
set zone "MGT" block
|
|
set zone "DMZ" tcp-rst
|
|
set zone "VLAN" block
|
|
set zone "VLAN" tcp-rst
|
|
set zone "Untrust" screen icmp-flood
|
|
set zone "Untrust" screen udp-flood
|
|
set zone "Untrust" screen port-scan
|
|
set zone "Untrust" screen ip-sweep
|
|
set zone "Untrust" screen tear-drop
|
|
set zone "Untrust" screen syn-flood
|
|
set zone "Untrust" screen ip-spoofing
|
|
set zone "Untrust" screen ping-death
|
|
set zone "Untrust" screen ip-filter-src
|
|
set zone "Untrust" screen land
|
|
set zone "Untrust" screen syn-frag
|
|
set zone "Untrust" screen tcp-no-flag
|
|
set zone "Untrust" screen ip-bad-option
|
|
set zone "Untrust" screen icmp-fragment
|
|
set zone "Untrust" screen syn-fin
|
|
set zone "Untrust" screen fin-no-ack
|
|
set zone "Untrust" screen syn-ack-ack-proxy
|
|
set zone "V1-Untrust" screen tear-drop
|
|
set zone "V1-Untrust" screen syn-flood
|
|
set zone "V1-Untrust" screen ping-death
|
|
set zone "V1-Untrust" screen ip-filter-src
|
|
set zone "V1-Untrust" screen land
|
|
set interface "ethernet0/0" zone "Trust"
|
|
set interface "ethernet0/1" zone "Untrust"
|
|
set interface "ethernet0/2" zone "Untrust"
|
|
set interface "tunnel.1" zone "Untrust"
|
|
set interface "tunnel.2" zone "Untrust"
|
|
set interface "tunnel.3" zone "Untrust"
|
|
set interface "tunnel.4" zone "Untrust"
|
|
set interface "tunnel.5" zone "Untrust"
|
|
unset interface vlan1 ip
|
|
set interface ethernet0/0 ip 192.168.246.7/24
|
|
set interface ethernet0/0 nat
|
|
set interface ethernet0/1 ip 192.168.247.7/24
|
|
set interface ethernet0/1 route
|
|
set interface ethernet0/2 ip 202.63.216.20/28
|
|
set interface ethernet0/2 route
|
|
set interface tunnel.1 ip 10.10.0.1/16
|
|
set interface tunnel.2 ip 10.20.0.1/16
|
|
set interface tunnel.3 ip 10.30.0.1/25
|
|
set interface tunnel.4 ip 10.30.0.129/25
|
|
set interface tunnel.5 ip 10.40.0.50/16
|
|
unset interface vlan1 bypass-others-ipsec
|
|
unset interface vlan1 bypass-non-ip
|
|
set interface ethernet0/0 manage-ip 192.168.246.5
|
|
set interface ethernet0/1 manage-ip 192.168.247.5
|
|
set interface ethernet0/2 manage-ip 202.63.216.18
|
|
set interface ethernet0/0 ip manageable
|
|
set interface ethernet0/1 ip manageable
|
|
set interface ethernet0/2 ip manageable
|
|
set interface ethernet0/1 manage ping
|
|
set interface ethernet0/1 manage ssh
|
|
set interface ethernet0/1 manage telnet
|
|
set interface ethernet0/1 manage snmp
|
|
set interface ethernet0/1 manage ssl
|
|
set interface ethernet0/1 manage web
|
|
set interface ethernet0/1 manage ident-reset
|
|
set interface ethernet0/2 manage ping
|
|
set interface ethernet0/2 manage ssh
|
|
set interface ethernet0/2 manage telnet
|
|
set interface ethernet0/2 manage snmp
|
|
set interface ethernet0/2 manage ssl
|
|
set interface ethernet0/2 manage web
|
|
set interface ethernet0/2 manage ident-reset
|
|
set auth-server "RSA_Server" src-interface "ethernet0/0"
|
|
unset flow no-tcp-seq-check
|
|
set flow tcp-syn-check
|
|
set console page 10
|
|
set hostname ENSBPVPN1
|
|
set pki authority default scep mode "auto"
|
|
set pki x509 default cert-path partial
|
|
set dns host dns1 202.63.197.6
|
|
set dns host dns2 202.63.192.12
|
|
set dns host dns3 0.0.0.0
|
|
set address "Trust" "192.168.246.0/24" 192.168.246.0 255.255.255.0
|
|
set address "Trust" "ENSBPK_SAG1" 192.168.246.25 255.255.255.255
|
|
set address "Trust" "ENSBPK_SAG2" 192.168.246.20 255.255.255.255
|
|
set address "Trust" "ENSBPK_SWP1" 192.168.246.30 255.255.255.255
|
|
set address "Trust" "NW_ENSBPK" 192.168.246.0 255.255.255.0
|
|
set address "Untrust" "NW_ENDXB_HQ" 213.132.40.96 255.255.255.240
|
|
set address "Untrust" "NW_ENSBDXB" 192.168.206.0 255.255.255.0
|
|
set address "Untrust" "NW_ENSBDXB_Public" 213.132.51.16 255.255.255.240
|
|
set address "Untrust" "NW_ENSBPK_CUST_DRCP" 172.23.0.0 255.255.0.0 "DRCP Client GNAT"
|
|
set address "Untrust" "NW_ENSBPK_CUST_GWCP" 172.22.0.0 255.255.0.0 "GWCP Client GNAT"
|
|
set address "Untrust" "NW_NOC" 192.168.196.0 255.255.255.0
|
|
set group address "Untrust" "NWG_DXB_MGMT" comment "Allowd IP's to manage PK"
|
|
set group address "Untrust" "NWG_DXB_MGMT" add "NW_ENDXB_HQ"
|
|
set group address "Untrust" "NWG_DXB_MGMT" add "NW_ENSBDXB"
|
|
set group address "Untrust" "NWG_DXB_MGMT" add "NW_ENSBDXB_Public"
|
|
set group service "EN_SAG_Ports" comment "SAG Ports"
|
|
set group service "EN_SAG_Ports" add "EN_SAG_FAct"
|
|
set group service "EN_SAG_Ports" add "EN_SAG_FIN"
|
|
set group service "EN_SAG_Service" comment "SAG Service"
|
|
set group service "EN_SAG_Service" add "EN_SAG_FAct"
|
|
set group service "EN_SAG_Service" add "EN_SAG_FIN"
|
|
set group service "EN_SAG_Service" add "ICMP-ANY"
|
|
set ippool "Default_Pool" 10.100.0.1 10.100.0.254
|
|
set ippool "ENSB_MGMT_Pool" 10.100.200.1 10.100.200.10
|
|
set ippool "ENSB_Support_Pool" 10.100.201.10 10.100.201.20
|
|
set user "adesear" uid 12
|
|
set user "adesear" ike-id u-fqdn "adesear@eastnets.com" share-limit 1
|
|
set user "adesear" type ike xauth
|
|
set user "adesear" remote ippool "ENSB_MGMT_Pool"
|
|
set user "adesear" password "3EAw5YSjNFeXBtsv7nCJ+JKyCanQlTc2SA=="
|
|
unset user "adesear" type auth
|
|
set user "adesear" "enable"
|
|
set user "hkhan" uid 13
|
|
set user "hkhan" ike-id u-fqdn "hkhan@eastnets.com" share-limit 1
|
|
set user "hkhan" type ike xauth
|
|
set user "hkhan" remote ippool "ENSB_Support_Pool"
|
|
set user "hkhan" password "y52jzNaSNADQmksdZzCiXQqdHEn59T/IQg=="
|
|
unset user "hkhan" type auth
|
|
set user "hkhan" "enable"
|
|
set user "juy" uid 8
|
|
set user "juy" ike-id u-fqdn "juy@eastnets.com" share-limit 1
|
|
set user "juy" type ike xauth
|
|
set user "juy" remote ippool "ENSB_MGMT_Pool"
|
|
set user "juy" password "A1DtwtZJN8cigbs+FBCgkt6tYJnqxG/uTw=="
|
|
unset user "juy" type auth
|
|
set user "juy" "enable"
|
|
set user "mfarid" uid 4
|
|
set user "mfarid" ike-id u-fqdn "mfarid@eastnets.com" share-limit 1
|
|
set user "mfarid" type ike xauth
|
|
set user "mfarid" remote ippool "ENSB_MGMT_Pool"
|
|
set user "mfarid" password "RqCPQYYTNcnqTps9NMC6JE5Zlrnvz6Htgg=="
|
|
unset user "mfarid" type auth
|
|
set user "mfarid" "enable"
|
|
set user "test" uid 2
|
|
set user "test" ike-id u-fqdn "test@test.test" share-limit 1
|
|
set user "test" type ike
|
|
set user "test" "enable"
|
|
set user "tmp" uid 3
|
|
set user "tmp" ike-id u-fqdn "tmp@tmp.tmp" share-limit 1
|
|
set user "tmp" type ike
|
|
set user "tmp" "enable"
|
|
set user-group "Dialup_gourp" id 2
|
|
set user-group "Dialup_gourp" location external
|
|
set user-group "Dialup_gourp" type xauth
|
|
set user-group "ENSB_Support_Group" id 3
|
|
set user-group "ENSB_Support_Group" user "hkhan"
|
|
set user-group "ensb_mgmt_group" id 1
|
|
set user-group "ensb_mgmt_group" user "adesear"
|
|
set user-group "ensb_mgmt_group" user "juy"
|
|
set user-group "ensb_mgmt_group" user "mfarid"
|
|
set ike gateway "GW_ENSBDXB" address 80.227.254.205 Main outgoing-interface "ethernet0/2" preshare "V/1Z77I7N5UuF0siYAC8t0qvN3nIG3TpOM2aUMK1gnY0ZXCKcHdu9vc=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_ENSBDXB_ISDN" address 192.168.207.17 Main outgoing-interface "ethernet0/1" preshare "uapaaalhNHK3ngs3PlCSC/if8vnij5ZeUuInMqA/Q6e5sNDDfcieZBc=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_ENSBDXB_ISDN" cert peer-ca all
|
|
set ike gateway "GW_ENSBDXB_ISDN" nat-traversal
|
|
set ike gateway "GW_ENSBDXB_ISDN" nat-traversal udp-checksum
|
|
set ike gateway "GW_ENSBDXB_ISDN" nat-traversal keepalive-frequency 0
|
|
set ike gateway "GW_PTSAAEAA_LL" address 213.132.40.101 id "PTSAAEAA@eastnets.com" Aggr outgoing-interface "ethernet0/2" preshare "YBVGBJw3NKol2esLEYC5HijvjjnQq+PhyN4QjSzkzrq7YoYIc8np1Ww=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_PTSAAEAA_ISDN" address 0.0.0.0 id "PTSAAEAA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "r6I0IL5jNxajTusmZECN/pK8g7nDUtY+LKnE0jtvuvCgwurASaOEG9o=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_PTSAAEAA_ISDN" nat-traversal
|
|
set ike gateway "GW_KHYPPKKA_LL" address 210.2.139.34 Main outgoing-interface "ethernet0/2" preshare "zb5eZTZPN27GGzsdtFC17JsSSFnsON8afeaugtY4iyqv5I+xRB2K2MA=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_KHYBPKKA_ISDN" address 0.0.0.0 id "KHYBPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "2m7ZKSCTNrj0NJsR1QC11uXfJSnjHJW4bmL0BG7aLa+Blw0diYRgCrY=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_KHYBPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_AIINPKKA_LL" address 203.130.2.203 Main outgoing-interface "ethernet0/2" preshare "z3B00C33NE0YPpsL/sCykO/QnRnS5mnFYLjFggS9oWOkEIMfLiIp5+Q=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_AIINPKKA_ISDN" address 0.0.0.0 id "AIINPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "Ie3HOgDLNxOdj9sBMKCMWvW45AnZwshQ1CqGA5Cc4WUZI/vYiLO6/HY=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_AIINPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_BKIPPKKA_LL" address 210.2.139.58 Main outgoing-interface "ethernet0/2" preshare "E3dkZGJtNRBmWos4f4CFosHVRInyixhy/NoPR2nklBWoR9eEoBZzquU=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_BKIPPKKA_ISDN" address 0.0.0.0 id "BKIPPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "ny0c4WPpNff6DJsctBCN3ob282nRBbsFRMOj2SwuOTiQQoF6J6mMOOw=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_BKIPPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_PLCOPKKA_LL" address 202.44.85.229 Main outgoing-interface "ethernet0/2" preshare "0nKQ0Z1NN+bWI+svF8CnEgF5xdn0611xt5b/CekuByxayTCG6Sto7pQ=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_PLCOPKKA_ISDN" address 0.0.0.0 id "PLCOPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "xKM49ZOFN5KHLOssMtCJSPaYsKnYORUtPRQa/y1f9cq71biXBzfW86o=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_PLCOPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_SUMBPKKA_LL" address 203.101.171.34 Main outgoing-interface "ethernet0/2" preshare "MVaw2FfuNk9UDssjjoCZ/yxVUVnC8+giae46pWsVXpAqc0Y5xKw7ugk=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_SUMBPKKA_ISDN" address 0.0.0.0 id "DBHDPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "nDJrR4lPNhDWeKs27XCDCQLjrTn4v83uOrtwDJ5FjEvBRhij957Gofc=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_SUMBPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_FDIBPKKA_LL" address 202.88.39.45 Main outgoing-interface "ethernet0/2" preshare "AcZQCuChNskTWcsguwC3/nRygLnIhTSAP3EkDbIMZAbDw5tOLpheiI8=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_FDIBPKKA_ISDN" address 0.0.0.0 id "FDIBPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "H7TKN6SwNXsQpesI6hCVwZYAKen9/qW366kbqV7jeBeOP5ftNg3opoM=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_FDIBPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_FAYSPKKA_LL" address 125.209.98.178 Main outgoing-interface "ethernet0/2" preshare "26ly5qEUNDbqQxstO2CXkSY7oPn4UQtH7HweA2RIlf3RJ3T27KQY+2s=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_FAYSPKKA_ISDN" address 0.0.0.0 id "FAYSPKKA@eastnets.com" Main outgoing-interface "ethernet0/1" preshare "hUeevc84N6ZN1Psg8wCLeldeYJnZ71Gzf1ujvfePBgPc1c/6KAukOeU=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_FAYSPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_NIBPPKKA_LL" address 124.29.205.107 Main outgoing-interface "ethernet0/2" preshare "Ufd51GQnNj5X/VsVQ6CxEvMwzTnDEUBT3OrVfHFpciGNGJ5l8X4eKYU=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_NIBPPKKA_ISDN" address 0.0.0.0 id "NIBPPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "FvEj8dxGNPhZrvsb1iCkP8t64InsHjuGnICseq5BtJLk8iv2cDN3Aic=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_NIBPPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_MEZNPKKA_LL" address 125.209.91.19 Main outgoing-interface "ethernet0/2" preshare "nTJ5Ws32NKjP2PsaPmCYE4jd0NnSYd/sUZt7Y0FMhzyLEvgWN5o9jpw=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_MEZNPKKA_ISDN" address 0.0.0.0 id "MEZNPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "5ItAdPm1Ncbk9wsUiiCIuBv9zbn+Y3R26/pSAooNpt6oU4qstPPFuxc=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_MEZNPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_FWOMPKKA_LL" address 124.29.205.6 Main outgoing-interface "ethernet0/2" preshare "/rWK7/JqNJz/ZqsbxwCcEcB0vOnIQlF3CqIJa1rm87jtnRVrXe5gmAk=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_FWOMPKKA_ISDN" address 0.0.0.0 id "FWOMPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "5k7i8H3oN9laQds+pTCauj7d+8nldFPrXtUDxtymthOYwFIvhjT2eAs=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_FWOMPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_FAYSPKKA_DR_LL" address 58.27.253.14 Main outgoing-interface "ethernet0/2" preshare "ciBpuwT3N2nMnOslkuCOvbIdTSnUPK54613xhmkj4R+i6xxyZik/WFk=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_ENSB_MGMT_DIALIN" dialup "ensb_mgmt_group" Aggr outgoing-interface "ethernet0/2" preshare "5o8dLMTFNwbcJGsb8mCw/t0ahvne5vnyaOneXZOwMX867LnDty5GOuA=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_ENSB_MGMT_DIALIN" nat-traversal udp-checksum
|
|
set ike gateway "GW_ENSB_MGMT_DIALIN" nat-traversal keepalive-frequency 5
|
|
set ike gateway "GW_ENSB_MGMT_DIALIN" xauth
|
|
set ike gateway "GW_ENSB_MGMT_DIALIN" xauth server auth-method chap pap
|
|
unset ike gateway "GW_ENSB_MGMT_DIALIN" xauth do-edipi-auth
|
|
set ike gateway "GW_BAHLPKKA_GWCP_LL" address 202.125.136.108 Main outgoing-interface "ethernet0/2" preshare "CTFR32fJNvBReCs8duCDevf4nxnMNB8qAGeRoXMwMhjQCxZBWjZlXnU=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_BAHLPKKA_DRCP_LL" address 117.20.16.142 Main outgoing-interface "ethernet0/2" preshare "X8VeSI+PNwYXwlsR4QCDqUG0knnwnKx3krqF/FbZcwW2kmR/doAfZQg=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_AIINPKKA_DRCP_LL" address 124.29.206.2 Main outgoing-interface "ethernet0/2" preshare "Ngzaj90JNQQZLws9CYCR7E+gPsnFWqinCgXYgZ0NJ3kXox6fDxCxtpc=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_AIINPKKA1_LL" address 124.29.205.226 Main outgoing-interface "ethernet0/2" preshare "clR444+FNgOXE9soBsCTdswH4Fnc1I23+zCsqO/WLkMf7GsrC+XIzbA=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_EGIBPKKA_ISDN" address 0.0.0.0 id "EGIBPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "VIYB64K2NIgGYrsUC8Cno8rIM1n+Sx7ewGCWfCSqe2L7pr4ZaJY26qY=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_EGIBPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_ENSB_SUPPORT_DIALIN" dialup "ENSB_Support_Group" Aggr outgoing-interface "ethernet0/2" preshare "Ie1uh/pMNDkMB0szXACl4EHJYRnrCDflU6uWeStlmoh1FyY01tfgdZ4=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_ENSB_SUPPORT_DIALIN" nat-traversal udp-checksum
|
|
set ike gateway "GW_ENSB_SUPPORT_DIALIN" nat-traversal keepalive-frequency 5
|
|
set ike gateway "GW_ENSB_SUPPORT_DIALIN" xauth
|
|
set ike gateway "GW_ENSB_SUPPORT_DIALIN" xauth server auth-method chap pap
|
|
unset ike gateway "GW_ENSB_SUPPORT_DIALIN" xauth do-edipi-auth
|
|
set ike gateway "GW_JSBLPKKA_ISDN" address 0.0.0.0 id "JSBLPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "8ivbGZfRNeSwpSs8/SCHSP8g6vnBdknvtiQ+SAGeaGsbOXp+f/i5AuM=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_JSBLPKKA_ISDN" nat-traversal udp-checksum
|
|
set ike gateway "GW_JSBLPKKA_ISDN" nat-traversal keepalive-frequency 0
|
|
set ike gateway "GW_JSBLPKKA_LL" address 203.130.1.17 Main outgoing-interface "ethernet0/2" preshare "u5Kd/KmXNvq8IWsHo3C6O9++/cnHXssz5cchVdcCfYCiYqNHZtKuljc=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_SONEPKKA_LL" address 124.29.206.142 Main outgoing-interface "ethernet0/2" preshare "FagThSkwNxy/GYsOrBCIbDmiHCn8gv/ByKSWOWUMb9RxlyG6O9UESSk=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_SONEPKKA_ISDN" address 0.0.0.0 id "SONEPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "cG9mVURhNGf1Ohsc09CkR1wOgrnecAZU6SLoFieAIRDnV0X/+LHubx4=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_SONEPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_UNILPKKA_DRCP_LL" address 103.247.124.141 Main outgoing-interface "ethernet0/2" preshare "+xY6MrF+NRlufwsPozCIXB5ZYuncUo+zfFb1jYnceB9sV9QIrTdzLXo=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_UNILPKKA_DRCP_ISDN" address 0.0.0.0 id "UNILPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "KBlcVkWwNiJ6XAsIp6CPxGotIInlzky3qTwOeBp6HYi+D4p71eIiK0w=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_UNILPKKA_DRCP_ISDN" nat-traversal
|
|
set ike gateway "GW_MEZNPKKA_DR_LL" address 125.209.127.246 Main outgoing-interface "ethernet0/2" preshare "svPPJvR/N+n+1WsAuYCd6t9Js1nIzSwLDiQ5Uyp+WCadXskwdtYdL20=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_NIBPPKKA_LL2" address 115.186.127.22 Main outgoing-interface "ethernet0/2" preshare "gr4PioOaNuzxlosR0ACEOp6XJ6nXOi1yVdwEVYYZtcgQx+3Ew1Al/cM=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_NIBPPKKA_DRCP_LL" address 203.101.168.5 Main outgoing-interface "ethernet0/2" preshare "FiV4MpdnNlwjfYsrN/C2qQ22jnn9Sk6r5Bsgp+tx49/5mIwKwgfwJgI=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_ENSBNOC_LL" address 80.227.254.242 Main outgoing-interface "ethernet0/2" preshare "W5sKIKyNN6WFQXsRtUCAa/gR5onQZJsgP5BbGHEmUmxXXGjgr/mcdN4=" proposal "pre-g2-3des-sha"
|
|
set ike gateway "GW_SAUDPKKA_GWCP_LL" address 58.27.246.186 Main outgoing-interface "ethernet0/2" preshare "zLOt/8MaNxrzdHs1TaCd0dttt1n1WFVYacdi80vZRsH1r5sxQIBOCgI=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_SAUDPKKA_DRCP_LL" address 58.27.246.194 Main outgoing-interface "ethernet0/2" preshare "B+bGtF+BNNCpO/sckcCDos7M0DnSJl3Hxbp+uaNxpWIyXpr20UsHea4=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_SAUDPKKA_ISDN" address 0.0.0.0 id "SAUDPKKA@eastnets.com" Main outgoing-interface "ethernet0/1" preshare "jDQ62kYdNVmwNKs55iCVKrKQ6zn7Puq4Q3+SZUxR4HlJeb3iv+hRj/4=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_SAUDPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_BKIPPKKA_DRCP_LL" address 125.209.120.202 Main outgoing-interface "ethernet0/2" preshare "2tj5qxsjNTnNjWsgDPCclQShSZn7ZPswveGb5fM1O+tdbLjY5IYEq9U=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_BURJPKKA_ISDN" address 0.0.0.0 id "BURJPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "xSdcf0MKNXtm6xsng/CrjbZAZnnS7XsZ2oS3dA+fRoPEHWTvRFFfXdQ=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_BURJPKKA_ISDN" nat-traversal
|
|
set ike gateway "GW_BURJPKKA_DRCP_LL" address 202.147.191.34 Main outgoing-interface "ethernet0/2" preshare "z/fmbgcHNLMQxgsUfFCjhmp0kVnY7kgfTQKPnT/qxoLpku0AilacrRo=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_DUIBPKKA_DRCP_LL" address 202.163.69.3 Main outgoing-interface "ethernet0/2" preshare "chsUuzG3N6tQVSsVtnCLE+sDxOnSqfvlXeCK3z8oBpmJB3iEsU1LgVk=" proposal "pre-g2-3des-md5"
|
|
set ike gateway "GW_DUIBPKKA_DRCP_ISDN" address 0.0.0.0 id "DUIBPKKA@eastnets.com" Aggr outgoing-interface "ethernet0/1" preshare "bbNhzCAsNeCqV2swztCoEkrUDfnRKVpV9n4lStUQF16Yxnn8dWnrjA4=" proposal "pre-g2-3des-md5"
|
|
unset ike gateway "GW_DUIBPKKA_DRCP_ISDN" nat-traversal
|
|
set ike respond-bad-spi 1
|
|
unset ike ikeid-enumeration
|
|
unset ike dos-protection
|
|
unset ipsec access-session enable
|
|
set ipsec access-session maximum 5000
|
|
set ipsec access-session upper-threshold 0
|
|
set ipsec access-session lower-threshold 0
|
|
set ipsec access-session dead-p2-sa-timeout 0
|
|
unset ipsec access-session log-error
|
|
unset ipsec access-session info-exch-connected
|
|
unset ipsec access-session use-error-log
|
|
set xauth default ippool "Default_Pool"
|
|
set vpn "VPN_ENSBDXB" gateway "GW_ENSBDXB" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_ENSBDXB" monitor optimized rekey
|
|
set vpn "VPN_ENSBDXB" id 26 bind interface tunnel.3
|
|
set vpn "VPN_ENSBDXB_ISDN" gateway "GW_ENSBDXB_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_ENSBDXB_ISDN" monitor optimized
|
|
set vpn "VPN_ENSBDXB_ISDN" id 25 bind interface tunnel.4
|
|
set vpn "VPN_PTSAAEAA_LL" gateway "GW_PTSAAEAA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_PTSAAEAA_LL" monitor optimized rekey
|
|
set vpn "VPN_PTSAAEAA_LL" id 4 bind interface tunnel.1
|
|
set vpn "VPN_PTSAAEAA_ISDN" gateway "GW_PTSAAEAA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_PTSAAEAA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_PTSAAEAA_ISDN" id 20 bind interface tunnel.2
|
|
set vpn "VPN_KHYPPKKA_LL" gateway "GW_KHYPPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_KHYPPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_KHYPPKKA_LL" id 31 bind interface tunnel.1
|
|
set vpn "VPN_KHYBPKKA_ISDN" gateway "GW_KHYBPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_KHYBPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_KHYBPKKA_ISDN" id 32 bind interface tunnel.2
|
|
set vpn "VPN_BKIPPKKA_LL" gateway "GW_BKIPPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_BKIPPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_BKIPPKKA_LL" id 33 bind interface tunnel.1
|
|
set vpn "VPN_BKIPPKKA_ISDN" gateway "GW_BKIPPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_BKIPPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_BKIPPKKA_ISDN" id 34 bind interface tunnel.2
|
|
set vpn "VPN_AIINPKKA_LL" gateway "GW_AIINPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_AIINPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_AIINPKKA_LL" id 64 bind interface tunnel.1
|
|
set vpn "VPN_AIINPKKA_ISDN" gateway "GW_AIINPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_AIINPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_AIINPKKA_ISDN" id 36 bind interface tunnel.2
|
|
set vpn "VPN_PLCOPKKA_LL" gateway "GW_PLCOPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_PLCOPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_PLCOPKKA_LL" id 86 bind interface tunnel.1
|
|
set vpn "VPN_PLCOPKKA_ISDN" gateway "GW_PLCOPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_PLCOPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_PLCOPKKA_ISDN" id 39 bind interface tunnel.2
|
|
set vpn "VPN_SUMBPKKA_LL" gateway "GW_SUMBPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_SUMBPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_SUMBPKKA_LL" id 65 bind interface tunnel.1
|
|
set vpn "VPN_SUMBPKKA_ISDN" gateway "GW_SUMBPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_SUMBPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_SUMBPKKA_ISDN" id 41 bind interface tunnel.2
|
|
set vpn "VPN_FAYSPKKA_LL" gateway "GW_FAYSPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_FAYSPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_FAYSPKKA_LL" id 42 bind interface tunnel.1
|
|
set vpn "VPN_FAYSPKKA_ISDN" gateway "GW_FAYSPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_FAYSPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_FAYSPKKA_ISDN" id 43 bind interface tunnel.2
|
|
set vpn "VPN_FDIBPKKA_LL" gateway "GW_FDIBPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_FDIBPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_FDIBPKKA_LL" id 44 bind interface tunnel.1
|
|
set vpn "VPN_FDIBPKKA_ISDN" gateway "GW_FDIBPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_FDIBPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_FDIBPKKA_ISDN" id 45 bind interface tunnel.2
|
|
set vpn "VPN_NIBPPKKA_LL" gateway "GW_NIBPPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_NIBPPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_NIBPPKKA_LL" id 91 bind interface tunnel.1
|
|
set vpn "VPN_NIBPPKKA_ISDN" gateway "GW_NIBPPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_NIBPPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_NIBPPKKA_ISDN" id 47 bind interface tunnel.2
|
|
set vpn "VPN_MEZNPKKA_LL" gateway "GW_MEZNPKKA_LL" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_MEZNPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_MEZNPKKA_LL" id 48 bind interface tunnel.1
|
|
set vpn "VPN_MEZNPKKA_ISDN" gateway "GW_MEZNPKKA_ISDN" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_MEZNPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_MEZNPKKA_ISDN" id 49 bind interface tunnel.2
|
|
set vpn "VPN_FWOMPKKA_LL" gateway "GW_FWOMPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_FWOMPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_FWOMPKKA_LL" id 50 bind interface tunnel.1
|
|
set vpn "VPN_FWOMPKKA_ISDN" gateway "GW_FWOMPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_FWOMPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_FWOMPKKA_ISDN" id 88 bind interface tunnel.2
|
|
set vpn "VPN_FAYSPKKA_DR_LL" gateway "GW_FAYSPKKA_DR_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_FAYSPKKA_DR_LL" monitor optimized rekey
|
|
set vpn "VPN_FAYSPKKA_DR_LL" id 59 bind interface tunnel.1
|
|
set vpn "VPN_ENSB_MGMT_DIALIN" gateway "GW_ENSB_MGMT_DIALIN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_ENSB_MGMT_DIALIN" monitor optimized rekey
|
|
set vpn "VPN_BAHLPKKA_GWCP_LL" gateway "GW_BAHLPKKA_GWCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_BAHLPKKA_GWCP_LL" monitor optimized rekey
|
|
set vpn "VPN_BAHLPKKA_GWCP_LL" id 67 bind interface tunnel.1
|
|
set vpn "VPN_BAHLPKKA_DRCP_LL" gateway "GW_BAHLPKKA_DRCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_BAHLPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_BAHLPKKA_DRCP_LL" id 68 bind interface tunnel.1
|
|
set vpn "VPN_AIINPKKA_DRCP_LL" gateway "GW_AIINPKKA_DRCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_AIINPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_AIINPKKA_DRCP_LL" id 69 bind interface tunnel.1
|
|
set vpn "VPN_AIINPKKA1_LL" gateway "GW_AIINPKKA1_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_AIINPKKA1_LL" monitor optimized rekey
|
|
set vpn "VPN_AIINPKKA1_LL" id 84 bind interface tunnel.1
|
|
set vpn "VPN_EGIBPKKA_ISDN" gateway "GW_EGIBPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_EGIBPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_EGIBPKKA_ISDN" id 71 bind interface tunnel.2
|
|
set vpn "VPN_EN _SUPPORT_DIALIN" gateway "GW_ENSB_SUPPORT_DIALIN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_JSBLPKKA_ISDN" gateway "GW_JSBLPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_JSBLPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_JSBLPKKA_ISDN" id 73 bind interface tunnel.2
|
|
set vpn "VPN_JSBLPKKA_LL" gateway "GW_JSBLPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_JSBLPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_JSBLPKKA_LL" id 111 bind interface tunnel.1
|
|
set vpn "VPN_SONEPKKA_LL" gateway "GW_SONEPKKA_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_SONEPKKA_LL" monitor optimized rekey
|
|
set vpn "VPN_SONEPKKA_LL" id 76 bind interface tunnel.1
|
|
set vpn "VPN_SONEPKKA_ISDN" gateway "GW_SONEPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_SONEPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_SONEPKKA_ISDN" id 81 bind interface tunnel.2
|
|
set vpn "VPN_UNILPKKA_DRCP_LL" gateway "GW_UNILPKKA_DRCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_UNILPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_UNILPKKA_DRCP_LL" id 82 bind interface tunnel.1
|
|
set vpn "VPN_UNILPKKA_DRCP_ISDN" gateway "GW_UNILPKKA_DRCP_ISDN" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_UNILPKKA_DRCP_ISDN" monitor optimized rekey
|
|
set vpn "VPN_UNILPKKA_DRCP_ISDN" id 83 bind interface tunnel.2
|
|
set vpn "VPN_MEZNPKKA_DR_LL" gateway "GW_MEZNPKKA_DR_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_MEZNPKKA_DR_LL" monitor optimized rekey
|
|
set vpn "VPN_MEZNPKKA_DR_LL" id 85 bind interface tunnel.1
|
|
set vpn "VP_NIBPPKKA_LL2" gateway "GW_NIBPPKKA_LL2" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VP_NIBPPKKA_LL2" monitor optimized rekey
|
|
set vpn "VP_NIBPPKKA_LL2" id 87 bind interface tunnel.2
|
|
set vpn "VPN_NIBPPKKA_DRCP_LL" gateway "GW_NIBPPKKA_DRCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_NIBPPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_NIBPPKKA_DRCP_LL" id 89 bind interface tunnel.1
|
|
set vpn "VPN_ENSBNOC_LL" gateway "GW_ENSBNOC_LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
|
|
set vpn "VPN_ENSBNOC_LL" monitor optimized rekey
|
|
set vpn "VPN_ENSBNOC_LL" id 93 bind interface tunnel.5
|
|
set vpn "VPN_SAUDPKKA_GWCP_LL" gateway "GW_SAUDPKKA_GWCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_SAUDPKKA_GWCP_LL" monitor optimized rekey
|
|
set vpn "VPN_SAUDPKKA_GWCP_LL" id 94 bind interface tunnel.1
|
|
set vpn "VPN_SAUDPKKA_DRCP_LL" gateway "GW_SAUDPKKA_DRCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_SAUDPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_SAUDPKKA_DRCP_LL" id 95 bind interface tunnel.1
|
|
set vpn "VPN_SAUDPKKA_ISDN" gateway "GW_SAUDPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_SAUDPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_SAUDPKKA_ISDN" id 96 bind interface tunnel.2
|
|
set vpn "VPN_BKIPPKKA_DRCP_LL" gateway "GW_BKIPPKKA_DRCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_BKIPPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_BKIPPKKA_DRCP_LL" id 98 bind interface tunnel.1
|
|
set vpn "VPN_BURJPKKA_ISDN" gateway "GW_BURJPKKA_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_BURJPKKA_ISDN" monitor optimized rekey
|
|
set vpn "VPN_BURJPKKA_ISDN" id 100 bind interface tunnel.2
|
|
set vpn "VPN_BURJPKKA_DRCP_LL" gateway "GW_BURJPKKA_DRCP_LL" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_BURJPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_BURJPKKA_DRCP_LL" id 108 bind interface tunnel.1
|
|
set vpn "VPN_DUIBPKKA_DRCP_LL" gateway "GW_DUIBPKKA_DRCP_LL" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_DUIBPKKA_DRCP_LL" monitor optimized rekey
|
|
set vpn "VPN_DUIBPKKA_DRCP_LL" id 112 bind interface tunnel.1
|
|
set vpn "VPN_DUIBPKKA_DRCP_ISDN" gateway "GW_DUIBPKKA_DRCP_ISDN" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
|
|
set vpn "VPN_DUIBPKKA_DRCP_ISDN" monitor optimized rekey
|
|
set vpn "VPN_DUIBPKKA_DRCP_ISDN" id 113 bind interface tunnel.2
|
|
set nsrp cluster id 1
|
|
set nsrp rto-mirror sync
|
|
set nsrp rto-mirror session ageout-ack
|
|
set nsrp rto-mirror session non-vsi
|
|
set nsrp vsd-group id 0 priority 100
|
|
set nsrp vsd-group id 0 preempt
|
|
set nsrp vsd-group id 0 monitor interface ethernet0/0
|
|
set nsrp vsd-group id 0 monitor interface ethernet0/2
|
|
set url protocol websense
|
|
exit
|
|
set policy id 13 from "Untrust" to "Trust" "Dial-Up VPN" "NW_ENSBPK" "ANY" tunnel vpn "VPN_EN _SUPPORT_DIALIN" id 72 pair-policy 12 log
|
|
set policy id 13
|
|
set log session-init
|
|
exit
|
|
set policy id 12 from "Trust" to "Untrust" "NW_ENSBPK" "Dial-Up VPN" "ANY" tunnel vpn "VPN_EN _SUPPORT_DIALIN" id 72 pair-policy 13 log
|
|
set policy id 12
|
|
set log session-init
|
|
exit
|
|
set policy id 11 from "Trust" to "Untrust" "NW_ENSBPK" "Dial-Up VPN" "ANY" tunnel vpn "VPN_ENSB_MGMT_DIALIN" id 62 pair-policy 10 log
|
|
set policy id 11
|
|
set log session-init
|
|
exit
|
|
set policy id 10 from "Untrust" to "Trust" "Dial-Up VPN" "NW_ENSBPK" "ANY" tunnel vpn "VPN_ENSB_MGMT_DIALIN" id 62 pair-policy 11 log
|
|
set policy id 10
|
|
set log session-init
|
|
exit
|
|
set policy id 9 from "Untrust" to "Trust" "NW_ENSBPK_CUST_GWCP" "ENSBPK_SAG1" "EN_SAG_Service" permit log
|
|
set policy id 9
|
|
set dst-address "ENSBPK_SAG2"
|
|
exit
|
|
set policy id 16 from "Untrust" to "Trust" "NW_ENSBPK_CUST_DRCP" "ENSBPK_SAG1" "EN_SAG_Service" permit log
|
|
set policy id 16
|
|
set dst-address "ENSBPK_SAG2"
|
|
set log session-init
|
|
exit
|
|
set policy id 15 from "Untrust" to "Trust" "NW_ENSBPK_CUST_DRCP" "ENSBPK_SWP1" "HTTPS" permit log
|
|
set policy id 15
|
|
set src-address "NW_ENSBPK_CUST_GWCP"
|
|
set service "ICMP-ANY"
|
|
set service "SWP_TCP48600"
|
|
set log session-init
|
|
exit
|
|
set policy id 7 from "Untrust" to "Untrust" "Any" "NW_ENSBDXB" "EN_SAG_Service" permit log
|
|
set policy id 7
|
|
exit
|
|
set policy id 2 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log
|
|
set policy id 2
|
|
exit
|
|
set policy id 6 from "Trust" to "Untrust" "Any" "NW_ENSBDXB" "EN_SAG_Service" permit log
|
|
set policy id 6 disable
|
|
set policy id 6
|
|
exit
|
|
set policy id 8 from "Trust" to "Untrust" "Any" "NW_ENSBDXB" "ANY" deny log
|
|
set policy id 8 disable
|
|
set policy id 8
|
|
exit
|
|
set policy id 5 from "Untrust" to "Trust" "NWG_DXB_MGMT" "Any" "ANY" permit log
|
|
set policy id 5
|
|
exit
|
|
set policy id 14 from "Untrust" to "Trust" "NW_NOC" "NW_ENSBPK" "ANY" permit log
|
|
set policy id 14
|
|
exit
|
|
set policy id 4 from "Untrust" to "Global" "Any" "Any" "ANY" permit log
|
|
set policy id 4
|
|
exit
|
|
set policy id 1 from "Untrust" to "Untrust" "Any" "Any" "ANY" permit log
|
|
set policy id 1
|
|
exit
|
|
set policy id 3 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log
|
|
set policy id 3 disable
|
|
set policy id 3
|
|
exit
|
|
set nsmgmt bulkcli reboot-timeout 60
|
|
set ssh version v2
|
|
set ssh enable
|
|
set config lock timeout 5
|
|
set ssl port 2443
|
|
set snmp port listen 161
|
|
set snmp port trap 162
|
|
set vrouter "untrust-vr"
|
|
exit
|
|
set vrouter "trust-vr"
|
|
unset add-default-route
|
|
set route 0.0.0.0/0 interface ethernet0/2 gateway 202.63.216.17
|
|
set route 10.82.0.0/16 interface ethernet0/0 gateway 192.168.246.9 preference 20 permanent
|
|
set route 192.168.207.0/24 interface ethernet0/1 gateway 192.168.247.1 preference 20 permanent
|
|
set route 10.95.115.0/24 interface ethernet0/1 gateway 192.168.247.1 preference 20
|
|
set route 172.22.0.0/28 interface tunnel.1 gateway 10.10.0.200 preference 20
|
|
set route 172.22.0.0/28 interface tunnel.2 gateway 10.20.0.200 preference 20 metric 10
|
|
set route 192.168.206.0/24 interface tunnel.3 gateway 10.30.0.10 preference 20
|
|
set route 192.168.206.0/24 interface tunnel.4 gateway 10.30.0.139 preference 20 metric 10
|
|
set route 172.22.0.64/26 interface tunnel.1 gateway 10.10.0.100 preference 20
|
|
set route 172.22.0.64/26 interface tunnel.2 gateway 10.20.0.100 preference 20 metric 10
|
|
set route 172.22.0.128/26 interface tunnel.1 gateway 10.10.0.105 preference 20
|
|
set route 172.22.0.128/26 interface tunnel.2 gateway 10.20.0.105 preference 20 metric 10
|
|
set route 172.22.0.192/26 interface tunnel.1 gateway 10.10.0.110 preference 20
|
|
set route 172.22.0.192/26 interface tunnel.2 gateway 10.20.0.110 preference 20 metric 10
|
|
set route 172.22.1.192/26 interface tunnel.1 gateway 10.10.0.130 preference 20
|
|
set route 172.22.1.192/26 interface tunnel.2 gateway 10.20.0.130 preference 20 metric 10
|
|
set route 172.22.1.128/26 interface tunnel.1 gateway 10.10.0.125 preference 20
|
|
set route 172.22.1.128/26 interface tunnel.2 gateway 10.20.0.125 preference 20 metric 10
|
|
set route 172.22.1.64/26 interface tunnel.1 gateway 10.10.0.120 preference 20
|
|
set route 172.22.1.64/26 interface tunnel.2 gateway 10.20.0.120 preference 20 metric 10
|
|
set route 172.22.1.0/26 interface tunnel.1 gateway 10.10.0.115 preference 20
|
|
set route 172.22.1.0/26 interface tunnel.2 gateway 10.20.0.115 preference 20 metric 10
|
|
set route 172.22.2.64/26 interface tunnel.1 gateway 10.10.0.140 preference 20
|
|
set route 172.22.2.64/26 interface tunnel.2 gateway 10.20.0.140 preference 20 metric 10
|
|
set route 172.22.2.192/26 interface tunnel.1 gateway 10.10.0.150 preference 20
|
|
set route 172.22.2.192/26 interface tunnel.2 gateway 10.20.0.150 preference 20 metric 10
|
|
set route 172.22.2.128/26 interface tunnel.1 gateway 10.10.0.145 preference 20
|
|
set route 172.22.2.128/26 interface tunnel.2 gateway 10.20.0.145 preference 20 metric 10
|
|
set route 172.22.3.64/26 interface tunnel.1 gateway 10.10.0.160 preference 20
|
|
set route 172.22.2.0/26 interface tunnel.1 gateway 10.10.0.135 preference 20
|
|
set route 172.22.3.0/26 interface tunnel.1 gateway 10.10.0.155 preference 20
|
|
set route 172.22.3.128/26 interface tunnel.1 gateway 10.10.0.170 preference 20
|
|
set route 172.22.4.64/26 interface tunnel.1 gateway 10.10.0.175 preference 20
|
|
set route 172.22.5.0/26 interface tunnel.1 gateway 10.10.0.185 preference 20
|
|
set route 172.22.5.0/26 interface tunnel.2 gateway 10.20.0.185 preference 20 metric 10
|
|
set route 172.22.4.64/26 interface tunnel.2 gateway 10.20.0.175 preference 20 metric 10
|
|
set route 172.22.3.128/26 interface tunnel.2 gateway 10.20.0.170 preference 20 metric 10
|
|
set route 172.22.3.192/26 interface tunnel.1 gateway 10.10.0.165
|
|
set route 172.22.3.192/26 interface tunnel.2 gateway 10.20.0.165 metric 10 permanent
|
|
set route 172.22.4.128/26 interface tunnel.1 gateway 10.10.0.180 preference 20
|
|
set route 172.22.4.128/26 interface tunnel.2 gateway 10.20.0.180 preference 20 metric 10
|
|
set route 172.22.5.64/26 interface tunnel.1 gateway 10.10.0.195 preference 20
|
|
set route 172.22.5.128/26 interface tunnel.1 gateway 10.10.0.200 preference 20
|
|
set route 192.168.196.0/24 interface tunnel.5 gateway 10.40.0.20 preference 20
|
|
set route 172.22.6.0/26 interface tunnel.1 gateway 10.10.0.210 preference 20
|
|
set route 172.22.7.0/26 interface tunnel.1 gateway 10.10.0.235 preference 20
|
|
set route 172.22.7.0/26 interface tunnel.2 gateway 10.20.0.235 preference 20 metric 20
|
|
exit
|
|
set vrouter "untrust-vr"
|
|
exit
|
|
set vrouter "trust-vr"
|
|
exit
|