## Last changed: 2014-02-14 10:39:11 CST version 11.4R10.3; system { host-name srx-poteau; time-zone America/Chicago; root-authentication { encrypted-password ""; ## SECRET-DATA } name-server { 164.58.253.10; 8.8.8.8; } services { web-management { http { interface ge-0/0/1.0; } } dhcp { pool 172.16.0.0/22 { address-range low 172.16.3.1 high 172.16.3.50; name-server { 164.58.253.10; } router { 172.16.0.1; } } } } ntp { server 96.226.123.157 prefer; } } interfaces { ge-0/0/0 { unit 0 { family inet { address 164.58.206.2/25 { primary; preferred; } address 164.58.158.2/24; } } } ge-0/0/1 { unit 0 { family inet { address 172.16.0.1/22; } } } st0 { unit 0 { family inet; } } } routing-options { static { route 0.0.0.0/0 next-hop 164.58.206.1; route 192.168.0.0/16 next-hop st0.0; } } security { ike { policy ike-poteau-sallisaw { mode aggressive; proposal-set compatible; pre-shared-key ascii-text "$9$JiZHmTz3n/tQFCuO1yrws24aGkqPF39jH"; ## SECRET-DATA } gateway gw-poteau-sallisaw { ike-policy ike-poteau-sallisaw; address 164.58.181.2; external-interface ge-0/0/0.0; } } ipsec { policy ipsec-poteau-sallisaw { proposal-set compatible; } vpn poteau-sallisaw { bind-interface st0.0; ike { gateway gw-poteau-sallisaw; ipsec-policy ipsec-poteau-sallisaw; } establish-tunnels immediately; } } address-book { global { address alpha-iLO 172.16.0.3/32; address beta-iLO 172.16.0.4/32; address alpha-old 172.16.0.6/32; address alpha 172.16.0.17/32; address beta 172.16.0.18/32; address jics-px 172.16.0.19/32; address fifty 172.16.0.50/32; address servers 172.16.0.10/32; } } nat { source { rule-set nat-172 { from zone trust; to zone untrust; rule nat-172 { match { source-address 172.16.0.0/16; } then { source-nat { interface; } } } } } static { rule-set nat { from zone untrust; rule nat-206-10 { match { destination-address 164.58.206.10/32; } then { static-nat { prefix { 172.16.0.10/32; } } } } rule nat-158-50 { match { destination-address 164.58.158.50/32; } then { static-nat { prefix { 172.16.0.50/32; } } } } } } proxy-arp { interface ge-0/0/0.0 { address { 164.58.206.10/32; 164.58.158.50/32; } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone vpn { policy trust-to-vpn { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone vpn to-zone trust { policy vpn-to-trust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy nat-206-10 { match { source-address any; destination-address servers; application any; } then { permit; } } policy nat-158-50 { match { source-address any; destination-address fifty; application any; } then { permit; } } } } zones { security-zone untrust { host-inbound-traffic { system-services { ping; ike; } } interfaces { ge-0/0/0.0; } } security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/1.0; } } security-zone vpn { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { st0.0; } } } }