Router# Router# Router# Router# Router# Router# Router1841#sh run Building configuration... Current configuration : 1551 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! dot11 syslog ip cef ! ! ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! multilink bundle-name authenticated ! ! username badar privilege 15 password 0 cisco ! ! crypto isakmp policy 10 authentication pre-share group 2 lifetime 3600 crypto isakmp key 6 123456789 address 2.2.2.1 crypto isakmp keepalive 10 ! ! crypto ipsec transform-set test esp-3des esp-sha-hmac ! crypto ipsec profile VTI set transform-set test ! ! archive log config hidekeys ! ! ! ! ! interface Tunnel0 ip address 10.1.1.2 255.255.255.0 ip mtu 1400 tunnel source 2.2.2.2 tunnel destination 2.2.2.1 tunnel mode ipsec ipv4 tunnel protection ipsec profile VTI ! interface FastEthernet0/0 ip address 192.168.2.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 2.2.2.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! router ospf 1 log-adjacency-changes redistribute connected network 10.1.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 0 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.1.1.1 ! ! ip http server no ip http secure-server ! ! ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end Router# Router# Router# Router# Router# Router# Router# Router# Router# Router# Router# Router# Router# login: login: login: netscreen password: SSG550-> SSG550-> SSG550-> SSG550-> SSG550-> get config Total Config size 5477: set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export set protocol ospf set enable exit exit set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn" set admin auth timeout 10 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "DMZ" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet0/0" zone "Trust" set interface "ethernet0/1" zone "Trust" set interface "ethernet0/2" zone "Untrust" set interface "tunnel.1" zone "Untrust" set interface "loopback.1" zone "Trust" set interface "loopback.2" zone "Trust" set interface ethernet0/0 ip 192.168.1.1/24 set interface ethernet0/0 route unset interface vlan1 ip set interface ethernet0/1 ip 1.2.3.2/30 set interface ethernet0/1 nat set interface ethernet0/2 ip 2.2.2.1/24 set interface ethernet0/2 route set interface loopback.1 ip 10.1.20.0/24 set interface loopback.1 nat set interface loopback.2 ip 192.168.10.254/24 set interface loopback.2 nat set interface tunnel.1 ip 10.1.1.1/24 set interface tunnel.1 mtu 1400 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet0/0 ip manageable set interface ethernet0/1 ip manageable set interface ethernet0/2 ip manageable set interface loopback.1 ip manageable set interface loopback.2 ip manageable set interface ethernet0/0 manage mtrace set interface ethernet0/1 manage mtrace set interface ethernet0/2 manage ping set interface ethernet0/2 manage telnet set interface ethernet0/2 manage web unset flow no-tcp-seq-check set flow tcp-syn-check unset flow tcp-syn-bit-check set flow reverse-route clear-text prefer set flow reverse-route tunnel always set pki authority default scep mode "auto" set pki x509 default cert-path partial set address "Trust" "192.168.1.0/24" 192.168.1.0 255.255.255.0 set address "Trust" "2.2.2.1/32" 2.2.2.1 255.255.255.255 set address "Untrust" "192.168.2.0/24" 192.168.2.0 255.255.255.0 set address "Untrust" "2.2.2.2/32" 2.2.2.2 255.255.255.255 set ike gateway "to cisco" address 2.2.2.2 Main outgoing-interface "ethernet0/2" preshare "ZVlHvqCtNcmMBZsDRICAURUag2nKme/GUQ==" sec-level compatible set ike gateway "to cisco" cert peer-ca-hash 48B76449F3D5FEFA1133AA805E420F0FCA643651 set ike respond-bad-spi 1 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set vpn "cisco" gateway "to cisco" no-replay tunnel idletime 0 sec-level compatible set vpn "cisco" monitor rekey set vpn "cisco" id 6 bind interface tunnel.1 set vrouter "untrust-vr" exit set vrouter "trust-vr" exit set url protocol websense exit set anti-spam profile ns-profile set sbl default-server enable exit set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log --- more ---              set policy id 1 set log session-init exit set policy id 2 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log set policy id 2 set log session-init exit set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set config lock timeout 5 unset license-key auto-update set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 0.0.0.0/0 gateway 10.1.1.2 set route 192.168.2.24/0 interface tunnel.1 gateway 10.1.1.2 preference 20 exit set interface ethernet0/0 protocol ospf area 0.0.0.0 set interface ethernet0/0 protocol ospf enable set interface ethernet0/0 protocol ospf cost 1 set interface ethernet0/1 protocol ospf area 0.0.0.0 set interface ethernet0/1 protocol ospf enable set interface ethernet0/1 protocol ospf retransmit-interval 5 set interface tunnel.1 protocol ospf area 0.0.0.0 set interface tunnel.1 protocol ospf enable set interface tunnel.1 protocol ospf cost 10 set interface loopback.1 protocol ospf area 0.0.0.0 set interface loopback.1 protocol ospf enable set interface loopback.1 protocol ospf retransmit-interval 5 set interface loopback.1 protocol ospf cost 1 set interface loopback.2 protocol ospf area 0.0.0.0 set interface loopback.2 protocol ospf enable set interface loopback.2 protocol ospf retransmit-interval 5 set interface loopback.2 protocol ospf cost 1 set vrouter "untrust-vr" exit set vrouter "trust-vr" exit SSG550-> SSG550-> SSG550-> SSG550-> SSG550-> SSG550-> SSG550-> SSG550->