set security log mode event set security ike proposal vpn_ike_1 authentication-method pre-shared-keys set security ike proposal vpn_ike_1 dh-group group2 set security ike proposal vpn_ike_1 authentication-algorithm md5 set security ike proposal vpn_ike_1 encryption-algorithm 3des-cbc set security ike proposal vpn_ike_2 authentication-method pre-shared-keys set security ike proposal vpn_ike_2 dh-group group2 set security ike proposal vpn_ike_2 authentication-algorithm md5 set security ike proposal vpn_ike_2 encryption-algorithm des-cbc set security ike proposal vpn_ike_3 authentication-method pre-shared-keys set security ike proposal vpn_ike_3 dh-group group2 set security ike proposal vpn_ike_3 authentication-algorithm sha1 set security ike proposal vpn_ike_3 encryption-algorithm 3des-cbc set security ike proposal vpn_ike_4 authentication-method pre-shared-keys set security ike proposal vpn_ike_4 dh-group group2 set security ike proposal vpn_ike_4 authentication-algorithm sha1 set security ike proposal vpn_ike_4 encryption-algorithm des-cbc set security ike proposal MM_vpn_ike_p1_propsal authentication-method pre-shared -keys set security ike proposal MM_vpn_ike_p1_propsal dh-group group2 set security ike proposal MM_vpn_ike_p1_propsal authentication-algorithm md5 set security ike proposal MM_vpn_ike_p1_propsal encryption-algorithm 3des-cbc set security ike policy IKE_Policy mode main set security ike policy IKE_Policy proposals MM_vpn_ike_p1_propsal set security ike policy IKE_Policy pre-shared-key ascii-text "$9$KomvXN-dwgaUVwQn6/tpWLx7-w" set security ike policy ike_Policy2 mode main set security ike policy ike_Policy2 proposals vpn_ike_1 set security ike policy ike_Policy2 proposals vpn_ike_2 set security ike policy ike_Policy2 proposals vpn_ike_3 set security ike policy ike_Policy2 proposals vpn_ike_4 set security ike policy ike_Policy2 pre-shared-key ascii-text "$9$nf956t0OBRSlM1Rs4oaUD9ApuOR" set security ike gateway MM_MCO ike-policy IKE_Policy set security ike gateway MM_MCO address 1.1.1.1 set security ike gateway MM_MCO dead-peer-detection always-send set security ike gateway MM_MCO external-interface fe-0/0/7.0 set security ike gateway MM_NP ike-policy ike_Policy2 set security ike gateway MM_NP address 2.3.4.1 set security ike gateway MM_NP dead-peer-detection always-send set security ike gateway MM_NP external-interface fe-0/0/7.0 set security ipsec proposal vpn_ike_1 protocol esp set security ipsec proposal vpn_ike_1 authentication-algorithm hmac-md5-96 set security ipsec proposal vpn_ike_1 encryption-algorithm 3des-cbc set security ipsec proposal vpn_ike_2 protocol esp set security ipsec proposal vpn_ike_2 authentication-algorithm hmac-md5-96 set security ipsec proposal vpn_ike_2 encryption-algorithm des-cbc set security ipsec proposal vpn_ike_3 protocol esp set security ipsec proposal vpn_ike_3 authentication-algorithm hmac-sha1-96 set security ipsec proposal vpn_ike_3 encryption-algorithm 3des-cbc set security ipsec proposal vpn_ike_4 protocol esp set security ipsec proposal vpn_ike_4 authentication-algorithm hmac-sha1-96 set security ipsec proposal vpn_ike_4 encryption-algorithm des-cbc set security ipsec policy IPSec_Policy perfect-forward-secrecy keys group2 set security ipsec policy IPSec_Policy proposals vpn_ike_1 set security ipsec policy IPSec_Policy proposals vpn_ike_2 set security ipsec policy IPSec_Policy proposals vpn_ike_3 set security ipsec policy IPSec_Policy proposals vpn_ike_4 set security ipsec vpn MM_MCO_VPN ike gateway MM_MCO set security ipsec vpn MM_MCO_VPN ike ipsec-policy IPSec_Policy set security ipsec vpn MM_MCO_VPN establish-tunnels immediately set security ipsec vpn MM_NP_VPN ike gateway MM_NP set security ipsec vpn MM_NP_VPN ike ipsec-policy IPSec_Policy set security ipsec vpn MM_NP_VPN establish-tunnels immediately set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security nat source rule-set NAT_Internet from zone Internal set security nat source rule-set NAT_Internet to zone Internet set security nat source rule-set NAT_Internet rule Source_NAT_Trust_Any match source-address 0.0.0.0/0 set security nat source rule-set NAT_Internet rule Source_NAT_Trust_Any match destination-address 0.0.0.0/0 set security nat source rule-set NAT_Internet rule Source_NAT_Trust_Any then source-nat interface set security nat source rule-set NAT_Internet rule Source_NO_NAT match source-address 192.168.8.0/24 set security nat source rule-set NAT_Internet rule Source_NO_NAT match destination-address 10.10.1.0/28 set security nat source rule-set NAT_Internet rule Source_NO_NAT match destination-address 172.25.10.0/23 set security nat source rule-set NAT_Internet rule Source_NO_NAT then source-nat off set security nat static rule-set RS from zone Internet set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN match source-address local-net set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN match destination-address MCO_LAN_Seg set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN match application any set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then permit tunnel ipsec-vpn MM_MCO_VPN set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then permit tunnel pair-policy MCO_MM_VPN set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then log session-init set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then log session-close set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN match source-address local-net set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN match destination-address MCO_ISA_Seg set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN match application any set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN then permit tunnel ipsec-vpn MM_MCO_VPN set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN then log session-init set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN then log session-close set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match source-address TRUPOS001 set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match source-address TRUPOS002 set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match source-address TRUPOS005 set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match destination-address any set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application Teamviewer set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application teamviewer-udp set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-http set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-https set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-dns-udp set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-dns-tcp set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 then permit deactivate security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 set security policies from-zone Internal to-zone Internet policy Services match source-address any set security policies from-zone Internal to-zone Internet policy Services match destination-address any set security policies from-zone Internal to-zone Internet policy Services match application IBS set security policies from-zone Internal to-zone Internet policy Services match application junos-ms-sql set security policies from-zone Internal to-zone Internet policy Services match application junos-sqlnet-v1 set security policies from-zone Internal to-zone Internet policy Services match application junos-sqlnet-v2 set security policies from-zone Internal to-zone Internet policy Services match application RDP-UDP set security policies from-zone Internal to-zone Internet policy Services match application RDP set security policies from-zone Internal to-zone Internet policy Services match application junos-ping set security policies from-zone Internal to-zone Internet policy Services match application junos-icmp-ping set security policies from-zone Internal to-zone Internet policy Services match application junos-icmp-all set security policies from-zone Internal to-zone Internet policy Services then permit set security policies from-zone Internal to-zone Internet policy Services then log session-init set security policies from-zone Internal to-zone Internet policy Services then log session-close set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUBO003 set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUBO001 set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUBO002 set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address Dell set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUServer set security policies from-zone Internal to-zone Internet policy Allow_HTTP match destination-address any set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-http set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-https set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-dns-udp set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-dns-tcp set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-icmp-all set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-icmp-ping set security policies from-zone Internal to-zone Internet policy Allow_HTTP then permit set security policies from-zone Internal to-zone Internet policy Allow_HTTP then log session-init set security policies from-zone Internal to-zone Internet policy Allow_HTTP then log session-close set security policies from-zone Internal to-zone Internet policy MM_NP match source-address local-net set security policies from-zone Internal to-zone Internet policy MM_NP match destination-address NP_LAN_Seg set security policies from-zone Internal to-zone Internet policy MM_NP match application any set security policies from-zone Internal to-zone Internet policy MM_NP then permit tunnel ipsec-vpn MM_NP_VPN deactivate security policies from-zone Internal to-zone Internet policy MM_NP set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match source-address MCO_LAN_Seg set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match destination-address local-net set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match application any set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then permit tunnel ipsec-vpn MM_MCO_VPN set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then permit tunnel pair-policy MM_MCO_VPN set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-init set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-close set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match source-address MCO_ISA_Seg set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match destination-address local-net set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match application any set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then permit tunnel ipsec-vpn MM_MCO_VPN set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then log session-init set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then log session-close set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match source-address any set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match destination-address TRUPOS001 set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match destination-address TRUPOS002 set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match destination-address TRUPOS005 set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application Teamviewer set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application teamviewer-udp set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-http set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-https set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-dns-udp set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-dns-tcp set security policies from-zone Internet to-zone Internal policy Allow_teamviewer then permit set security policies from-zone Internet to-zone Internal policy Allow_teamviewer then log session-init set security policies from-zone Internet to-zone Internal policy Allow_teamviewer then log session-close deactivate security policies from-zone Internet to-zone Internal policy Allow_te set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-icmp-ping set security policies from-zone Internet to-zone Internal policy Allow_Services then permit set security policies from-zone Internet to-zone Internal policy Allow_Services then log session-init set security policies from-zone Internet to-zone Internal policy Allow_Services then log session-close set security policies from-zone Internet to-zone Internal policy NP_MM match source-address NP_LAN_Seg set security policies from-zone Internet to-zone Internal policy NP_MM match destination-address local-net set security policies from-zone Internet to-zone Internal policy NP_MM match application any set security policies from-zone Internet to-zone Internal policy NP_MM then permit tunnel ipsec-vpn MM_NP_VPN set security policies from-zone Internet to-zone Internal policy NP_MM then log session-init set security policies from-zone Internet to-zone Internal policy NP_MM then log session-close deactivate security policies from-zone Internet to-zone Internal policy NP_MM set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match source-address any set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match destination-address any set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match application any set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then deny set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then log session-init set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then log session-close set security zones security-zone Internal host-inbound-traffic system-services all set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services all set security zones security-zone Internal interfaces fe-0/0/1.0 host-inbound-traffic system-services all set security zones security-zone Internal interfaces fe-0/0/0.0 set security zones security-zone Internal interfaces fe-0/0/2.0 set security zones security-zone Internal interfaces fe-0/0/3.0 set security zones security-zone Internet address-book address MCO_ISA_Seg 10.10.1.0/28 set security zones security-zone Internet host-inbound-traffic system-services all set security zones security-zone Internet interfaces fe-0/0/7.0 host-inbound-traffic system-services all set security zones security-zone VPN host-inbound-traffic system-services all set applications application RDP protocol tcp set applications application RDP source-port 0-65535 set applications application RDP destination-port 3389-3389 set applications application IBS protocol udp set applications application IBS destination-port 1433-1433 set applications application RDP-UDP protocol udp set applications application RDP-UDP destination-port 3389 set applications application Teamviewer protocol tcp set applications application Teamviewer source-port 0-65535 set applications application Teamviewer destination-port 80-5938 set applications application teamviewer-udp protocol udp set applications application teamviewer-udp destination-port 80-5938 set vlans vlan1 vlan-id 3 set vlans vlan1 l3-interface vlan.1