
root@mnt-mnt-srx345> show configuration | display set | no-more
set version 21.2R3-S3.5
set system host-name mnt-mnt-srx345
set system root-authentication encrypted-password "---"
set system login user test uid 2000
set system login user test class super-user
set system login user test authentication encrypted-password "$---"
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services ssh port 22
set system services netconf ssh
set system services dhcp-local-server group jdhcp-group interface fxp0.0
set system services dhcp-local-server group jdhcp-group interface irb.0
deactivate system services dhcp-local-server
set system services web-management http port 10888
set system services web-management http interface ge-0/0/0.0
set system services web-management https port 4433
set system services web-management https pki-local-certificate mnt
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any notice
set system syslog file messages authorization info
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
deactivate system license
set system phone-home server https://redirect.juniper.net
set system phone-home rfc-compliant
deactivate system phone-home
set services ssl termination profile SSL-term-profile server-certificate mnt
set security ike proposal test-RA-VPN authentication-method pre-shared-keys
set security ike proposal test-RA-VPN dh-group group19
set security ike proposal test-RA-VPN authentication-algorithm sha-256
set security ike proposal test-RA-VPN encryption-algorithm aes-256-cbc
set security ike proposal test-RA-VPN lifetime-seconds 28800
set security ike policy test-RA-VPN mode aggressive
set security ike policy test-RA-VPN proposals test-RA-VPN
set security ike policy test-RA-VPN pre-shared-key ascii-text "$--"
set security ike gateway test-RA-VPN ike-policy test-RA-VPN
set security ike gateway test-RA-VPN dynamic user-at-hostname "user@mnt.com"
set security ike gateway test-RA-VPN dynamic ike-user-type shared-ike-id
set security ike gateway test-RA-VPN dead-peer-detection optimized
set security ike gateway test-RA-VPN dead-peer-detection interval 10
set security ike gateway test-RA-VPN dead-peer-detection threshold 5
set security ike gateway test-RA-VPN local-identity inet 2.132.62.200
set security ike gateway test-RA-VPN external-interface ge-0/0/0
set security ike gateway test-RA-VPN local-address 192.168.1.3
set security ike gateway test-RA-VPN aaa access-profile Juniper_secure_connect
set security ike gateway test-RA-VPN version v1-only
set security ike gateway test-RA-VPN tcp-encap-profile SSL-RA-VPN
set security ipsec proposal test-RA-VPN protocol esp
set security ipsec proposal test-RA-VPN encryption-algorithm aes-256-gcm
set security ipsec proposal test-RA-VPN lifetime-seconds 3600
set security ipsec policy test-RA-VPN perfect-forward-secrecy keys group19
set security ipsec policy test-RA-VPN proposals test-RA-VPN
set security ipsec vpn test-RA-VPN bind-interface st0.0
set security ipsec vpn test-RA-VPN df-bit clear
set security ipsec vpn test-RA-VPN copy-outer-dscp
set security ipsec vpn test-RA-VPN ike gateway test-RA-VPN
set security ipsec vpn test-RA-VPN ike ipsec-policy test-RA-VPN
set security ipsec vpn test-RA-VPN traffic-selector ts-1 local-ip 192.168.141.0/24
set security ipsec vpn test-RA-VPN traffic-selector ts-1 remote-ip 0.0.0.0/0
set security ipsec vpn test-RA-VPN traffic-selector ts-2 local-ip 192.168.142.0/24
set security ipsec vpn test-RA-VPN traffic-selector ts-2 remote-ip 0.0.0.0/0
set security ipsec vpn test-RA-VPN traffic-selector ts-3 local-ip 192.168.143.0/24
set security ipsec vpn test-RA-VPN traffic-selector ts-3 remote-ip 0.0.0.0/0
set security ipsec vpn test-RA-VPN traffic-selector ts-4 local-ip 192.168.144.0/24
set security ipsec vpn test-RA-VPN traffic-selector ts-4 remote-ip 0.0.0.0/0
set security address-book global address Infodiode-141 192.168.141.0/24
set security address-book global address Infodiode-142 192.168.142.0/24
set security address-book global address Infodiode-143 192.168.143.0/24
set security address-book global address Infodiode-144 192.168.144.0/24
set security remote-access profile test-RA-VPN ipsec-vpn test-RA-VPN
set security remote-access profile test-RA-VPN access-profile Juniper_secure_connect
set security remote-access profile test-RA-VPN client-config test-RA-VPN
set security remote-access client-config test-RA-VPN connection-mode manual
set security remote-access client-config test-RA-VPN dead-peer-detection interval 60
set security remote-access client-config test-RA-VPN dead-peer-detection threshold 5
set security remote-access default-profile test-RA-VPN
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood mntrm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat source rule-set test-RA-VPN from zone VPN
set security nat source rule-set test-RA-VPN to zone untrust
set security nat source rule-set test-RA-VPN rule test-RA-VPN match source-address 0.0.0.0/0
set security nat source rule-set test-RA-VPN rule test-RA-VPN then source-nat interface
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 match source-address Infodiode-141
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 match source-address Infodiode-142
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 match source-address Infodiode-143
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 match source-address Infodiode-144
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 match destination-address any
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 match application any
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 then permit
set security policies from-zone trust to-zone VPN policy test-RA-VPN-1 then log session-close
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 match source-address any
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 match destination-address Infodiode-141
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 match destination-address Infodiode-142
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 match destination-address Infodiode-143
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 match destination-address Infodiode-144
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 match application any
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 then permit
set security policies from-zone VPN to-zone trust policy test-RA-VPN-2 then log session-close
set security policies pre-id-default-policy then log session-close
set security tcp-encap profile SSL-RA-VPN ssl-profile SSL-term-profile
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces irb.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tftp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ike
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tcp-encap
set security zones security-zone VPN interfaces st0.0 host-inbound-traffic system-services ping
set interfaces ge-0/0/0 description Uplink
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.3/24
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/15 unit 0 family inet dhcp vendor-id Juniper-srx345
set interfaces cl-1/0/0 dialer-options pool 1 priority 100
set interfaces dl0 unit 0 family inet negotiate-address
set interfaces dl0 unit 0 family inet6 negotiate-address
set interfaces dl0 unit 0 dialer-options pool 1
set interfaces dl0 unit 0 dialer-options dial-string 1234
set interfaces dl0 unit 0 dialer-options always-on
set interfaces irb unit 0 family inet address 192.168.2.1/24
set interfaces irb unit 141 family inet address 192.168.141.1/24
set interfaces irb unit 142 family inet address 192.168.142.1/24
set interfaces irb unit 143 family inet address 192.168.143.1/24
set interfaces irb unit 144 family inet address 192.168.144.1/24
set interfaces st0 unit 0 family inet
set access profile Juniper_secure_connect client test1 firewall-user password "$9$OfnNISlevWx-wcylMLxsYHqmP5Q69A1EcDitu0BEh"
set access profile Juniper_secure_connect address-assignment pool RA-VPN-Pool
set access address-assignment pool junosDHCPPool2 family inet network 192.168.2.0/24
set access address-assignment pool junosDHCPPool2 family inet range junosRange low 192.168.2.2
set access address-assignment pool junosDHCPPool2 family inet range junosRange high 192.168.2.254
set access address-assignment pool junosDHCPPool2 family inet dhcp-attributes router 192.168.2.1
set access address-assignment pool junosDHCPPool2 family inet dhcp-attributes propagate-settings ge-0/0/0.0
set access address-assignment pool RA-VPN-Pool family inet network 192.168.110.0/24
set access address-assignment pool RA-VPN-Pool family inet xauth-attributes primary-dns 8.8.8.8/32
set access firewall-authentication web-authentication default-profile Juniper_secure_connect
set vlans v141-idiod vlan-id 141
set vlans v141-idiod l3-interface irb.141
set vlans v142-idiod vlan-id 142
set vlans v142-idiod l3-interface irb.142
set vlans v143-idiod vlan-id 143
set vlans v143-idiod l3-interface irb.143
set vlans v144-idiod vlan-id 144
set vlans v144-idiod l3-interface irb.144
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface irb.0
set protocols l2-learning global-mode switching
set protocols rstp interface all
set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1