security {
    ike {
        traceoptions {
            file kmd size 1024768 files 10;
            flag all;
        }
        proposal ike-prop-vpn-60c3d501-1 {
            authentication-method pre-shared-keys;
            dh-group group2;
            authentication-algorithm sha1;
            encryption-algorithm aes-128-cbc;
            lifetime-seconds 28800;
        }
        proposal ike-prop-vpn-60c3d501-2 {
            authentication-method pre-shared-keys;
            dh-group group2;
            authentication-algorithm sha1;
            encryption-algorithm aes-128-cbc;
            lifetime-seconds 28800;
        }
        policy ike-pol-vpn-60c3d501-1 {
            mode main;
            proposals ike-prop-vpn-60c3d501-1;
            pre-shared-key ascii-text "$9$QPwDF9tIRcSlvcys2oaHk5Tznturlvx7dhSsgaJjin/CABIRhSlvW36hreM7Ns24JDkQz6Ct0bsP5Fnpu7NdwoJQF6AuBIE"; ## SECRET-DATA
        }
        policy ike-pol-vpn-60c3d501-2 {
            mode main;
            proposals ike-prop-vpn-60c3d501-2;
            pre-shared-key ascii-text "$9$c3ZrlvLxdbs4mfnCt0IRvWLXbs2gaH.fYgjq.fF3cyrKL7YgoikPVwaUHqQzyreM87db2oJDp0IhylXx24aZjkQz6CpBEc"; ## SECRET-DATA
        }
        gateway gw-vpn-60c3d501-1 {
            ike-policy ike-pol-vpn-60c3d501-1;
            address 52.87.109.64;
            dead-peer-detection;
            external-interface ge-0/0/0.0;
        }
        gateway gw-vpn-60c3d501-2 {
            ike-policy ike-pol-vpn-60c3d501-2;
            address 52.206.202.16;
            dead-peer-detection;
            external-interface ge-0/0/0.0;
        }
    }
    ipsec {
        proposal ipsec-prop-vpn-60c3d501-1 {
            protocol esp;
            authentication-algorithm hmac-sha1-96;
            encryption-algorithm aes-128-cbc;
            lifetime-seconds 3600;
        }
        proposal ipsec-prop-vpn-60c3d501-2 {
            protocol esp;
            authentication-algorithm hmac-sha1-96;
            encryption-algorithm aes-128-cbc;
            lifetime-seconds 3600;
        }
        policy ipsec-pol-vpn-60c3d501-1 {
            perfect-forward-secrecy {
                keys group2;
            }
            proposals ipsec-prop-vpn-60c3d501-1;
        }
        policy ipsec-pol-vpn-60c3d501-2 {
            perfect-forward-secrecy {
                keys group2;
            }
            proposals ipsec-prop-vpn-60c3d501-2;
        }
        vpn vpn-60c3d501-1 {
            bind-interface st0.1;
            df-bit clear;
            vpn-monitor {
                source-interface st0.1;
                destination-ip 169.254.44.193;
            }
            ike {
                gateway gw-vpn-60c3d501-1;
                ipsec-policy ipsec-pol-vpn-60c3d501-1;
            }
        }
        vpn vpn-60c3d501-2 {
            bind-interface st0.2;
            df-bit clear;
            vpn-monitor {
                source-interface st0.2;
                destination-ip 169.254.45.145;
            }
            ike {
                gateway gw-vpn-60c3d501-2;
                ipsec-policy ipsec-pol-vpn-60c3d501-2;
            }
        }
    }
    flow {
        tcp-mss {
            ipsec-vpn {
                mss 1387;
            }
        }
    }
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
} 
routing-options {
    static {
        route 0.0.0.0/0 next-hop 173.161.47.150;
        route 10.0.0.0/16 next-hop [ st0.2 st0.1 ];
    }
}