=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.05.17 23:00:42 =~=~=~=~=~=~=~=~=~=~=~= get config Total Config size 43521: unset key protection enable set clock ntp set clock timezone -5 set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set vrouter name "trust2-vr" id 1025 set vrouter "trust2-vr" unset auto-route-export set protocol ospf set enable exit exit set service "SSH" timeout 60 set service "TELNET" timeout 60 set service "Microsoft-RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 set service "IPSec" protocol 50 src-port 0-65535 dst-port 0-65535 set service "IPSec" + 51 src-port 0-65535 dst-port 0-65535 set service "IPSec" + udp src-port 0-65535 dst-port 500-500 set service "SecurePOP3" protocol tcp src-port 0-65535 dst-port 995-995 set service "Gmail-SMTP_SSL_TLS" protocol tcp src-port 0-65535 dst-port 587-587 set service "Gmail-SMTP_SSL_TLS" + tcp src-port 0-65535 dst-port 465-465 set service "IVANS" protocol 50 src-port 0-65535 dst-port 0-65535 set service "IVANS" + tcp src-port 0-65535 dst-port 80-80 set service "IVANS" + udp src-port 0-65535 dst-port 500-500 set service "IVANS" + tcp src-port 0-65535 dst-port 709-709 set service "IVANS" + tcp src-port 0-65535 dst-port 1800-1800 set service "IVANS" + udp src-port 0-65535 dst-port 4500-4500 set service "IVANS" + tcp src-port 0-65535 dst-port 5080-5080 set service "UCS-TCP-UDP-OPEN" protocol tcp src-port 0-65535 dst-port 2500-2500 set service "UCS-TCP-UDP-OPEN" + udp src-port 0-65535 dst-port 2500-2500 set service "UCS-TCP-UDP-OPEN" + udp src-port 0-65535 dst-port 5060-5060 set service "UCS-TCP-UDP-OPEN" + udp src-port 0-65535 dst-port 10000-20000 set service "UCS-TCP-UDP-OPEN" + tcp src-port 0-65535 dst-port 5060-5060 set service "UCS-TCP-UDP-OPEN" + tcp src-port 0-65535 dst-port 10000-20000 set service "test" protocol tcp src-port 0-65535 dst-port 0-65535 set service "test" + udp src-port 0-65535 dst-port 0-65535 set service "Asterik" protocol udp src-port 0-65535 dst-port 4569-4569 timeout 30 set alg sip app-screen unknown-message nat permit set alg pptp enable set alg appleichat enable unset alg appleichat re-assembly enable set alg sctp enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth-server "Local" timeout 30 set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "mypassword" set admin http redirect set admin auth web timeout 10 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone id 100 "TrustWifi" set zone id 101 "Untrust-WiFi" set zone id 102 "UnTrust-Optimum" set zone id 103 "lightpath" set zone "lightpath" vrouter "trust2-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block unset zone "V1-Trust" tcp-rst unset zone "V1-Untrust" tcp-rst set zone "DMZ" tcp-rst unset zone "V1-DMZ" tcp-rst unset zone "VLAN" tcp-rst unset zone "TrustWifi" tcp-rst unset zone "Untrust-WiFi" tcp-rst set zone "UnTrust-Optimum" block unset zone "UnTrust-Optimum" tcp-rst set zone "lightpath" tcp-rst set zone "Trust" screen icmp-flood set zone "Trust" screen udp-flood set zone "Trust" screen winnuke set zone "Trust" screen tear-drop set zone "Trust" screen syn-flood set zone "Trust" screen ip-spoofing set zone "Trust" screen ping-death set zone "Trust" screen land set zone "Trust" screen syn-frag set zone "Trust" screen tcp-no-flag set zone "Trust" screen icmp-fragment set zone "Trust" screen icmp-large set zone "Trust" screen syn-fin set zone "Trust" screen fin-no-ack set zone "Trust" screen icmp-id set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet0/0" zone "Untrust" set interface "ethernet0/1" zone "Untrust" set interface "ethernet0/2" zone "Null" set interface "ethernet0/6" zone "HA" set interface "ethernet0/7" zone "HA" set interface "ethernet0/8.81" tag 121 zone "TrustWifi" set interface "ethernet0/8.82" tag 221 zone "Untrust-WiFi" set interface "ethernet0/8.83" tag 321 zone "DMZ" set interface "ethernet0/9" zone "Trust" set interface "ethernet1/0" zone "lightpath" set interface "tunnel.1" zone "Untrust" set interface "tunnel.2" zone "Untrust" set interface "tunnel.3" zone "Untrust" set interface "tunnel.4" zone "Untrust" set interface "tunnel.5" zone "Untrust" set interface "tunnel.6" zone "Untrust" set interface "tunnel.7" zone "Untrust" set interface "tunnel.8" zone "Untrust" set interface "tunnel.9" zone "Untrust" set interface "tunnel.10" zone "Untrust" set interface "tunnel.11" zone "Untrust" set interface "tunnel.12" zone "Untrust" set interface ethernet0/0 ip 242.141.149.3/28 set interface ethernet0/0 route unset interface vlan1 ip set interface ethernet0/1 ip 88.77.55.106/29 set interface ethernet0/1 route set interface ethernet0/8.81 ip 10.1.21.1/24 set interface ethernet0/8.81 nat set interface ethernet0/8.82 ip 10.2.21.1/24 set interface ethernet0/8.82 route set interface ethernet0/8.83 ip 10.3.21.1/24 set interface ethernet0/8.83 route set interface ethernet0/9 ip 192.168.20.1/24 set interface ethernet0/9 nat set interface ethernet1/0 ip 172.16.0.20/24 set interface ethernet1/0 nat set interface tunnel.1 ip unnumbered interface ethernet0/0 set interface tunnel.2 ip unnumbered interface ethernet0/0 set interface tunnel.3 ip unnumbered interface ethernet0/0 set interface tunnel.4 ip unnumbered interface ethernet0/0 set interface tunnel.5 ip unnumbered interface ethernet0/0 set interface tunnel.6 ip unnumbered interface ethernet0/1 set interface tunnel.7 ip unnumbered interface ethernet0/1 set interface tunnel.8 ip unnumbered interface ethernet0/1 set interface tunnel.9 ip unnumbered interface ethernet0/1 set interface tunnel.10 ip unnumbered interface ethernet0/1 set interface tunnel.11 ip unnumbered interface ethernet0/0 set interface tunnel.12 ip unnumbered interface ethernet0/1 set interface ethernet0/8.81 mtu 1500 set interface ethernet0/8.82 mtu 1500 set interface ethernet0/8.83 mtu 1500 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet0/0 manage-ip 242.141.149.4 set interface ethernet0/1 manage-ip 88.77.55.107 set interface ethernet0/8.81 manage-ip 10.1.21.3 set interface ethernet0/8.82 manage-ip 10.2.21.3 set interface ethernet0/8.83 manage-ip 10.3.21.3 set interface ethernet0/9 manage-ip 192.168.20.3 set interface ethernet0/0 ip manageable set interface ethernet0/1 ip manageable set interface ethernet0/8.81 ip manageable set interface ethernet0/8.82 ip manageable set interface ethernet0/8.83 ip manageable unset interface ethernet0/9 ip manageable set interface ethernet1/0 ip manageable set interface ethernet0/0 manage ping set interface ethernet0/0 manage ssh set interface ethernet0/0 manage telnet set interface ethernet0/0 manage ssl set interface ethernet0/0 manage web set interface ethernet0/1 manage ping set interface ethernet0/1 manage ssh set interface ethernet0/1 manage ssl set interface ethernet0/1 manage web set interface ethernet0/8.81 manage ping set interface ethernet0/8.81 manage ssh set interface ethernet0/8.81 manage ssl set interface ethernet0/8.81 manage web set interface ethernet0/8.82 manage ping unset interface ethernet0/8.83 manage ping set interface ethernet1/0 manage ping set interface ethernet1/0 manage ssh set interface ethernet0/1 monitor track-ip ip set interface ethernet0/1 monitor track-ip threshold 50 set interface ethernet0/1 monitor track-ip weight 50 set interface ethernet0/1 monitor track-ip ip 88.77.55.105 weight 60 set interface ethernet0/1 monitor track-ip ip 8.8.4.4 weight 40 set interface ethernet0/1 monitor track-ip ip 4.2.2.1 weight 40 unset interface ethernet0/1 monitor track-ip dynamic set interface ethernet0/0 monitor track-ip ip set interface ethernet0/0 monitor track-ip threshold 50 set interface ethernet0/0 monitor track-ip weight 50 set interface ethernet0/0 monitor track-ip ip 242.141.149.1 threshold 5 set interface ethernet0/0 monitor track-ip ip 242.141.149.1 weight 60 set interface ethernet0/0 monitor track-ip ip 8.8.8.8 interval 2 set interface ethernet0/0 monitor track-ip ip 8.8.8.8 threshold 4 set interface ethernet0/0 monitor track-ip ip 8.8.8.8 weight 40 set interface ethernet0/0 monitor track-ip ip 4.2.2.2 interval 2 set interface ethernet0/0 monitor track-ip ip 4.2.2.2 threshold 4 set interface ethernet0/0 monitor track-ip ip 4.2.2.2 weight 40 unset interface ethernet0/0 monitor track-ip dynamic set interface ethernet0/0 vip interface-ip 4569 "Voice" 192.168.20.22 set interface ethernet0/8.81 dhcp server service set interface ethernet0/8.82 dhcp server service set interface ethernet0/9 dhcp server service set interface ethernet0/8.81 dhcp server enable set interface ethernet0/8.82 dhcp server enable set interface ethernet0/9 dhcp server enable set interface ethernet0/8.81 dhcp server option lease 240 set interface ethernet0/8.81 dhcp server option gateway 10.1.21.1 set interface ethernet0/8.81 dhcp server option netmask 255.255.255.0 set interface ethernet0/8.81 dhcp server option dns1 192.168.20.30 set interface ethernet0/8.81 dhcp server option dns2 8.8.8.8 set interface ethernet0/8.81 dhcp server option dns3 8.8.4.4 set interface ethernet0/8.82 dhcp server option lease 1680 set interface ethernet0/8.82 dhcp server option gateway 10.2.21.1 set interface ethernet0/8.82 dhcp server option netmask 255.255.255.0 set interface ethernet0/8.82 dhcp server option dns1 8.8.8.8 set interface ethernet0/8.82 dhcp server option dns2 8.8.4.4 set interface ethernet0/9 dhcp server option lease 1440 set interface ethernet0/9 dhcp server option gateway 192.168.20.1 set interface ethernet0/9 dhcp server option netmask 255.255.255.0 set interface ethernet0/9 dhcp server option dns1 8.8.8.8 set interface ethernet0/8.81 dhcp server ip 10.1.21.100 to 10.1.21.150 set interface ethernet0/8.82 dhcp server ip 10.2.21.100 to 10.2.21.150 set interface ethernet0/9 dhcp server ip 192.168.20.100 to 192.168.20.105 unset interface ethernet0/8.81 dhcp server config next-server-ip unset interface ethernet0/8.81 dhcp server config updatable unset interface ethernet0/8.82 dhcp server config next-server-ip unset interface ethernet0/8.82 dhcp server config updatable unset interface ethernet0/9 dhcp server config next-server-ip set interface ethernet0/0 dip 4 242.141.149.9 242.141.149.9 fix-port set interface ethernet0/0 dip interface-ip incoming set interface ethernet0/8.81 dip interface-ip incoming set interface "ethernet0/0" mip 242.141.149.6 host 10.3.21.6 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 242.141.149.7 host 117.218.122.222 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 242.141.149.8 host 192.168.20.15 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/1" mip 88.77.55.108 host 192.168.20.15 netmask 255.255.255.255 vr "trust-vr" set interface ethernet0/1 monitor threshold 40 set interface ethernet0/0 monitor threshold 40 set interface "ethernet0/8.82" webauth set interface "ethernet0/8.82" webauth-ip 10.2.21.4 set tcp mss 1200 set flow all-tcp-mss 1350 unset flow no-tcp-seq-check set flow tcp-syn-check unset flow tcp-syn-bit-check unset flow reverse-route clear-text set flow reverse-route tunnel always set console page 25 set domain Network.com set hostname bwfw1 set dbuf size 4096 set pki authority default scep mode "auto" set pki x509 default cert-path partial set nsrp cluster id 1 set nsrp vsd-group hb-interval 200 set nsrp vsd-group id 0 priority 100 set nsrp vsd-group id 0 preempt set nsrp encrypt password networking set nsrp auth password networking set nsrp secondary-path ethernet0/9 set nsrp ha-link probe set dns host dns1 4.4.4.4 set dns host dns2 8.8.4.4 set dns host dns3 0.0.0.0 set address "Trust" "0.0.0.0/0" 0.0.0.0 0.0.0.0 set address "Trust" "242.141.149.7/32" 242.141.149.7 255.255.255.255 set address "Trust" "192.168.20.0/24" 192.168.20.0 255.255.255.0 set address "Trust" "192.168.20.22/32" 192.168.20.22 255.255.255.255 set address "Trust" "192.168.20.45/32" 192.168.20.45 255.255.255.255 set address "Trust" "117.218.122.222/32" 117.218.122.222 255.255.255.255 set address "Trust" "117.218.122.224/32" 117.218.122.224 255.255.255.255 set address "Trust" "204_OpenAddress" 117.218.122.50 255.255.255.255 set address "Trust" "21_OpenAddress" 192.168.21.50 255.255.255.255 set address "Trust" "22_OpenAddress" 192.168.22.50 255.255.255.255 set address "Trust" "23_OpenAddress" 192.168.23.50 255.255.255.255 set address "Trust" "City ASC VLAN" 192.168.23.0 255.255.255.0 set address "Trust" "City-204-Network" 117.218.122.0 255.255.255.0 set address "Trust" "City-Billing-LAN" 192.168.22.0 255.255.255.0 "City Billing VLAN" set address "Trust" "City-Server-LAN" 192.168.20.0 255.255.255.0 "City Server VLAN" set address "Trust" "City-SSLVPN" 10.100.100.0 255.255.255.0 set address "Trust" "City-TrustWifi" 10.1.21.0 255.255.255.0 set address "Trust" "City_Practice_LAN" 192.168.21.0 255.255.255.0 "City Practice LAN" set address "Untrust" "10.10.10.0/24" 10.10.10.0 255.255.255.0 set address "Untrust" "192.168.0.0/16" 192.168.0.0 255.255.0.0 set address "Untrust" "118.25.125.17/32" 118.25.125.17 255.255.255.255 set address "Untrust" "Remote1-LAN" 192.168.15.0 255.255.255.0 "Remote1 LAN" set address "Untrust" "Remote1-TrustWiFi" 10.1.15.0 255.255.255.0 "Remote1 Employee WiFi" set address "Untrust" "Remote1-UnTrustWiFi" 10.2.15.0 255.255.255.0 set address "Untrust" "Remote3-LAN" 192.168.16.0 255.255.255.0 set address "Untrust" "Remote3-TrustWifi" 10.1.16.0 255.255.255.0 set address "Untrust" "Remote5-LAN" 192.168.13.0 255.255.255.0 "Remote5 LAN Address" set address "Untrust" "Remote5-TrustWiFi" 10.1.13.0 255.255.255.0 "Remote5 Employee Wireless" set address "Untrust" "Remote5-UnTrustWiFi" 10.2.13.0 255.255.255.0 "Remote5 Guest Wireless" set address "Untrust" "Network-DR-Network" 192.168.120.0 255.255.255.0 "Remote Replication Subnet" set address "Untrust" "Remote6-LAN" 192.168.11.0 255.255.255.0 "Remote6erson LAN" set address "Untrust" "Remote6-TrustWiFi" 10.1.1.0 255.255.255.0 "Remote6 Employee Wureless" set address "Untrust" "Remote6-UnTrustWiFi" 10.2.1.0 255.255.255.0 "Remote6 Guest WiFi" set address "Untrust" "Remote2-LAN" 192.168.12.0 255.255.255.0 "Remote2 LAN" set address "Untrust" "Remote2-TrustWiFi" 10.1.12.0 255.255.255.0 "Remote2 Employee WiFi" set address "Untrust" "Remote2-UnTrustWiFi" 10.2.12.0 255.255.255.0 "Remote2 Guest WiFi" set address "Untrust" "vpnclient_address" 192.168.220.0 255.255.255.0 "Addresses for VPN Clients" set address "Untrust" "Remote4-LAN" 192.168.14.0 255.255.255.0 "Remote4 LAN" set address "Untrust" "Remote4-TrustWiFi" 10.1.14.0 255.255.255.0 "Remote4 Employee Wireless" set address "Untrust" "Remote4-UnTrustWiFi" 10.2.14.0 255.255.255.0 "Remote4 Guest Wireless" set address "Untrust" "www.aspemr.com" 173.83.251.105 255.255.255.255 set address "lightpath" "192.168.11.0/24" 192.168.12.0 255.255.255.0 set address "lightpath" "192.168.12.0/24" 192.168.12.0 255.255.255.0 set address "lightpath" "192.168.13.0/24" 192.168.13.0 255.255.255.0 set address "lightpath" "192.168.14.0/24" 192.168.14.0 255.255.255.0 set address "lightpath" "192.168.15.0/24" 192.168.15.0 255.255.255.0 set address "lightpath" "192.168.16.0/24" 192.168.16.0 255.255.255.0 set group address "Trust" "City_VPN_Net" set group address "Trust" "City_VPN_Net" add "City ASC VLAN" set group address "Trust" "City_VPN_Net" add "City-204-Network" set group address "Trust" "City_VPN_Net" add "City-Billing-LAN" set group address "Trust" "City_VPN_Net" add "City-Server-LAN" set group address "Trust" "City_VPN_Net" add "City-SSLVPN" set group address "Trust" "City_VPN_Net" add "City-TrustWifi" set group address "Trust" "City_VPN_Net" add "City_Practice_LAN" set group address "Trust" "Full_Access_To_Internet" set group address "Trust" "Full_Access_To_Internet" add "117.218.122.224/32" set group address "Trust" "Internal_AV_Exempt" set group address "Trust" "Internal_AV_Exempt" add "204_OpenAddress" set group address "Trust" "Internal_AV_Exempt" add "21_OpenAddress" set group address "Trust" "Internal_AV_Exempt" add "22_OpenAddress" set group address "Trust" "Internal_AV_Exempt" add "23_OpenAddress" set group address "Untrust" "Remote1_VPN_Net" set group address "Untrust" "Remote1_VPN_Net" add "Remote1-LAN" set group address "Untrust" "Remote1_VPN_Net" add "Remote1-TrustWiFi" set group address "Untrust" "Blocked_Hosts" set group address "Untrust" "Blocked_Hosts" add "www.aspemr.com" set group address "Untrust" "Remote3_VPN_Net" set group address "Untrust" "Remote3_VPN_Net" add "Remote3-LAN" set group address "Untrust" "Remote3_VPN_Net" add "Remote3-TrustWifi" set group address "Untrust" "Remote5_VPN_Net" set group address "Untrust" "Remote5_VPN_Net" add "Remote5-LAN" set group address "Untrust" "Remote5_VPN_Net" add "Remote5-TrustWiFi" set group address "Untrust" "Remote6_VPN_Net" set group address "Untrust" "Remote6_VPN_Net" add "Network-DR-Network" set group address "Untrust" "Remote6_VPN_Net" add "Remote6-LAN" set group address "Untrust" "Remote6_VPN_Net" add "Remote6-TrustWiFi" set group address "Untrust" "Remote2_VPN_Net" set group address "Untrust" "Remote2_VPN_Net" add "Remote2-LAN" set group address "Untrust" "Remote2_VPN_Net" add "Remote2-TrustWiFi" set group address "Untrust" "Remote4_VPN_Net" set group address "Untrust" "Remote4_VPN_Net" add "Remote4-LAN" set group address "Untrust" "Remote4_VPN_Net" add "Remote4-TrustWiFi" set group address "lightpath" "Remote_Offices" set group address "lightpath" "Remote_Offices" add "192.168.11.0/24" set group address "lightpath" "Remote_Offices" add "192.168.12.0/24" set group address "lightpath" "Remote_Offices" add "192.168.13.0/24" set group address "lightpath" "Remote_Offices" add "192.168.14.0/24" set group address "lightpath" "Remote_Offices" add "192.168.15.0/24" set group address "lightpath" "Remote_Offices" add "192.168.16.0/24" set ippool "vpnclient_pool" 192.168.220.10 192.168.220.50 set user "gpalermo" uid 12 set user "gpalermo" type xauth set user "gpalermo" password "jRBRGFriNsj8m2sH3aCeDgqyuwnquWyuqQ==" unset user "gpalermo" type auth set user "gpalermo" "enable" set user "matt" uid 11 set user "matt" type xauth set user "matt" remote ippool "vpnclient_pool" set user "matt" password "CdgejUtxNf8OYZs9KhCzIuCOgRniexg58A==" unset user "matt" type auth set user "matt" "enable" set user "vpnclient_ph1id_2" uid 13 set user "vpnclient_ph1id_2" ike-id u-fqdn "vpnclient@Network.com" share-limit 15 set user "vpnclient_ph1id_2" type ike set user "vpnclient_ph1id_2" "enable" set user-group "vpnclient_group2" id 5 set user-group "vpnclient_group2" user "vpnclient_ph1id_2" set crypto-policy exit set ike gateway "Gateway for Remote1_VPN_Net" address 27.56.88.90 Main outgoing-interface "ethernet0/0" preshare "key#1" sec-level standard set ike gateway "Gateway for Remote2_VPN_Net" address 88.75.8.26 Main outgoing-interface "ethernet0/0" preshare "key#12" sec-level standard set ike gateway "Gateway for Remote5_VPN_Net" address 56.36.25.210 Main outgoing-interface "ethernet0/0" preshare "key#13" sec-level standard set ike gateway "Gateway for Remote6_VPN_Net" address 88.88.29.26 Main outgoing-interface "ethernet0/0" preshare "key#14" sec-level standard set ike gateway "Gateway_For_Remote1_0" address 27.56.88.90 Main outgoing-interface "ethernet0/1" preshare "key#15" sec-level standard set ike gateway "Gateway_For_Remote5_0" address 56.36.25.210 Main outgoing-interface "ethernet0/1" preshare "key#6" sec-level standard set ike gateway "Gateway for Remote6_VPN_Net_0" address 88.88.29.26 Main outgoing-interface "ethernet0/1" preshare "key#17" sec-level standard set ike gateway "Gateway for Remote2_VPN_Net_0" address 88.75.8.26 Main outgoing-interface "ethernet0/1" preshare "key#18" sec-level standard set ike gateway "Gateway for Remote4_VPN_Net" address 71.69.10.98 Main outgoing-interface "ethernet0/0" preshare "key#19" sec-level standard set ike gateway "Gateway for Remote4_VPN_Net_0" address 71.69.10.98 Main outgoing-interface "ethernet0/1" preshare "key#20" sec-level standard set ike gateway "vpnclient_gateway" dialup "vpnclient_group2" Aggr local-id "vpngw.Network.com" outgoing-interface "ethernet0/0" preshare "key#21" proposal "pre-g2-aes128-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha" "pre-g2-aes128-md5" set ike gateway "vpnclient_gateway" dpd-liveness interval 30 unset ike gateway "vpnclient_gateway" nat-traversal udp-checksum set ike gateway "vpnclient_gateway" nat-traversal keepalive-frequency 0 set ike gateway "vpnclient_gateway" xauth unset ike gateway "vpnclient_gateway" xauth do-edipi-auth set ike gateway "Gateway for Remote3_VPN_Net" address 55.22.22.178 Main outgoing-interface "ethernet0/0" preshare "key#22" sec-level standard set ike gateway "Gateway for Remote3_VPN_Net_0" address 55.22.22.178 Main outgoing-interface "ethernet0/1" preshare "key#23" sec-level standard set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set xauth default ippool "vpnclient_pool" set xauth default dns1 117.218.122.8 set xauth default dns2 8.8.8.8 set vpn "VPN for Remote1_VPN_Net" gateway "Gateway for Remote1_VPN_Net" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote1_VPN_Net" monitor rekey set vpn "VPN for Remote1_VPN_Net" id 0x2 bind interface tunnel.1 set vpn "VPN for Remote1_VPN_Net" dscp-mark 0 set vpn "VPN for Remote2_VPN_Net" gateway "Gateway for Remote2_VPN_Net" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote2_VPN_Net" monitor rekey set vpn "VPN for Remote2_VPN_Net" id 0xa bind interface tunnel.4 set vpn "VPN for Remote5_VPN_Net" gateway "Gateway for Remote5_VPN_Net" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote5_VPN_Net" monitor rekey set vpn "VPN for Remote5_VPN_Net" id 0xb bind interface tunnel.3 set vpn "VPN for Remote6_VPN_Net" gateway "Gateway for Remote6_VPN_Net" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote6_VPN_Net" monitor rekey set vpn "VPN for Remote6_VPN_Net" id 0xc bind interface tunnel.5 set vpn "VPN for Remote5_VPN_Net_0" gateway "Gateway_For_Remote5_0" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote5_VPN_Net_0" monitor rekey set vpn "VPN for Remote5_VPN_Net_0" id 0xe bind interface tunnel.6 set vpn "VPN for Remote5_VPN_Net_0" dscp-mark 0 set vpn "VPN for Remote1_VPN_Net_0" gateway "Gateway_For_Remote1_0" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote1_VPN_Net_0" monitor rekey set vpn "VPN for Remote1_VPN_Net_0" id 0xf bind interface tunnel.7 set vpn "VPN for Remote1_VPN_Net_0" dscp-mark 0 set vpn "VPN for Remote6_VPN_Net_0" gateway "Gateway for Remote6_VPN_Net_0" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote6_VPN_Net_0" monitor rekey set vpn "VPN for Remote6_VPN_Net_0" id 0x1a bind interface tunnel.8 set vpn "VPN for Remote2_VPN_Net_0" gateway "Gateway for Remote2_VPN_Net_0" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote2_VPN_Net_0" monitor rekey set vpn "VPN for Remote2_VPN_Net_0" id 0x1b bind interface tunnel.9 set vpn "VPN for Remote4_VPN_Net" gateway "Gateway for Remote4_VPN_Net" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote4_VPN_Net" monitor rekey set vpn "VPN for Remote4_VPN_Net" id 0x1c bind interface tunnel.2 set vpn "VPN for Remote4_VPN_Net_0" gateway "Gateway for Remote4_VPN_Net_0" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote4_VPN_Net_0" monitor rekey set vpn "VPN for Remote4_VPN_Net_0" id 0x1d bind interface tunnel.10 set vpn "vpnclient_tunnel" gateway "vpnclient_gateway" replay tunnel idletime 0 proposal "g2-esp-aes128-sha" "g2-esp-3des-md5" "g2-esp-aes128-sha" "g2-esp-aes128-md5" set vpn "VPN for Remote3_VPN_Net" gateway "Gateway for Remote3_VPN_Net" no-replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote3_VPN_Net" monitor set vpn "VPN for Remote3_VPN_Net" id 0x22 bind interface tunnel.11 set vpn "VPN for Remote3_VPN_Net" dscp-mark 0 set vpn "VPN for Remote3_VPN_Net_0" gateway "Gateway for Remote3_VPN_Net_0" replay tunnel idletime 0 sec-level standard set vpn "VPN for Remote3_VPN_Net_0" monitor rekey set vpn "VPN for Remote3_VPN_Net_0" id 0x23 bind interface tunnel.12 unset interface tunnel.11 acvpn-dynamic-routing unset interface tunnel.12 acvpn-dynamic-routing set attack db sigpack worm set attack db mode Update set attack db schedule daily 00:00 set av all fail-mode traffic permit set av scan-mgr pattern-update-url http://update.juniper-updates.net/AV/SSG100/ interval 15 set av scan-mgr max-content-size 4000 unset av scan-mgr max-content-size drop unset av scan-mgr decompress-layer drop set url protocol type sc-cpa set url protocol sc-cpa set category "Whitelist_Custom" url "www.li-lasik.com/" set category "Whitelist_Custom" url "www.Network.com/" set category "Blacklist_Custom" url "*.aim.com/" set category "Blacklist_Custom" url "*.facebook.com/" set category "Blacklist_Custom" url "*.photobucket.com/" set category "Blacklist_Custom" url "*.twitter.com/" set category "Blacklist_Custom" url "*.youtube.com/" set category "Blacklist_Custom" url "aim.com/" set category "Blacklist_Custom" url "facebook.com/" set category "Blacklist_Custom" url "photobucket.com/" set category "Blacklist_Custom" url "twitter.com/" set category "Blacklist_Custom" url "youtube.com/" set profile "Network_General" other permit set profile "Network_General" "Blacklist_Custom" black-list set profile "Network_General" "Whitelist_Custom" white-list set profile "Network_General" "Adult/Sexually Explicit" block set profile "Network_General" "Advertisements" block set profile "Network_General" "Arts & Entertainment" permit set profile "Network_General" "Chat" permit set profile "Network_General" "Computing & Internet" permit set profile "Network_General" "Criminal Skills" block set profile "Network_General" "Drugs, Alcohol & Tobacco" block set profile "Network_General" "Education" permit set profile "Network_General" "Finance & Investment" permit set profile "Network_General" "Food & Drink" permit set profile "Network_General" "Gambling" block set profile "Network_General" "Games" block set profile "Network_General" "Glamour & Intimate Apparel" permit set profile "Network_General" "Government & Politics" permit set profile "Network_General" "Hacking" block set profile "Network_General" "Hate Speech" block set profile "Network_General" "Health & Medicine" permit set profile "Network_General" "Hobbies & Recreation" permit set profile "Network_General" "Hosting Sites" permit set profile "Network_General" "Job Search & Career Development" permit set profile "Network_General" "Kids Sites" permit set profile "Network_General" "Lifestyle & Culture" permit set profile "Network_General" "Motor Vehicles" permit set profile "Network_General" "News" permit set profile "Network_General" "Personals & Dating" block set profile "Network_General" "Photo Searches" permit set profile "Network_General" "Real Estate" permit set profile "Network_General" "Reference" permit set profile "Network_General" "Religion" permit set profile "Network_General" "Remote Proxies" block set profile "Network_General" "Search Engines" permit set profile "Network_General" "Sex Education" block set profile "Network_General" "Shopping" permit set profile "Network_General" "Sports" permit set profile "Network_General" "Streaming Media" permit set profile "Network_General" "Travel" permit set profile "Network_General" "Usenet News" permit set profile "Network_General" "Violence" block set profile "Network_General" "Weapons" block set profile "Network_General" "Web-based Email" permit set profile "Wireless_Guest_Filtering" other permit set profile "Wireless_Guest_Filtering" "Adult/Sexually Explicit" block set profile "Wireless_Guest_Filtering" "Advertisements" block set profile "Wireless_Guest_Filtering" "Arts & Entertainment" permit set profile "Wireless_Guest_Filtering" "Chat" permit set profile "Wireless_Guest_Filtering" "Computing & Internet" permit set profile "Wireless_Guest_Filtering" "Criminal Skills" block set profile "Wireless_Guest_Filtering" "Drugs, Alcohol & Tobacco" block set profile "Wireless_Guest_Filtering" "Education" permit set profile "Wireless_Guest_Filtering" "Finance & Investment" permit set profile "Wireless_Guest_Filtering" "Food & Drink" permit set profile "Wireless_Guest_Filtering" "Gambling" block set profile "Wireless_Guest_Filtering" "Games" block set profile "Wireless_Guest_Filtering" "Glamour & Intimate Apparel" permit set profile "Wireless_Guest_Filtering" "Government & Politics" permit set profile "Wireless_Guest_Filtering" "Hacking" block set profile "Wireless_Guest_Filtering" "Hate Speech" block set profile "Wireless_Guest_Filtering" "Health & Medicine" permit set profile "Wireless_Guest_Filtering" "Hobbies & Recreation" permit set profile "Wireless_Guest_Filtering" "Hosting Sites" permit set profile "Wireless_Guest_Filtering" "Job Search & Career Development" block set profile "Wireless_Guest_Filtering" "Kids Sites" permit set profile "Wireless_Guest_Filtering" "Lifestyle & Culture" permit set profile "Wireless_Guest_Filtering" "Motor Vehicles" permit set profile "Wireless_Guest_Filtering" "News" permit set profile "Wireless_Guest_Filtering" "Personals & Dating" block set profile "Wireless_Guest_Filtering" "Photo Searches" permit set profile "Wireless_Guest_Filtering" "Real Estate" permit set profile "Wireless_Guest_Filtering" "Reference" permit set profile "Wireless_Guest_Filtering" "Religion" permit set profile "Wireless_Guest_Filtering" "Remote Proxies" block set profile "Wireless_Guest_Filtering" "Search Engines" permit set profile "Wireless_Guest_Filtering" "Sex Education" block set profile "Wireless_Guest_Filtering" "Shopping" permit set profile "Wireless_Guest_Filtering" "Sports" permit set profile "Wireless_Guest_Filtering" "Streaming Media" permit set profile "Wireless_Guest_Filtering" "Travel" permit set profile "Wireless_Guest_Filtering" "Usenet News" block set profile "Wireless_Guest_Filtering" "Violence" block set profile "Wireless_Guest_Filtering" "Weapons" block set profile "Wireless_Guest_Filtering" "Web-based Email" permit set enable set fail-mode permit set cache size 2000 set deny-message "