## Last changed: 2014-03-06 21:16:30 UTC version 12.1R2.9; chassis { aggregated-devices { ethernet { device-count 1; } } } interfaces { fe-0/0/0 { unit 0 { family ethernet-switching { vlan { members vlan-Untrust; } } } } fe-0/0/2 { fastether-options { 802.3ad ae0; } } fe-0/0/3 { fastether-options { 802.3ad ae0; } } fe-0/0/4 { fastether-options { 802.3ad ae0; } } fe-0/0/5 { fastether-options { 802.3ad ae0; } } fe-0/0/6 { fastether-options { 802.3ad ae0; } } fe-0/0/7 { fastether-options { 802.3ad ae0; } } ae0 { aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ vlan-DMZ vlan-MobileDMZ vlan-trust ]; } } } } vlan { unit 0 { family inet { address xxx.150.120.41/22 { arp xxx.150.120.217 multicast-mac 01:00:5e:7f:78:d9; } address 10.0.0.1/24; } } unit 10 { family inet { address 10.10.20.1/24 { arp 10.10.20.16 mac 00:50:56:ab:00:f0; arp 10.10.20.17 mac 00:50:56:ab:00:f0; } } } unit 33 { family inet { address x.x.x.210/28; } } unit 100 { family inet { address 10.10.15.1/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop x.x.x.209; } } protocols { stp; } security { log { mode event; } application-tracking; screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } destination { pool SSLVPN443 { address xxx.150.120.19/32 port 443; } pool SSLVPN80 { address xxx.150.120.19/32 port 80; } rule-set INNKOMMENDE { from zone untrust; rule PORTFORWARDING80 { match { destination-address x.x.x.210/32; destination-port 80; } then { destination-nat pool SSLVPN80; } } rule PORTFORWARDING443 { match { destination-address x.x.x.210/32; destination-port 443; } then { destination-nat pool SSLVPN443; } } } } static { rule-set MIP { from zone untrust; rule MIP1 { match { destination-address x.x.x.211/32; } then { static-nat prefix 10.10.20.162/32; } } rule MIP2 { match { destination-address x.x.x.212/32; } then { static-nat prefix 10.10.20.163/32; } } rule MIP3 { match { destination-address x.x.x.219/32; } then { static-nat prefix xxx.150.120.19/32; } } rule MIP4 { match { destination-address x.x.x.213/32; } then { static-nat prefix 10.10.20.165/32; } } rule MIP5 { match { destination-address x.x.x.214/32; } then { static-nat prefix 10.10.20.16/32; } } } } proxy-arp { interface vlan.33 { address { x.x.x.211/32; x.x.x.212/32; x.x.x.219/32; x.x.x.213/32; x.x.x.214/32; } } } } vlans { vlan-DMZ { vlan-id 10; l3-interface vlan.10; } vlan-MobileDMZ { vlan-id 100; l3-interface vlan.100; } vlan-Untrust { vlan-id 33; l3-interface vlan.33; } vlan-trust { vlan-id 3; l3-interface vlan.0; } }