## Last commit: 2022-02-16 23:08:03 UTC by root version 18.2R1.9; system { root-authentication { } host-name R3; syslog { user * { any emergency; match "!(.*fpc.*)"; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } } chassis { fpc 0 { pic 2 { tunnel-services { bandwidth 10g; } inline-services { bandwidth 10g; } } lite-mode; } fpc 2 { pic 0 { tunnel-services { bandwidth 1g; } } lite-mode; } } services { service-set IPSec_Site1 { next-hop-service { inside-service-interface ms-0/2/0.1; outside-service-interface ms-0/2/0.2; } ipsec-vpn-options { local-gateway 1.1.1.1; } ipsec-vpn-rules IPSec_Site1_Rule; } ipsec-vpn { rule IPSec_Site1_Rule { term 1 { then { remote-gateway 1.1.1.2; dynamic { ike-policy IKE-Policy1; ipsec-policy IPSEC-Policy1; } tunnel-mtu 2048; } } match-direction input; } ipsec { proposal IPSEC-Phase2 { protocol esp; authentication-algorithm hmac-sha-256-128; encryption-algorithm aes-256-cbc; } policy IPSEC-Policy1 { perfect-forward-secrecy { keys group14; } proposals IPSEC-Phase2; } } ike { proposal IKE-PHASE1 { authentication-method pre-shared-keys; dh-group group14; authentication-algorithm sha-256; encryption-algorithm aes-256-cbc; lifetime-seconds 86400; } policy IKE-Policy1 { mode main; proposals IKE-PHASE1; } } establish-tunnels immediately; } } interfaces { ms-0/2/0 { unit 1 { description "IPSEC to Site 1"; family inet { address 172.16.1.1/30; } service-domain inside; } unit 2 { description "Link to Site"; family inet; service-domain outside; } } ge-2/0/0 { vlan-tagging; unit 100 { description "Link to Site"; vlan-id 100; family inet { address 1.1.1.1/30; } } } gr-2/0/10 { unit 0 { tunnel { source 172.16.1.1; destination 172.16.1.2; allow-fragmentation; } family inet; family mpls; } } fxp0 { disable; } lo0 { unit 0 { family inet { address 3.1.1.3/32; } } } } routing-options { router-id 3.1.1.3; autonomous-system 65000; } protocols { rsvp { interface gr-2/0/10.0; interface lo0.0; } mpls { interface gr-2/0/10.0; } bgp { group iBGP { type internal; local-address 3.1.1.3; family inet { unicast; } family inet-vpn { unicast; } neighbor 3.1.1.2; neighbor 3.1.1.1; } } ospf { traffic-engineering; reference-bandwidth 10g; area 0.0.0.0 { interface gr-2/0/10.0 { interface-type p2p; } interface lo0.0 { passive; } } } }