lab@RTR_G# show | no-more ## Last changed: 2016-01-26 14:05:29 UTC version 11.4R7.5; system { host-name RTR_G; root-authentication { encrypted-password "$1$ShBWWqCD$CT84UdX9ycriwSYSuRWqf."; ## SECRET-DATA } login { user lab { uid 2001; class super-user; authentication { encrypted-password "$1$56NAmuCs$FZj0HxjNrCwTrvU9B4ltL."; ## SECRET-DATA } } } services { ssh; } } interfaces { ge-0/0/0 { unit 0 { family inet { address 10.18.129.142/30; } } } fe-0/0/2 { unit 0 { family inet { address 10.18.129.145/30; } } } fe-0/0/3 { unit 0 { family inet { address 10.18.129.146/30; } } } fe-0/0/7 { description Management; unit 0 { family inet { address 10.18.131.29/24; } } } st0 { unit 0 { family inet { address 10.18.129.150/30; } } } } routing-options { static { route 10.110.1.0/24 next-hop 10.18.131.1; route 10.18.0.0/16 next-hop 10.18.131.1; route 10.18.129.136/30 next-hop 10.18.129.141; route 10.18.129.132/30 next-hop 10.18.129.141; route 10.18.128.5/32 next-hop st0.0; } } security { ike { traceoptions { file ike.log; flag all; } proposal prop-ike-1 { authentication-method pre-shared-keys; dh-group group2; authentication-algorithm md5; encryption-algorithm aes-128-cbc; lifetime-seconds 3600; } policy pol-ike-1 { proposals prop-ike-1; pre-shared-key ascii-text "$9$wpYoGTQnApB36pB1hKvxNdsYoaZUqmT"; ## SECRET-DATA } gateway gat-1 { ike-policy pol-ike-1; address 10.18.129.137; local-identity inet 10.18.129.142; external-interface ge-0/0/0.0; version v2-only; } } ipsec { proposal prop-ipsec-1 { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm aes-128-cbc; lifetime-seconds 3600; } policy pol-ipsec-1 { perfect-forward-secrecy { keys group2; } proposals prop-ipsec-1; } vpn vpn-1 { bind-interface st0.0; ike { gateway gat-1; ipsec-policy pol-ipsec-1; } establish-tunnels immediately; } } policies { from-zone z-1 to-zone z-1 { policy default-allow { match { source-address any; destination-address any; application any; } then { permit; } } } policy-rematch; } zones { functional-zone management { interfaces { fe-0/0/7.0; } host-inbound-traffic { system-services { all; } protocols { all; } } } security-zone z-1 { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { fe-0/0/2.0; ge-0/0/0.0; st0.0; } } security-zone z-2 { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { fe-0/0/3.0; } } } } routing-instances { r-1 { instance-type virtual-router; interface fe-0/0/3.0; } } [edit]