version 12.1X46-D65.4; system { host-name Node_1_Upper; root-authentication { encrypted-password "$1$MPcqgtCu$raaoKtW3J9LybXKaklvsO0"; ## SECRET-DATA } services { ssh; xnm-clear-text; web-management { http { interface vlan.0; } https { system-generated-certificate; interface vlan.0; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } file kmd-logs { daemon info; match KMD; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { description LAN; unit 0 { family inet { address 172.16.0.167/24; } } } gr-0/0/0 { unit 0 { description GRE; tunnel { source 212.48.226.93; destination 212.48.226.94; } family inet { mtu 1476; address 10.10.10.1/24; } } } ge-0/0/1 { unit 0; } ge-0/0/2 { description ISP; unit 0 { family inet { address 212.48.226.93/29; } } } ge-0/0/3 { disable; unit 0; } ge-0/0/4 { disable; unit 0; } ge-0/0/5 { disable; unit 0; } ge-0/0/6 { disable; unit 0; } ge-0/0/7 { disable; } lo0 { unit 0 { family inet { address 2.2.2.2/32; } } } st0 { unit 0 { description "'VPN'"; family inet; } } vlan { unit 0 { family inet; } } } protocols { ospf { area 0.0.0.0 { interface gr-0/0/0.0; interface ge-0/0/0.0; interface st0.0; } } stp; } security { ike { proposal IKE_prop { description Propor_IKE; authentication-method pre-shared-keys; dh-group group2; authentication-algorithm sha1; encryption-algorithm aes-256-cbc; lifetime-seconds 28800; } policy IKE_Policy { mode aggressive; proposals IKE_prop; pre-shared-key ascii-text "$9$2.4GDHqmTFnkqBIhSeKGDjifT"; ## SECRET-DATA } gateway IKE_Gate { ike-policy IKE_Policy; address 212.48.226.94; local-identity inet 212.48.226.93; external-interface ge-0/0/2.0; } } ipsec { proposal IPSEC_prop { protocol esp; authentication-algorithm hmac-sha1-96; encryption-algorithm aes-128-cbc; lifetime-seconds 28800; } policy IPSEC_POL { perfect-forward-secrecy { keys group14; } proposals IPSEC_prop; } vpn VPN_J-2-J { bind-interface st0.0; df-bit clear; ike { gateway IKE_Gate; proxy-identity { service any; } ipsec-policy IPSEC_POL; } establish-tunnels immediately; } } policies { from-zone trust to-zone ISP { policy trust-to-ISP { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone trust { policy trust-to-trust { match { source-address any; destination-address any; application any; } then { permit; } } } default-policy { permit-all; } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0; gr-0/0/0.0; lo0.0; ge-0/0/2.0; } } security-zone ISP { host-inbound-traffic { system-services { ping; ike; ssh; all; } protocols { all; } } } } }