set firewall all-ping 'enable' | |
set firewall broadcast-ping 'disable' | |
set firewall config-trap 'disable' | |
set firewall ip-src-route 'disable' | |
set firewall ipv6-receive-redirects 'disable' | |
set firewall ipv6-src-route 'disable' | |
set firewall log-martians 'enable' | |
set firewall name 7-VPN-IN default-action 'drop' | |
set firewall name 7-VPN-IN rule 10 action 'accept' | |
set firewall name 7-VPN-IN rule 10 state established 'enable' | |
set firewall name 7-VPN-IN rule 10 state related 'enable' | |
set firewall name 7-VPN-IN rule 20 action 'accept' | |
set firewall name 7-VPN-IN rule 20 description 'Allow from CSM' | |
set firewall name 7-VPN-IN rule 20 source address '172.22.254.0/24' | |
set firewall name 7-VPN-IN rule 30 action 'accept' | |
set firewall name 7-VPN-IN rule 30 description 'Allow from VPNSSL-CSM' | |
set firewall name 7-VPN-IN rule 30 source address '192.168.239.0/24' | |
set firewall name 7-VPN-IN rule 40 action 'accept' | |
set firewall name 7-VPN-IN rule 40 description 'Allow from 7 ELEVES' | |
set firewall name 7-VPN-IN rule 40 source address '172.22.168.0/23' | |
set firewall name 7-VPN-IN rule 41 action 'accept' | |
set firewall name 7-VPN-IN rule 41 description 'Allow from 7 MANAGEMENT' | |
set firewall name 7-VPN-IN rule 41 source address '172.22.171.128/25' | |
set firewall name 7-VPN-IN rule 42 action 'accept' | |
set firewall name 7-VPN-IN rule 42 description 'Allow from 7 TECHNIQUE' | |
set firewall name 7-VPN-IN rule 42 source address '100.124.178.0/24' | |
set firewall name 7-VPN-IN rule 43 action 'accept' | |
set firewall name 7-VPN-IN rule 43 description 'Allow from 7 BYOD' | |
set firewall name 7-VPN-IN rule 43 source address '100.124.176.0/23' | |
set firewall name 7-VPN-IN rule 44 action 'accept' | |
set firewall name 7-VPN-IN rule 44 description 'Allow from 7 RESSOURCES' | |
set firewall name 7-VPN-IN rule 44 source address '10.135.7.0/25' | |
set firewall name 7-VPN-IN rule 45 action 'accept' | |
set firewall name 7-VPN-IN rule 45 description 'Allow from 7 PERSONNELS' | |
set firewall name 7-VPN-IN rule 45 source address '10.35.7.0/24' | |
set firewall name 7-VPN-IN rule 46 action 'accept' | |
set firewall name 7-VPN-IN rule 46 description 'Allow from 7 DMZ-SERVICES' | |
set firewall name 7-VPN-IN rule 46 source address '10.135.7.192/26' | |
set firewall name 26-VPN-IN default-action 'drop' | |
set firewall name 26-VPN-IN rule 10 action 'accept' | |
set firewall name 26-VPN-IN rule 10 state established 'enable' | |
set firewall name 26-VPN-IN rule 10 state related 'enable' | |
set firewall name 26-VPN-IN rule 20 action 'accept' | |
set firewall name 26-VPN-IN rule 20 description 'Allow from CSM' | |
set firewall name 26-VPN-IN rule 20 source address '172.22.254.0/24' | |
set firewall name 26-VPN-IN rule 30 action 'accept' | |
set firewall name 26-VPN-IN rule 30 description 'Allow from VPNSSL-CSM' | |
set firewall name 26-VPN-IN rule 30 source address '192.168.239.0/24' | |
set firewall name 26-VPN-IN rule 40 action 'accept' | |
set firewall name 26-VPN-IN rule 40 description 'Allow from 26 ELEVES' | |
set firewall name 26-VPN-IN rule 40 source address '172.22.164.0/23' | |
set firewall name 26-VPN-IN rule 41 action 'accept' | |
set firewall name 26-VPN-IN rule 41 description 'Allow from 26 MANAGEMENT' | |
set firewall name 26-VPN-IN rule 41 source address '172.22.167.128/25' | |
set firewall name 26-VPN-IN rule 42 action 'accept' | |
set firewall name 26-VPN-IN rule 42 description 'Allow from 26 TECHNIQUE' | |
set firewall name 26-VPN-IN rule 42 source address '100.124.170.0/24' | |
set firewall name 26-VPN-IN rule 43 action 'accept' | |
set firewall name 26-VPN-IN rule 43 description 'Allow from 26 BYOD' | |
set firewall name 26-VPN-IN rule 43 source address '100.124.168.0/23' | |
set firewall name 26-VPN-IN rule 44 action 'accept' | |
set firewall name 26-VPN-IN rule 44 description 'Allow from 26 RESSOURCES' | |
set firewall name 26-VPN-IN rule 44 source address '10.135.26.0/25' | |
set firewall name 26-VPN-IN rule 45 action 'accept' | |
set firewall name 26-VPN-IN rule 45 description 'Allow from 26 PERSONNELS' | |
set firewall name 26-VPN-IN rule 45 source address '10.35.26.0/24' | |
set firewall name 26-VPN-IN rule 46 action 'accept' | |
set firewall name 26-VPN-IN rule 46 description 'Allow from 26 DMZ-SERVICES' | |
set firewall name 26-VPN-IN rule 46 source address '10.135.26.192/26' | |
set firewall name 49-VPN-IN default-action 'drop' | |
set firewall name 49-VPN-IN rule 10 action 'accept' | |
set firewall name 49-VPN-IN rule 10 state established 'enable' | |
set firewall name 49-VPN-IN rule 10 state related 'enable' | |
set firewall name 49-VPN-IN rule 20 action 'accept' | |
set firewall name 49-VPN-IN rule 20 description 'Allow from CSM' | |
set firewall name 49-VPN-IN rule 20 source address '172.22.254.0/24' | |
set firewall name 49-VPN-IN rule 30 action 'accept' | |
set firewall name 49-VPN-IN rule 30 description 'Allow from VPNSSL-CSM' | |
set firewall name 49-VPN-IN rule 30 source address '192.168.239.0/24' | |
set firewall name 49-VPN-IN rule 40 action 'accept' | |
set firewall name 49-VPN-IN rule 40 description 'Allow from 49 ELEVES' | |
set firewall name 49-VPN-IN rule 40 source address '172.21.240.0/22' | |
set firewall name 49-VPN-IN rule 41 action 'accept' | |
set firewall name 49-VPN-IN rule 41 description 'Allow from 49 MANAGEMENT' | |
set firewall name 49-VPN-IN rule 41 source address '172.21.247.0/24' | |
set firewall name 49-VPN-IN rule 42 action 'accept' | |
set firewall name 49-VPN-IN rule 42 description 'Allow from 49 TECHNIQUE' | |
set firewall name 49-VPN-IN rule 42 source address '100.123.100.0/24' | |
set firewall name 49-VPN-IN rule 43 action 'accept' | |
set firewall name 49-VPN-IN rule 43 description 'Allow from 49 BYOD' | |
set firewall name 49-VPN-IN rule 43 source address '100.123.96.0/22' | |
set firewall name 49-VPN-IN rule 44 action 'accept' | |
set firewall name 49-VPN-IN rule 44 description 'Allow from 49 RESSOURCES' | |
set firewall name 49-VPN-IN rule 44 source address '10.135.49.0/25' | |
set firewall name 49-VPN-IN rule 45 action 'accept' | |
set firewall name 49-VPN-IN rule 45 description 'Allow from 49 PERSONNELS' | |
set firewall name 49-VPN-IN rule 45 source address '10.35.49.0/24' | |
set firewall name 49-VPN-IN rule 46 action 'accept' | |
set firewall name 49-VPN-IN rule 46 description 'Allow from 49 DMZ-SERVICES' | |
set firewall name 49-VPN-IN rule 46 source address '10.135.49.192/26' | |
set firewall name 92-VPN-IN default-action 'drop' | |
set firewall name 92-VPN-IN rule 10 action 'accept' | |
set firewall name 92-VPN-IN rule 10 state established 'enable' | |
set firewall name 92-VPN-IN rule 10 state related 'enable' | |
set firewall name 92-VPN-IN rule 20 action 'accept' | |
set firewall name 92-VPN-IN rule 20 description 'Allow from CSM' | |
set firewall name 92-VPN-IN rule 20 source address '172.22.254.0/24' | |
set firewall name 92-VPN-IN rule 30 action 'accept' | |
set firewall name 92-VPN-IN rule 30 description 'Allow from VPNSSL-CSM' | |
set firewall name 92-VPN-IN rule 30 source address '192.168.239.0/24' | |
set firewall name 92-VPN-IN rule 40 action 'accept' | |
set firewall name 92-VPN-IN rule 40 description 'Allow from 92 ELEVES' | |
set firewall name 92-VPN-IN rule 40 source address '172.22.144.0/23' | |
set firewall name 92-VPN-IN rule 41 action 'accept' | |
set firewall name 92-VPN-IN rule 41 description 'Allow from 92 MANAGEMENT' | |
set firewall name 92-VPN-IN rule 41 source address '172.22.147.128/25' | |
set firewall name 92-VPN-IN rule 42 action 'accept' | |
set firewall name 92-VPN-IN rule 42 description 'Allow from 92 TECHNIQUE' | |
set firewall name 92-VPN-IN rule 42 source address '100.124.130.0/24' | |
set firewall name 92-VPN-IN rule 43 action 'accept' | |
set firewall name 92-VPN-IN rule 43 description 'Allow from 92 BYOD' | |
set firewall name 92-VPN-IN rule 43 source address '100.124.128.0/23' | |
set firewall name 92-VPN-IN rule 44 action 'accept' | |
set firewall name 92-VPN-IN rule 44 description 'Allow from 92 RESSOURCES' | |
set firewall name 92-VPN-IN rule 44 source address '10.135.92.0/25' | |
set firewall name 92-VPN-IN rule 45 action 'accept' | |
set firewall name 92-VPN-IN rule 45 description 'Allow from 92 PERSONNELS' | |
set firewall name 92-VPN-IN rule 45 source address '10.35.92.0/24' | |
set firewall name 92-VPN-IN rule 46 action 'accept' | |
set firewall name 92-VPN-IN rule 46 description 'Allow from 92 DMZ-SERVICES' | |
set firewall name 92-VPN-IN rule 46 source address '10.135.92.192/26' | |
set firewall name OUTSIDE-IN default-action 'drop' | |
set firewall name OUTSIDE-IN rule 10 action 'accept' | |
set firewall name OUTSIDE-IN rule 10 state established 'enable' | |
set firewall name OUTSIDE-IN rule 10 state related 'enable' | |
set firewall name OUTSIDE-IN rule 20 action 'accept' | |
set firewall name OUTSIDE-IN rule 20 description 'Allow all to Chalais' | |
set firewall name OUTSIDE-IN rule 20 destination address '10.200.200.4' | |
set firewall name OUTSIDE-IN rule 21 action 'accept' | |
set firewall name OUTSIDE-IN rule 21 description 'Allow all from Chalais' | |
set firewall name OUTSIDE-IN rule 21 source address '185.150.252.48' | |
set firewall name OUTSIDE-IN rule 22 action 'accept' | |
set firewall name OUTSIDE-IN rule 22 description 'Allow all from Chalais' | |
set firewall name OUTSIDE-IN rule 22 source address '10.200.200.4' | |
set firewall name OUTSIDE-IN rule 23 action 'accept' | |
set firewall name OUTSIDE-IN rule 23 description 'Allow all from VEP Chalais' | |
set firewall name OUTSIDE-IN rule 23 source address '10.200.200.3' | |
set firewall name OUTSIDE-IN rule 30 action 'accept' | |
set firewall name OUTSIDE-IN rule 30 description 'Allow access from CSM' | |
set firewall name OUTSIDE-IN rule 30 source address '172.22.254.0/24' | |
set firewall name OUTSIDE-IN rule 40 action 'accept' | |
set firewall name OUTSIDE-IN rule 40 description 'Allow all to Jean Moulin' | |
set firewall name OUTSIDE-IN rule 40 destination address '10.200.200.14' | |
set firewall name OUTSIDE-IN rule 41 action 'accept' | |
set firewall name OUTSIDE-IN rule 41 description 'Allow all from Jean Moulin' | |
set firewall name OUTSIDE-IN rule 41 source address '185.150.252.54' | |
set firewall name OUTSIDE-IN rule 42 action 'accept' | |
set firewall name OUTSIDE-IN rule 42 description 'Allow all from Jean Moulin' | |
set firewall name OUTSIDE-IN rule 42 source address '10.200.200.14' | |
set firewall name OUTSIDE-IN rule 43 action 'accept' | |
set firewall name OUTSIDE-IN rule 43 description 'Allow all from VEP Jean Moulin' | |
set firewall name OUTSIDE-IN rule 43 source address '10.200.200.13' | |
set firewall name OUTSIDE-LOCAL default-action 'drop' | |
set firewall name OUTSIDE-LOCAL rule 10 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 10 state established 'enable' | |
set firewall name OUTSIDE-LOCAL rule 10 state related 'enable' | |
set firewall name OUTSIDE-LOCAL rule 20 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request' | |
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp' | |
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable' | |
set firewall name OUTSIDE-LOCAL rule 30 action 'drop' | |
set firewall name OUTSIDE-LOCAL rule 30 destination port '22' | |
set firewall name OUTSIDE-LOCAL rule 30 protocol 'tcp' | |
set firewall name OUTSIDE-LOCAL rule 30 recent count '4' | |
set firewall name OUTSIDE-LOCAL rule 30 recent time '60' | |
set firewall name OUTSIDE-LOCAL rule 30 source | |
set firewall name OUTSIDE-LOCAL rule 30 state new 'enable' | |
set firewall name OUTSIDE-LOCAL rule 31 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 31 description 'Allow SNMP from CO35-SUP01' | |
set firewall name OUTSIDE-LOCAL rule 31 destination port '161' | |
set firewall name OUTSIDE-LOCAL rule 31 protocol 'udp' | |
set firewall name OUTSIDE-LOCAL rule 31 source address '172.22.254.8' | |
set firewall name OUTSIDE-LOCAL rule 32 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 32 destination port '22' | |
set firewall name OUTSIDE-LOCAL rule 32 protocol 'tcp' | |
set firewall name OUTSIDE-LOCAL rule 32 source address '172.22.254.0/24' | |
set firewall name OUTSIDE-LOCAL rule 32 state new 'enable' | |
set firewall name OUTSIDE-LOCAL rule 40 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 40 protocol 'esp' | |
set firewall name OUTSIDE-LOCAL rule 41 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 41 destination port '500' | |
set firewall name OUTSIDE-LOCAL rule 41 protocol 'udp' | |
set firewall name OUTSIDE-LOCAL rule 42 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 42 destination port '4500' | |
set firewall name OUTSIDE-LOCAL rule 42 protocol 'udp' | |
set firewall name OUTSIDE-LOCAL rule 43 action 'accept' | |
set firewall name OUTSIDE-LOCAL rule 43 destination port '1701' | |
set firewall name OUTSIDE-LOCAL rule 43 ipsec match-ipsec | |
set firewall name OUTSIDE-LOCAL rule 43 protocol 'udp' | |
set firewall name VIRT-VPN-IN default-action 'drop' | |
set firewall name VIRT-VPN-IN rule 10 action 'accept' | |
set firewall name VIRT-VPN-IN rule 10 state established 'enable' | |
set firewall name VIRT-VPN-IN rule 10 state related 'enable' | |
set firewall name VIRT-VPN-IN rule 20 action 'accept' | |
set firewall name VIRT-VPN-IN rule 20 description 'Allow from CSM' | |
set firewall name VIRT-VPN-IN rule 20 source address '172.22.254.0/24' | |
set firewall name VIRT-VPN-IN rule 30 action 'accept' | |
set firewall name VIRT-VPN-IN rule 30 description 'Allow from VPNSSL-CSM' | |
set firewall name VIRT-VPN-IN rule 30 source address '192.168.239.0/24' | |
set firewall name VIRT-VPN-IN rule 40 action 'accept' | |
set firewall name VIRT-VPN-IN rule 40 description 'Allow from VIRT PEDA' | |
set firewall name VIRT-VPN-IN rule 40 source address '10.1.200.0/24' | |
set firewall name VIRT-VPN-IN rule 41 action 'accept' | |
set firewall name VIRT-VPN-IN rule 41 description 'Allow from VIRT MANA' | |
set firewall name VIRT-VPN-IN rule 41 source address '10.1.255.0/24' | |
set firewall name VIRT-VPN-IN rule 42 action 'accept' | |
set firewall name VIRT-VPN-IN rule 42 description 'Allow from VIRT TECH' | |
set firewall name VIRT-VPN-IN rule 42 source address '10.1.125.0/24' | |
set firewall name VIRT-VPN-IN rule 43 action 'accept' | |
set firewall name VIRT-VPN-IN rule 43 description 'Allow from VIRT BYOD' | |
set firewall name VIRT-VPN-IN rule 43 source address '10.1.156.0/24' | |
set firewall receive-redirects 'disable' | |
set firewall send-redirects 'enable' | |
set firewall source-validation 'disable' | |
set firewall syn-cookies 'enable' | |
set firewall twa-hazards-protection 'disable' | |
set interfaces ethernet eth1 address '172.31.20.30/24' | |
set interfaces ethernet eth1 address '185.150.252.52/32' | |
set interfaces ethernet eth1 description 'SIB-intercoFW' | |
set interfaces ethernet eth1 duplex 'auto' | |
set interfaces ethernet eth1 firewall in name 'OUTSIDE-IN' | |
set interfaces ethernet eth1 firewall local name 'OUTSIDE-LOCAL' | |
set interfaces ethernet eth1 hw-id '00:50:56:90:51:48' | |
set interfaces ethernet eth1 policy route 'POLICY' | |
set interfaces ethernet eth1 smp-affinity 'auto' | |
set interfaces ethernet eth1 speed 'auto' | |
set interfaces loopback lo | |
set interfaces vti vti0 address '10.135.39.158/29' | |
set interfaces vti vti0 description 'CHALAIS - INTERCO-FIREWALL' | |
set interfaces vti vti0 mtu '1400' | |
set interfaces vti vti1 address '10.1.0.2/30' | |
set interfaces vti vti1 description 'VIRT - INTERCO-FIREWALL' | |
set interfaces vti vti1 firewall in name 'VIRT-VPN-IN' | |
set interfaces vti vti1 mtu '1400' | |
set interfaces vti vti2 address '10.135.92.158/29' | |
set interfaces vti vti2 description 'JEAN MOULIN - INTERCO-FIREWALL' | |
set interfaces vti vti2 firewall in name '92-VPN-IN' | |
set interfaces vti vti2 mtu '1400' | |
set interfaces vti vti3 address '10.135.7.158/29' | |
set interfaces vti vti3 description 'FRANCOIS BRUNE - INTERCO-FIREWALL' | |
set interfaces vti vti3 firewall in name '7-VPN-IN' | |
set interfaces vti vti3 mtu '1400' | |
set interfaces vti vti4 address '10.135.26.158/29' | |
set interfaces vti vti4 description 'PIERRE PERRIN - INTERCO-FIREWALL' | |
set interfaces vti vti4 firewall in name '26-VPN-IN' | |
set interfaces vti vti4 mtu '1400' | |
set interfaces vti vti5 address '10.135.49.158/29' | |
set interfaces vti vti5 description 'DUGUAY TROUIN - INTERCO-FIREWALL' | |
set interfaces vti vti5 firewall in name '49-VPN-IN' | |
set interfaces vti vti5 mtu '1400' | |
set nat destination rule 20 description 'Chalais - IP publique' | |
set nat destination rule 20 destination address '185.150.252.48' | |
set nat destination rule 20 inbound-interface 'eth1' | |
set nat destination rule 20 translation address '10.200.200.4' | |
set nat destination rule 21 description 'Jean Moulin - IP publique' | |
set nat destination rule 21 destination address '185.150.252.54' | |
set nat destination rule 21 inbound-interface 'eth1' | |
set nat destination rule 21 translation address '10.200.200.14' | |
set nat source rule 10 destination address '10.0.0.0/8' | |
set nat source rule 10 exclude | |
set nat source rule 10 outbound-interface 'eth1' | |
set nat source rule 11 destination address '172.16.0.0/12' | |
set nat source rule 11 exclude | |
set nat source rule 11 outbound-interface 'eth1' | |
set nat source rule 12 destination address '192.168.0.0/16' | |
set nat source rule 12 exclude | |
set nat source rule 12 outbound-interface 'eth1' | |
set nat source rule 20 description 'Chalais - IP publique' | |
set nat source rule 20 outbound-interface 'eth1' | |
set nat source rule 20 source address '10.200.200.4' | |
set nat source rule 20 translation address '185.150.252.48' | |
set nat source rule 21 description 'Jean Moulin - IP publique' | |
set nat source rule 21 outbound-interface 'eth1' | |
set nat source rule 21 source address '10.200.200.14' | |
set nat source rule 21 translation address '185.150.252.54' | |
set nat source rule 9999 description 'Default masquerade' | |
set nat source rule 9999 outbound-interface 'eth1' | |
set nat source rule 9999 translation address '185.150.252.52' | |
set policy route POLICY rule 97 destination address '192.168.0.0/16' | |
set policy route POLICY rule 97 protocol 'tcp' | |
set policy route POLICY rule 97 set tcp-mss '1360' | |
set policy route POLICY rule 97 tcp flags 'SYN' | |
set policy route POLICY rule 98 destination address '172.16.0.0/12' | |
set policy route POLICY rule 98 protocol 'tcp' | |
set policy route POLICY rule 98 set tcp-mss '1360' | |
set policy route POLICY rule 98 tcp flags 'SYN' | |
set policy route POLICY rule 99 destination address '10.0.0.0/8' | |
set policy route POLICY rule 99 protocol 'tcp' | |
set policy route POLICY rule 99 set tcp-mss '1360' | |
set policy route POLICY rule 99 tcp flags 'SYN' | |
set protocols static route 0.0.0.0/0 next-hop 172.31.20.1 | |
set protocols static route 10.1.125.0/24 next-hop 10.1.0.1 | |
set protocols static route 10.1.156.0/24 next-hop 10.1.0.1 | |
set protocols static route 10.1.200.0/24 next-hop 10.1.0.1 | |
set protocols static route 10.1.255.0/24 next-hop 10.1.0.1 | |
set protocols static route 10.35.7.0/24 next-hop 10.135.7.153 | |
set protocols static route 10.35.26.0/24 next-hop 10.135.26.153 | |
set protocols static route 10.35.39.0/24 next-hop 10.135.39.153 | |
set protocols static route 10.35.49.0/24 next-hop 10.135.49.153 | |
set protocols static route 10.35.92.0/24 next-hop 10.135.92.153 | |
set protocols static route 10.135.7.0/25 next-hop 10.135.7.153 | |
set protocols static route 10.135.7.192/26 next-hop 10.135.7.153 | |
set protocols static route 10.135.26.0/25 next-hop 10.135.26.153 | |
set protocols static route 10.135.26.192/26 next-hop 10.135.26.153 | |
set protocols static route 10.135.39.0/25 next-hop 10.135.39.153 | |
set protocols static route 10.135.39.192/26 next-hop 10.135.39.153 | |
set protocols static route 10.135.49.0/25 next-hop 10.135.49.153 | |
set protocols static route 10.135.49.192/26 next-hop 10.135.49.153 | |
set protocols static route 10.135.92.0/25 next-hop 10.135.92.153 | |
set protocols static route 10.135.92.192/26 next-hop 10.135.92.153 | |
set protocols static route 10.200.200.0/24 next-hop 172.31.20.29 | |
set protocols static route 100.123.96.0/22 next-hop 10.135.49.153 | |
set protocols static route 100.123.100.0/24 next-hop 10.135.49.153 | |
set protocols static route 100.124.104.0/24 next-hop 10.135.39.153 | |
set protocols static route 100.124.105.0/24 next-hop 10.135.39.153 | |
set protocols static route 100.124.128.0/23 next-hop 10.135.92.153 | |
set protocols static route 100.124.130.0/24 next-hop 10.135.92.153 | |
set protocols static route 100.124.168.0/23 next-hop 10.135.26.153 | |
set protocols static route 100.124.170.0/24 next-hop 10.135.26.153 | |
set protocols static route 100.124.176.0/23 next-hop 10.135.7.153 | |
set protocols static route 100.124.178.0/24 next-hop 10.135.7.153 | |
set protocols static route 172.21.240.0/22 next-hop 10.135.49.153 | |
set protocols static route 172.21.247.0/24 next-hop 10.135.49.153 | |
set protocols static route 172.22.132.0/24 next-hop 10.135.39.153 | |
set protocols static route 172.22.135.128/25 next-hop 10.135.39.153 | |
set protocols static route 172.22.144.0/23 next-hop 10.135.92.153 | |
set protocols static route 172.22.147.128/25 next-hop 10.135.92.153 | |
set protocols static route 172.22.164.0/23 next-hop 10.135.26.153 | |
set protocols static route 172.22.167.128/25 next-hop 10.135.26.153 | |
set protocols static route 172.22.168.0/23 next-hop 10.135.7.153 | |
set protocols static route 172.22.171.128/25 next-hop 10.135.7.153 | |
set protocols static route 172.22.254.0/24 next-hop 172.31.20.28 | |
set protocols static route 192.168.239.0/24 next-hop 172.31.20.28 | |
set service snmp community public authorization 'ro' | |
set service snmp community public client '172.22.254.8' | |
set service snmp contact '[email protected]' | |
set service snmp location 'FR, Rennes' | |
set service snmp trap-target 172.22.254.8 | |
set service ssh port '22' | |
set system config-management commit-revisions '100' | |
set system console device ttyS0 speed '9600' | |
set system host-name 'CO35-VPN01' | |
set system login user sib-admin authentication encrypted-password '$6$OQxr7nfqoGHX$PZ7WqcJ8bBpVZN6fJvCXUzpt1luYg.Qw7cBWCaKE4SzuGMgfb9JUHylIld.TrUjw5G3Mn5Yg50AxGKcp3kKCf.' | |
set system login user sib-admin authentication plaintext-password '' | |
set system login user sib-admin full-name 'SIB admin' | |
set system login user sib-admin level 'admin' | |
set system login user vyos authentication encrypted-password '$6$k.oRXiZdv7MD1OEd$LescC51FZLPpIoMsDFfTVK6cax84WXp/XDMuYXctYRG5fgQip7bpTBsz90ZtZbtKAomCCOdGzAULoLmjxoXww1' | |
set system login user vyos authentication plaintext-password '' | |
set system login user vyos level 'admin' | |
set system name-server '1.1.1.1' | |
set system ntp server 0.pool.ntp.org | |
set system ntp server 1.pool.ntp.org | |
set system ntp server 2.pool.ntp.org | |
set system syslog global facility all level 'notice' | |
set system syslog global facility protocols level 'debug' | |
set system syslog host 172.22.254.12 facility all level 'all' | |
set system syslog host 172.22.254.12:5514 facility all level 'all' | |
set system time-zone 'Europe/Paris' | |
set vpn ipsec esp-group CSM-esp compression 'disable' | |
set vpn ipsec esp-group CSM-esp lifetime '28800' | |
set vpn ipsec esp-group CSM-esp mode 'tunnel' | |
set vpn ipsec esp-group CSM-esp pfs 'enable' | |
set vpn ipsec esp-group CSM-esp proposal 1 encryption 'aes256' | |
set vpn ipsec esp-group CSM-esp proposal 1 hash 'sha1' | |
set vpn ipsec ike-group CSM-ike dead-peer-detection action 'clear' | |
set vpn ipsec ike-group CSM-ike dead-peer-detection interval '30' | |
set vpn ipsec ike-group CSM-ike dead-peer-detection timeout '90' | |
set vpn ipsec ike-group CSM-ike ikev2-reauth 'no' | |
set vpn ipsec ike-group CSM-ike key-exchange 'ikev1' | |
set vpn ipsec ike-group CSM-ike lifetime '3600' | |
set vpn ipsec ike-group CSM-ike proposal 1 dh-group '14' | |
set vpn ipsec ike-group CSM-ike proposal 1 encryption 'aes256' | |
set vpn ipsec ike-group CSM-ike proposal 1 hash 'sha1' | |
set vpn ipsec ipsec-interfaces interface 'eth1' | |
set vpn ipsec nat-traversal 'enable' | |
set vpn ipsec site-to-site peer 10.200.200.4 authentication mode 'pre-shared-secret' | |
set vpn ipsec site-to-site peer 10.200.200.4 authentication pre-shared-secret '########' | |
set vpn ipsec site-to-site peer 10.200.200.4 connection-type 'initiate' | |
set vpn ipsec site-to-site peer 10.200.200.4 ike-group 'CSM-ike' | |
set vpn ipsec site-to-site peer 10.200.200.4 ikev2-reauth 'inherit' | |
set vpn ipsec site-to-site peer 10.200.200.4 local-address '172.31.20.30' | |
set vpn ipsec site-to-site peer 10.200.200.4 vti bind 'vti0' | |
set vpn ipsec site-to-site peer 10.200.200.4 vti esp-group 'CSM-esp' | |
set vpn ipsec site-to-site peer 10.200.200.14 authentication mode 'pre-shared-secret' | |
set vpn ipsec site-to-site peer 10.200.200.14 authentication pre-shared-secret '#####' | |
set vpn ipsec site-to-site peer 10.200.200.14 connection-type 'initiate' | |
set vpn ipsec site-to-site peer 10.200.200.14 ike-group 'CSM-ike' | |
set vpn ipsec site-to-site peer 10.200.200.14 ikev2-reauth 'inherit' | |
set vpn ipsec site-to-site peer 10.200.200.14 local-address '172.31.20.30' | |
set vpn ipsec site-to-site peer 10.200.200.14 vti bind 'vti2' | |
set vpn ipsec site-to-site peer 10.200.200.14 vti esp-group 'CSM-esp' | |
set vpn ipsec site-to-site peer 83.118.212.214 authentication mode 'pre-shared-secret' | |
set vpn ipsec site-to-site peer 83.118.212.214 authentication pre-shared-secret '######' | |
set vpn ipsec site-to-site peer 83.118.212.214 connection-type 'initiate' | |
set vpn ipsec site-to-site peer 83.118.212.214 ike-group 'CSM-ike' | |
set vpn ipsec site-to-site peer 83.118.212.214 ikev2-reauth 'inherit' | |
set vpn ipsec site-to-site peer 83.118.212.214 local-address '185.150.252.52' | |
set vpn ipsec site-to-site peer 83.118.212.214 vti bind 'vti5' | |
set vpn ipsec site-to-site peer 83.118.212.214 vti esp-group 'CSM-esp' | |
set vpn ipsec site-to-site peer 83.118.213.78 authentication mode 'pre-shared-secret' | |
set vpn ipsec site-to-site peer 83.118.213.78 authentication pre-shared-secret '####' | |
set vpn ipsec site-to-site peer 83.118.213.78 connection-type 'initiate' | |
set vpn ipsec site-to-site peer 83.118.213.78 ike-group 'CSM-ike' | |
set vpn ipsec site-to-site peer 83.118.213.78 ikev2-reauth 'inherit' | |
set vpn ipsec site-to-site peer 83.118.213.78 local-address '185.150.252.52' | |
set vpn ipsec site-to-site peer 83.118.213.78 vti bind 'vti3' | |
set vpn ipsec site-to-site peer 83.118.213.78 vti esp-group 'CSM-esp' | |
set vpn ipsec site-to-site peer 83.118.213.126 authentication mode 'pre-shared-secret' | |
set vpn ipsec site-to-site peer 83.118.213.126 authentication pre-shared-secret '######' | |
set vpn ipsec site-to-site peer 83.118.213.126 connection-type 'initiate' | |
set vpn ipsec site-to-site peer 83.118.213.126 ike-group 'CSM-ike' | |
set vpn ipsec site-to-site peer 83.118.213.126 ikev2-reauth 'inherit' | |
set vpn ipsec site-to-site peer 83.118.213.126 local-address '185.150.252.52' | |
set vpn ipsec site-to-site peer 83.118.213.126 vti bind 'vti4' | |
set vpn ipsec site-to-site peer 83.118.213.126 vti esp-group 'CSM-esp' | |
set vpn ipsec site-to-site peer 172.31.20.26 authentication mode 'pre-shared-secret' | |
set vpn ipsec site-to-site peer 172.31.20.26 authentication pre-shared-secret '######' | |
set vpn ipsec site-to-site peer 172.31.20.26 connection-type 'initiate' | |
set vpn ipsec site-to-site peer 172.31.20.26 ike-group 'CSM-ike' | |
set vpn ipsec site-to-site peer 172.31.20.26 ikev2-reauth 'inherit' | |
set vpn ipsec site-to-site peer 172.31.20.26 local-address '172.31.20.30' | |
set vpn ipsec site-to-site peer 172.31.20.26 vti bind 'vti1' | |
set vpn ipsec site-to-site peer 172.31.20.26 vti esp-group 'CSM-esp' |
File Metadata
File Metadata
- Mime Type
- text/plain
- Storage Engine
- local-disk
- Storage Format
- Raw Data
- Storage Handle
- 79/5a/508fa7dd45d111ec329e794c18d4
- Default Alt Text
- DV_vpn.conf (26 KB)