set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall ip-src-route 'disable'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall log-martians 'enable'
set firewall name 7-VPN-IN default-action 'drop'
set firewall name 7-VPN-IN rule 10 action 'accept'
set firewall name 7-VPN-IN rule 10 state established 'enable'
set firewall name 7-VPN-IN rule 10 state related 'enable'
set firewall name 7-VPN-IN rule 20 action 'accept'
set firewall name 7-VPN-IN rule 20 description 'Allow from CSM'
set firewall name 7-VPN-IN rule 20 source address '172.22.254.0/24'
set firewall name 7-VPN-IN rule 30 action 'accept'
set firewall name 7-VPN-IN rule 30 description 'Allow from VPNSSL-CSM'
set firewall name 7-VPN-IN rule 30 source address '192.168.239.0/24'
set firewall name 7-VPN-IN rule 40 action 'accept'
set firewall name 7-VPN-IN rule 40 description 'Allow from 7 ELEVES'
set firewall name 7-VPN-IN rule 40 source address '172.22.168.0/23'
set firewall name 7-VPN-IN rule 41 action 'accept'
set firewall name 7-VPN-IN rule 41 description 'Allow from 7 MANAGEMENT'
set firewall name 7-VPN-IN rule 41 source address '172.22.171.128/25'
set firewall name 7-VPN-IN rule 42 action 'accept'
set firewall name 7-VPN-IN rule 42 description 'Allow from 7 TECHNIQUE'
set firewall name 7-VPN-IN rule 42 source address '100.124.178.0/24'
set firewall name 7-VPN-IN rule 43 action 'accept'
set firewall name 7-VPN-IN rule 43 description 'Allow from 7 BYOD'
set firewall name 7-VPN-IN rule 43 source address '100.124.176.0/23'
set firewall name 7-VPN-IN rule 44 action 'accept'
set firewall name 7-VPN-IN rule 44 description 'Allow from 7 RESSOURCES'
set firewall name 7-VPN-IN rule 44 source address '10.135.7.0/25'
set firewall name 7-VPN-IN rule 45 action 'accept'
set firewall name 7-VPN-IN rule 45 description 'Allow from 7 PERSONNELS'
set firewall name 7-VPN-IN rule 45 source address '10.35.7.0/24'
set firewall name 7-VPN-IN rule 46 action 'accept'
set firewall name 7-VPN-IN rule 46 description 'Allow from 7 DMZ-SERVICES'
set firewall name 7-VPN-IN rule 46 source address '10.135.7.192/26'
set firewall name 26-VPN-IN default-action 'drop'
set firewall name 26-VPN-IN rule 10 action 'accept'
set firewall name 26-VPN-IN rule 10 state established 'enable'
set firewall name 26-VPN-IN rule 10 state related 'enable'
set firewall name 26-VPN-IN rule 20 action 'accept'
set firewall name 26-VPN-IN rule 20 description 'Allow from CSM'
set firewall name 26-VPN-IN rule 20 source address '172.22.254.0/24'
set firewall name 26-VPN-IN rule 30 action 'accept'
set firewall name 26-VPN-IN rule 30 description 'Allow from VPNSSL-CSM'
set firewall name 26-VPN-IN rule 30 source address '192.168.239.0/24'
set firewall name 26-VPN-IN rule 40 action 'accept'
set firewall name 26-VPN-IN rule 40 description 'Allow from 26 ELEVES'
set firewall name 26-VPN-IN rule 40 source address '172.22.164.0/23'
set firewall name 26-VPN-IN rule 41 action 'accept'
set firewall name 26-VPN-IN rule 41 description 'Allow from 26 MANAGEMENT'
set firewall name 26-VPN-IN rule 41 source address '172.22.167.128/25'
set firewall name 26-VPN-IN rule 42 action 'accept'
set firewall name 26-VPN-IN rule 42 description 'Allow from 26 TECHNIQUE'
set firewall name 26-VPN-IN rule 42 source address '100.124.170.0/24'
set firewall name 26-VPN-IN rule 43 action 'accept'
set firewall name 26-VPN-IN rule 43 description 'Allow from 26 BYOD'
set firewall name 26-VPN-IN rule 43 source address '100.124.168.0/23'
set firewall name 26-VPN-IN rule 44 action 'accept'
set firewall name 26-VPN-IN rule 44 description 'Allow from 26 RESSOURCES'
set firewall name 26-VPN-IN rule 44 source address '10.135.26.0/25'
set firewall name 26-VPN-IN rule 45 action 'accept'
set firewall name 26-VPN-IN rule 45 description 'Allow from 26 PERSONNELS'
set firewall name 26-VPN-IN rule 45 source address '10.35.26.0/24'
set firewall name 26-VPN-IN rule 46 action 'accept'
set firewall name 26-VPN-IN rule 46 description 'Allow from 26 DMZ-SERVICES'
set firewall name 26-VPN-IN rule 46 source address '10.135.26.192/26'
set firewall name 49-VPN-IN default-action 'drop'
set firewall name 49-VPN-IN rule 10 action 'accept'
set firewall name 49-VPN-IN rule 10 state established 'enable'
set firewall name 49-VPN-IN rule 10 state related 'enable'
set firewall name 49-VPN-IN rule 20 action 'accept'
set firewall name 49-VPN-IN rule 20 description 'Allow from CSM'
set firewall name 49-VPN-IN rule 20 source address '172.22.254.0/24'
set firewall name 49-VPN-IN rule 30 action 'accept'
set firewall name 49-VPN-IN rule 30 description 'Allow from VPNSSL-CSM'
set firewall name 49-VPN-IN rule 30 source address '192.168.239.0/24'
set firewall name 49-VPN-IN rule 40 action 'accept'
set firewall name 49-VPN-IN rule 40 description 'Allow from 49 ELEVES'
set firewall name 49-VPN-IN rule 40 source address '172.21.240.0/22'
set firewall name 49-VPN-IN rule 41 action 'accept'
set firewall name 49-VPN-IN rule 41 description 'Allow from 49 MANAGEMENT'
set firewall name 49-VPN-IN rule 41 source address '172.21.247.0/24'
set firewall name 49-VPN-IN rule 42 action 'accept'
set firewall name 49-VPN-IN rule 42 description 'Allow from 49 TECHNIQUE'
set firewall name 49-VPN-IN rule 42 source address '100.123.100.0/24'
set firewall name 49-VPN-IN rule 43 action 'accept'
set firewall name 49-VPN-IN rule 43 description 'Allow from 49 BYOD'
set firewall name 49-VPN-IN rule 43 source address '100.123.96.0/22'
set firewall name 49-VPN-IN rule 44 action 'accept'
set firewall name 49-VPN-IN rule 44 description 'Allow from 49 RESSOURCES'
set firewall name 49-VPN-IN rule 44 source address '10.135.49.0/25'
set firewall name 49-VPN-IN rule 45 action 'accept'
set firewall name 49-VPN-IN rule 45 description 'Allow from 49 PERSONNELS'
set firewall name 49-VPN-IN rule 45 source address '10.35.49.0/24'
set firewall name 49-VPN-IN rule 46 action 'accept'
set firewall name 49-VPN-IN rule 46 description 'Allow from 49 DMZ-SERVICES'
set firewall name 49-VPN-IN rule 46 source address '10.135.49.192/26'
set firewall name 92-VPN-IN default-action 'drop'
set firewall name 92-VPN-IN rule 10 action 'accept'
set firewall name 92-VPN-IN rule 10 state established 'enable'
set firewall name 92-VPN-IN rule 10 state related 'enable'
set firewall name 92-VPN-IN rule 20 action 'accept'
set firewall name 92-VPN-IN rule 20 description 'Allow from CSM'
set firewall name 92-VPN-IN rule 20 source address '172.22.254.0/24'
set firewall name 92-VPN-IN rule 30 action 'accept'
set firewall name 92-VPN-IN rule 30 description 'Allow from VPNSSL-CSM'
set firewall name 92-VPN-IN rule 30 source address '192.168.239.0/24'
set firewall name 92-VPN-IN rule 40 action 'accept'
set firewall name 92-VPN-IN rule 40 description 'Allow from 92 ELEVES'
set firewall name 92-VPN-IN rule 40 source address '172.22.144.0/23'
set firewall name 92-VPN-IN rule 41 action 'accept'
set firewall name 92-VPN-IN rule 41 description 'Allow from 92 MANAGEMENT'
set firewall name 92-VPN-IN rule 41 source address '172.22.147.128/25'
set firewall name 92-VPN-IN rule 42 action 'accept'
set firewall name 92-VPN-IN rule 42 description 'Allow from 92 TECHNIQUE'
set firewall name 92-VPN-IN rule 42 source address '100.124.130.0/24'
set firewall name 92-VPN-IN rule 43 action 'accept'
set firewall name 92-VPN-IN rule 43 description 'Allow from 92 BYOD'
set firewall name 92-VPN-IN rule 43 source address '100.124.128.0/23'
set firewall name 92-VPN-IN rule 44 action 'accept'
set firewall name 92-VPN-IN rule 44 description 'Allow from 92 RESSOURCES'
set firewall name 92-VPN-IN rule 44 source address '10.135.92.0/25'
set firewall name 92-VPN-IN rule 45 action 'accept'
set firewall name 92-VPN-IN rule 45 description 'Allow from 92 PERSONNELS'
set firewall name 92-VPN-IN rule 45 source address '10.35.92.0/24'
set firewall name 92-VPN-IN rule 46 action 'accept'
set firewall name 92-VPN-IN rule 46 description 'Allow from 92 DMZ-SERVICES'
set firewall name 92-VPN-IN rule 46 source address '10.135.92.192/26'
set firewall name OUTSIDE-IN default-action 'drop'
set firewall name OUTSIDE-IN rule 10 action 'accept'
set firewall name OUTSIDE-IN rule 10 state established 'enable'
set firewall name OUTSIDE-IN rule 10 state related 'enable'
set firewall name OUTSIDE-IN rule 20 action 'accept'
set firewall name OUTSIDE-IN rule 20 description 'Allow all to Chalais'
set firewall name OUTSIDE-IN rule 20 destination address '10.200.200.4'
set firewall name OUTSIDE-IN rule 21 action 'accept'
set firewall name OUTSIDE-IN rule 21 description 'Allow all from Chalais'
set firewall name OUTSIDE-IN rule 21 source address '185.150.252.48'
set firewall name OUTSIDE-IN rule 22 action 'accept'
set firewall name OUTSIDE-IN rule 22 description 'Allow all from Chalais'
set firewall name OUTSIDE-IN rule 22 source address '10.200.200.4'
set firewall name OUTSIDE-IN rule 23 action 'accept'
set firewall name OUTSIDE-IN rule 23 description 'Allow all from VEP Chalais'
set firewall name OUTSIDE-IN rule 23 source address '10.200.200.3'
set firewall name OUTSIDE-IN rule 30 action 'accept'
set firewall name OUTSIDE-IN rule 30 description 'Allow access from CSM'
set firewall name OUTSIDE-IN rule 30 source address '172.22.254.0/24'
set firewall name OUTSIDE-IN rule 40 action 'accept'
set firewall name OUTSIDE-IN rule 40 description 'Allow all to Jean Moulin'
set firewall name OUTSIDE-IN rule 40 destination address '10.200.200.14'
set firewall name OUTSIDE-IN rule 41 action 'accept'
set firewall name OUTSIDE-IN rule 41 description 'Allow all from Jean Moulin'
set firewall name OUTSIDE-IN rule 41 source address '185.150.252.54'
set firewall name OUTSIDE-IN rule 42 action 'accept'
set firewall name OUTSIDE-IN rule 42 description 'Allow all from Jean Moulin'
set firewall name OUTSIDE-IN rule 42 source address '10.200.200.14'
set firewall name OUTSIDE-IN rule 43 action 'accept'
set firewall name OUTSIDE-IN rule 43 description 'Allow all from VEP Jean Moulin'
set firewall name OUTSIDE-IN rule 43 source address '10.200.200.13'
set firewall name OUTSIDE-LOCAL default-action 'drop'
set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
set firewall name OUTSIDE-LOCAL rule 30 action 'drop'
set firewall name OUTSIDE-LOCAL rule 30 destination port '22'
set firewall name OUTSIDE-LOCAL rule 30 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 30 recent count '4'
set firewall name OUTSIDE-LOCAL rule 30 recent time '60'
set firewall name OUTSIDE-LOCAL rule 30 source
set firewall name OUTSIDE-LOCAL rule 30 state new 'enable'
set firewall name OUTSIDE-LOCAL rule 31 action 'accept'
set firewall name OUTSIDE-LOCAL rule 31 description 'Allow SNMP from CO35-SUP01'
set firewall name OUTSIDE-LOCAL rule 31 destination port '161'
set firewall name OUTSIDE-LOCAL rule 31 protocol 'udp'
set firewall name OUTSIDE-LOCAL rule 31 source address '172.22.254.8'
set firewall name OUTSIDE-LOCAL rule 32 action 'accept'
set firewall name OUTSIDE-LOCAL rule 32 destination port '22'
set firewall name OUTSIDE-LOCAL rule 32 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 32 source address '172.22.254.0/24'
set firewall name OUTSIDE-LOCAL rule 32 state new 'enable'
set firewall name OUTSIDE-LOCAL rule 40 action 'accept'
set firewall name OUTSIDE-LOCAL rule 40 protocol 'esp'
set firewall name OUTSIDE-LOCAL rule 41 action 'accept'
set firewall name OUTSIDE-LOCAL rule 41 destination port '500'
set firewall name OUTSIDE-LOCAL rule 41 protocol 'udp'
set firewall name OUTSIDE-LOCAL rule 42 action 'accept'
set firewall name OUTSIDE-LOCAL rule 42 destination port '4500'
set firewall name OUTSIDE-LOCAL rule 42 protocol 'udp'
set firewall name OUTSIDE-LOCAL rule 43 action 'accept'
set firewall name OUTSIDE-LOCAL rule 43 destination port '1701'
set firewall name OUTSIDE-LOCAL rule 43 ipsec match-ipsec
set firewall name OUTSIDE-LOCAL rule 43 protocol 'udp'
set firewall name VIRT-VPN-IN default-action 'drop'
set firewall name VIRT-VPN-IN rule 10 action 'accept'
set firewall name VIRT-VPN-IN rule 10 state established 'enable'
set firewall name VIRT-VPN-IN rule 10 state related 'enable'
set firewall name VIRT-VPN-IN rule 20 action 'accept'
set firewall name VIRT-VPN-IN rule 20 description 'Allow from CSM'
set firewall name VIRT-VPN-IN rule 20 source address '172.22.254.0/24'
set firewall name VIRT-VPN-IN rule 30 action 'accept'
set firewall name VIRT-VPN-IN rule 30 description 'Allow from VPNSSL-CSM'
set firewall name VIRT-VPN-IN rule 30 source address '192.168.239.0/24'
set firewall name VIRT-VPN-IN rule 40 action 'accept'
set firewall name VIRT-VPN-IN rule 40 description 'Allow from VIRT PEDA'
set firewall name VIRT-VPN-IN rule 40 source address '10.1.200.0/24'
set firewall name VIRT-VPN-IN rule 41 action 'accept'
set firewall name VIRT-VPN-IN rule 41 description 'Allow from VIRT MANA'
set firewall name VIRT-VPN-IN rule 41 source address '10.1.255.0/24'
set firewall name VIRT-VPN-IN rule 42 action 'accept'
set firewall name VIRT-VPN-IN rule 42 description 'Allow from VIRT TECH'
set firewall name VIRT-VPN-IN rule 42 source address '10.1.125.0/24'
set firewall name VIRT-VPN-IN rule 43 action 'accept'
set firewall name VIRT-VPN-IN rule 43 description 'Allow from VIRT BYOD'
set firewall name VIRT-VPN-IN rule 43 source address '10.1.156.0/24'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth1 address '172.31.20.30/24'
set interfaces ethernet eth1 address '185.150.252.52/32'
set interfaces ethernet eth1 description 'SIB-intercoFW'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth1 firewall local name 'OUTSIDE-LOCAL'
set interfaces ethernet eth1 hw-id '00:50:56:90:51:48'
set interfaces ethernet eth1 policy route 'POLICY'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces loopback lo
set interfaces vti vti0 address '10.135.39.158/29'
set interfaces vti vti0 description 'CHALAIS - INTERCO-FIREWALL'
set interfaces vti vti0 mtu '1400'
set interfaces vti vti1 address '10.1.0.2/30'
set interfaces vti vti1 description 'VIRT - INTERCO-FIREWALL'
set interfaces vti vti1 firewall in name 'VIRT-VPN-IN'
set interfaces vti vti1 mtu '1400'
set interfaces vti vti2 address '10.135.92.158/29'
set interfaces vti vti2 description 'JEAN MOULIN - INTERCO-FIREWALL'
set interfaces vti vti2 firewall in name '92-VPN-IN'
set interfaces vti vti2 mtu '1400'
set interfaces vti vti3 address '10.135.7.158/29'
set interfaces vti vti3 description 'FRANCOIS BRUNE - INTERCO-FIREWALL'
set interfaces vti vti3 firewall in name '7-VPN-IN'
set interfaces vti vti3 mtu '1400'
set interfaces vti vti4 address '10.135.26.158/29'
set interfaces vti vti4 description 'PIERRE PERRIN - INTERCO-FIREWALL'
set interfaces vti vti4 firewall in name '26-VPN-IN'
set interfaces vti vti4 mtu '1400'
set interfaces vti vti5 address '10.135.49.158/29'
set interfaces vti vti5 description 'DUGUAY TROUIN - INTERCO-FIREWALL'
set interfaces vti vti5 firewall in name '49-VPN-IN'
set interfaces vti vti5 mtu '1400'
set nat destination rule 20 description 'Chalais - IP publique'
set nat destination rule 20 destination address '185.150.252.48'
set nat destination rule 20 inbound-interface 'eth1'
set nat destination rule 20 translation address '10.200.200.4'
set nat destination rule 21 description 'Jean Moulin - IP publique'
set nat destination rule 21 destination address '185.150.252.54'
set nat destination rule 21 inbound-interface 'eth1'
set nat destination rule 21 translation address '10.200.200.14'
set nat source rule 10 destination address '10.0.0.0/8'
set nat source rule 10 exclude
set nat source rule 10 outbound-interface 'eth1'
set nat source rule 11 destination address '172.16.0.0/12'
set nat source rule 11 exclude
set nat source rule 11 outbound-interface 'eth1'
set nat source rule 12 destination address '192.168.0.0/16'
set nat source rule 12 exclude
set nat source rule 12 outbound-interface 'eth1'
set nat source rule 20 description 'Chalais - IP publique'
set nat source rule 20 outbound-interface 'eth1'
set nat source rule 20 source address '10.200.200.4'
set nat source rule 20 translation address '185.150.252.48'
set nat source rule 21 description 'Jean Moulin - IP publique'
set nat source rule 21 outbound-interface 'eth1'
set nat source rule 21 source address '10.200.200.14'
set nat source rule 21 translation address '185.150.252.54'
set nat source rule 9999 description 'Default masquerade'
set nat source rule 9999 outbound-interface 'eth1'
set nat source rule 9999 translation address '185.150.252.52'
set policy route POLICY rule 97 destination address '192.168.0.0/16'
set policy route POLICY rule 97 protocol 'tcp'
set policy route POLICY rule 97 set tcp-mss '1360'
set policy route POLICY rule 97 tcp flags 'SYN'
set policy route POLICY rule 98 destination address '172.16.0.0/12'
set policy route POLICY rule 98 protocol 'tcp'
set policy route POLICY rule 98 set tcp-mss '1360'
set policy route POLICY rule 98 tcp flags 'SYN'
set policy route POLICY rule 99 destination address '10.0.0.0/8'
set policy route POLICY rule 99 protocol 'tcp'
set policy route POLICY rule 99 set tcp-mss '1360'
set policy route POLICY rule 99 tcp flags 'SYN'
set protocols static route 0.0.0.0/0 next-hop 172.31.20.1
set protocols static route 10.1.125.0/24 next-hop 10.1.0.1
set protocols static route 10.1.156.0/24 next-hop 10.1.0.1
set protocols static route 10.1.200.0/24 next-hop 10.1.0.1
set protocols static route 10.1.255.0/24 next-hop 10.1.0.1
set protocols static route 10.35.7.0/24 next-hop 10.135.7.153
set protocols static route 10.35.26.0/24 next-hop 10.135.26.153
set protocols static route 10.35.39.0/24 next-hop 10.135.39.153
set protocols static route 10.35.49.0/24 next-hop 10.135.49.153
set protocols static route 10.35.92.0/24 next-hop 10.135.92.153
set protocols static route 10.135.7.0/25 next-hop 10.135.7.153
set protocols static route 10.135.7.192/26 next-hop 10.135.7.153
set protocols static route 10.135.26.0/25 next-hop 10.135.26.153
set protocols static route 10.135.26.192/26 next-hop 10.135.26.153
set protocols static route 10.135.39.0/25 next-hop 10.135.39.153
set protocols static route 10.135.39.192/26 next-hop 10.135.39.153
set protocols static route 10.135.49.0/25 next-hop 10.135.49.153
set protocols static route 10.135.49.192/26 next-hop 10.135.49.153
set protocols static route 10.135.92.0/25 next-hop 10.135.92.153
set protocols static route 10.135.92.192/26 next-hop 10.135.92.153
set protocols static route 10.200.200.0/24 next-hop 172.31.20.29
set protocols static route 100.123.96.0/22 next-hop 10.135.49.153
set protocols static route 100.123.100.0/24 next-hop 10.135.49.153
set protocols static route 100.124.104.0/24 next-hop 10.135.39.153
set protocols static route 100.124.105.0/24 next-hop 10.135.39.153
set protocols static route 100.124.128.0/23 next-hop 10.135.92.153
set protocols static route 100.124.130.0/24 next-hop 10.135.92.153
set protocols static route 100.124.168.0/23 next-hop 10.135.26.153
set protocols static route 100.124.170.0/24 next-hop 10.135.26.153
set protocols static route 100.124.176.0/23 next-hop 10.135.7.153
set protocols static route 100.124.178.0/24 next-hop 10.135.7.153
set protocols static route 172.21.240.0/22 next-hop 10.135.49.153
set protocols static route 172.21.247.0/24 next-hop 10.135.49.153
set protocols static route 172.22.132.0/24 next-hop 10.135.39.153
set protocols static route 172.22.135.128/25 next-hop 10.135.39.153
set protocols static route 172.22.144.0/23 next-hop 10.135.92.153
set protocols static route 172.22.147.128/25 next-hop 10.135.92.153
set protocols static route 172.22.164.0/23 next-hop 10.135.26.153
set protocols static route 172.22.167.128/25 next-hop 10.135.26.153
set protocols static route 172.22.168.0/23 next-hop 10.135.7.153
set protocols static route 172.22.171.128/25 next-hop 10.135.7.153
set protocols static route 172.22.254.0/24 next-hop 172.31.20.28
set protocols static route 192.168.239.0/24 next-hop 172.31.20.28
set service snmp community public authorization 'ro'
set service snmp community public client '172.22.254.8'
set service snmp contact 'colleges35@sib.fr'
set service snmp location 'FR, Rennes'
set service snmp trap-target 172.22.254.8
set service ssh port '22'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '9600'
set system host-name 'CO35-VPN01'
set system login user sib-admin authentication encrypted-password '$6$OQxr7nfqoGHX$PZ7WqcJ8bBpVZN6fJvCXUzpt1luYg.Qw7cBWCaKE4SzuGMgfb9JUHylIld.TrUjw5G3Mn5Yg50AxGKcp3kKCf.'
set system login user sib-admin authentication plaintext-password ''
set system login user sib-admin full-name 'SIB admin'
set system login user sib-admin level 'admin'
set system login user vyos authentication encrypted-password '$6$k.oRXiZdv7MD1OEd$LescC51FZLPpIoMsDFfTVK6cax84WXp/XDMuYXctYRG5fgQip7bpTBsz90ZtZbtKAomCCOdGzAULoLmjxoXww1'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system name-server '1.1.1.1'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system syslog host 172.22.254.12 facility all level 'all'
set system syslog host 172.22.254.12:5514 facility all level 'all'
set system time-zone 'Europe/Paris'
set vpn ipsec esp-group CSM-esp compression 'disable'
set vpn ipsec esp-group CSM-esp lifetime '28800'
set vpn ipsec esp-group CSM-esp mode 'tunnel'
set vpn ipsec esp-group CSM-esp pfs 'enable'
set vpn ipsec esp-group CSM-esp proposal 1 encryption 'aes256'
set vpn ipsec esp-group CSM-esp proposal 1 hash 'sha1'
set vpn ipsec ike-group CSM-ike dead-peer-detection action 'clear'
set vpn ipsec ike-group CSM-ike dead-peer-detection interval '30'
set vpn ipsec ike-group CSM-ike dead-peer-detection timeout '90'
set vpn ipsec ike-group CSM-ike ikev2-reauth 'no'
set vpn ipsec ike-group CSM-ike key-exchange 'ikev1'
set vpn ipsec ike-group CSM-ike lifetime '3600'
set vpn ipsec ike-group CSM-ike proposal 1 dh-group '14'
set vpn ipsec ike-group CSM-ike proposal 1 encryption 'aes256'
set vpn ipsec ike-group CSM-ike proposal 1 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec nat-traversal 'enable'
set vpn ipsec site-to-site peer 10.200.200.4 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 10.200.200.4 authentication pre-shared-secret '########'
set vpn ipsec site-to-site peer 10.200.200.4 connection-type 'initiate'
set vpn ipsec site-to-site peer 10.200.200.4 ike-group 'CSM-ike'
set vpn ipsec site-to-site peer 10.200.200.4 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 10.200.200.4 local-address '172.31.20.30'
set vpn ipsec site-to-site peer 10.200.200.4 vti bind 'vti0'
set vpn ipsec site-to-site peer 10.200.200.4 vti esp-group 'CSM-esp'
set vpn ipsec site-to-site peer 10.200.200.14 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 10.200.200.14 authentication pre-shared-secret '#####'
set vpn ipsec site-to-site peer 10.200.200.14 connection-type 'initiate'
set vpn ipsec site-to-site peer 10.200.200.14 ike-group 'CSM-ike'
set vpn ipsec site-to-site peer 10.200.200.14 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 10.200.200.14 local-address '172.31.20.30'
set vpn ipsec site-to-site peer 10.200.200.14 vti bind 'vti2'
set vpn ipsec site-to-site peer 10.200.200.14 vti esp-group 'CSM-esp'
set vpn ipsec site-to-site peer 83.118.212.214 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 83.118.212.214 authentication pre-shared-secret '######'
set vpn ipsec site-to-site peer 83.118.212.214 connection-type 'initiate'
set vpn ipsec site-to-site peer 83.118.212.214 ike-group 'CSM-ike'
set vpn ipsec site-to-site peer 83.118.212.214 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 83.118.212.214 local-address '185.150.252.52'
set vpn ipsec site-to-site peer 83.118.212.214 vti bind 'vti5'
set vpn ipsec site-to-site peer 83.118.212.214 vti esp-group 'CSM-esp'
set vpn ipsec site-to-site peer 83.118.213.78 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 83.118.213.78 authentication pre-shared-secret '####'
set vpn ipsec site-to-site peer 83.118.213.78 connection-type 'initiate'
set vpn ipsec site-to-site peer 83.118.213.78 ike-group 'CSM-ike'
set vpn ipsec site-to-site peer 83.118.213.78 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 83.118.213.78 local-address '185.150.252.52'
set vpn ipsec site-to-site peer 83.118.213.78 vti bind 'vti3'
set vpn ipsec site-to-site peer 83.118.213.78 vti esp-group 'CSM-esp'
set vpn ipsec site-to-site peer 83.118.213.126 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 83.118.213.126 authentication pre-shared-secret '######'
set vpn ipsec site-to-site peer 83.118.213.126 connection-type 'initiate'
set vpn ipsec site-to-site peer 83.118.213.126 ike-group 'CSM-ike'
set vpn ipsec site-to-site peer 83.118.213.126 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 83.118.213.126 local-address '185.150.252.52'
set vpn ipsec site-to-site peer 83.118.213.126 vti bind 'vti4'
set vpn ipsec site-to-site peer 83.118.213.126 vti esp-group 'CSM-esp'
set vpn ipsec site-to-site peer 172.31.20.26 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 172.31.20.26 authentication pre-shared-secret '######'
set vpn ipsec site-to-site peer 172.31.20.26 connection-type 'initiate'
set vpn ipsec site-to-site peer 172.31.20.26 ike-group 'CSM-ike'
set vpn ipsec site-to-site peer 172.31.20.26 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 172.31.20.26 local-address '172.31.20.30'
set vpn ipsec site-to-site peer 172.31.20.26 vti bind 'vti1'
set vpn ipsec site-to-site peer 172.31.20.26 vti esp-group 'CSM-esp'