firewall { all-ping enable broadcast-ping disable config-trap disable group { address-group opaq-mgt { address 74.123.206.4 address 74.123.206.20 address 192.168.202.1 } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name eth0-local { default-action drop rule 10 { action accept source { group { address-group opaq-mgt } } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable twa-hazards-protection disable } interfaces { ethernet eth1 { address dhcp description "Cust: pr140002 [10Mbit] (Internet:AT&T)" duplex auto firewall { local { name eth0-local } } hw-id ac:1f:6b:43:bd:5c smp-affinity auto speed auto } ethernet eth2 { address 172.19.10.1/24 description "Cust: pr140002 (Local LAN: NA NA)" duplex full hw-id ac:1f:6b:43:bd:5d smp-affinity auto speed 1000 } ethernet eth3 { description SHUTDOWN disable duplex auto hw-id ac:1f:6b:43:bd:5e smp-affinity auto speed auto } loopback lo { address 10.69.69.127/32 } vti vti0 { address 10.69.69.1/30 description "Cust: pr140002 (iad-c1-poda iad-c1-poda-fw1-pan-a)" ip { ospf { cost 5 dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } } } } policy { prefix-list local-lan { rule 10 { action permit prefix 172.19.10.0/24 } } route-map redist-local-connected { rule 10 { action permit match { ip { address { prefix-list local-lan } } } } } } protocols { ospf { area 0.0.0.0 { network 10.69.69.127/32 network 10.69.69.0/30 } log-adjacency-changes { } neighbor 10.69.69.2 { poll-interval 60 priority 0 } parameters { abr-type cisco router-id 10.69.69.127 } redistribute { connected { metric-type 2 route-map redist-local-connected } } } static { route 74.123.206.20/32 { dhcp-interface eth1 } } } service { dhcp-server { global-parameters "option space pr140002;" global-parameters "option pr140002.value code 10 = { string };" shared-network-name all_employees { shared-network-parameters "vendor-option-space pr140002;" shared-network-parameters "option pr140002.value 00:f1:08:c0:a8:a9:0b:c0:a8:4d:0b;" subnet 172.19.10.0/24 { default-router 172.19.10.1 dns-server 8.8.8.8 dns-server 1.1.1.1 lease 86400 range 0 { start 172.19.10.10 stop 172.19.10.250 } } } } ssh { port 22 } } system { config-management { commit-revisions 20 } conntrack { expect-table-size 2048 hash-size 32768 table-size 262144 } console { device ttyS0 { speed 9600 } } host-name pr140002-WalshHQ-1 login { user customer-backup { authentication { plaintext-password "password" } level admin } user snoc { authentication { plaintext-password "password" } level admin } user vyos { authentication { plaintext-password "password" } level admin } } name-server 8.8.8.8 name-server 8.8.4.4 ntp { server time1.google.com { } server time2.google.com { } server time3.google.com { } server time4.google.com { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vpn { ipsec { esp-group default { compression disable lifetime 3600 mode tunnel pfs dh-group14 proposal 1 { encryption aes256 hash sha256 } } ike-group default { ikev2-reauth no key-exchange ikev1 lifetime 28800 proposal 1 { dh-group 14 encryption aes256 hash sha256 } } ike-group ikev2 { ikev2-reauth no key-exchange ikev2 lifetime 28800 proposal 1 { dh-group 14 encryption aes256 hash sha256 } } ipsec-interfaces { interface eth1 } logging { log-level 2 } nat-traversal enable site-to-site { peer 74.123.206.20 { authentication { id pr140002-WalshHQ-1 mode pre-shared-secret pre-shared-secret password remote-id 74.123.206.20 } connection-type initiate default-esp-group default dhcp-interface eth1 ike-group ikev2 ikev2-reauth inherit vti { bind vti0 esp-group default } } } } }