interfaces { ethernet eth0 { address 15.106.113.110/29 description "Cust: 121-Bridgewater [810Mbit] (Internet:Cox)" duplex full smp-affinity auto speed 1000 } ethernet eth1 { address 172.30.1.1/24 description "Cust: 121-Bridgewater (Local LAN: n/a n/a)" duplex full smp-affinity auto speed 1000 } ethernet eth2 { address 156.74.128.237/29 description "Cust: 121-Bridgewater [20Mbit] (Internet:INAP)" duplex full smp-affinity auto speed 100 } ethernet eth3 { description SHUTDOWN disable duplex auto smp-affinity auto speed auto } loopback lo { address 192.168.11.127/32 } vti vti0 { address 192.168.11.1/30 description "Cust: 121-Bridgewater (CH1 chi1-opaq-pan-a)" ip { ospf { cost 5 dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } } } vti vti1 { address 192.168.11.129/30 description "Cust: 121-Bridgewater (CH1 chi1-opaq-pan-a)" ip { ospf { cost 10 dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } } } } policy { prefix-list local-lan { rule 10 { action permit prefix 172.30.1.0/24 } } prefix-list static-routes { rule 10 { action permit prefix 192.168.10.0/24 } } route-map redist-static { rule 10 { action permit match { ip { address { prefix-list static-routes } } } } } route-map redist-local-connected { rule 10 { action permit match { ip { address { prefix-list local-lan } } } } } } protocols { ospf { area 0.0.0.0 { network 192.168.11.127/32 network 192.168.11.0/30 network 192.168.11.128/30 } log-adjacency-changes { } neighbor 192.168.11.2 { poll-interval 60 priority 0 } neighbor 192.168.11.130 { poll-interval 60 priority 0 } parameters { abr-type cisco router-id 192.168.11.127 } redistribute { connected { metric-type 2 route-map redist-local-connected } static { metric-type 2 route-map redist-static } } } static { route 74.123.203.1/32 { next-hop 15.106.113.105 { } } route 74.123.203.2/32 { next-hop 156.74.128.238 { } } route 74.123.206.4/32 { next-hop 156.74.128.238 { distance 5 } } route 192.168.10.0/24 { next-hop 172.30.1.2 { } } } } service { ssh { listen-address 15.106.113.110 listen-address 156.74.128.237 port 22 } } system { config-management { commit-revisions 20 } console { device ttyS0 { speed 9600 } } host-name 121-Bridgewater-Westport-1 login { user customer-backup { authentication { encrypted-password **************** plaintext-password **************** } level admin } user snoc { authentication { encrypted-password **************** plaintext-password **************** } level admin } user vyos { authentication { encrypted-password **************** plaintext-password **************** } level admin } } name-server 8.8.8.8 name-server 8.8.4.4 ntp { server time1.google.com { } server time2.google.com { } server time3.google.com { } server time4.google.com { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vpn { ipsec { esp-group default { compression disable lifetime 3600 mode tunnel pfs dh-group14 proposal 1 { encryption aes256 hash sha256 } } ike-group default { ikev2-reauth no key-exchange ikev1 lifetime 28800 proposal 1 { dh-group 14 encryption aes256 hash sha256 } } ipsec-interfaces { interface eth0 interface eth2 } logging { log-level 1 log-modes any } nat-traversal enable site-to-site { peer 74.123.203.1 { authentication { mode pre-shared-secret pre-shared-secret **************** remote-id 74.123.203.1 } connection-type initiate default-esp-group default ike-group default ikev2-reauth inherit local-address 15.106.113.110 vti { bind vti0 esp-group default } } peer 74.123.203.2 { authentication { mode pre-shared-secret pre-shared-secret **************** remote-id 74.123.203.2 } connection-type initiate default-esp-group default ike-group default ikev2-reauth inherit local-address 156.74.128.237 vti { bind vti1 esp-group default } } } } }