set clock ntp set clock timezone -5 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set service "2556 (Test SMTP)" protocol tcp src-port 0-65535 dst-port 2556-2556 set service "HTTP8081" protocol tcp src-port 0-65535 dst-port 8081-8081 set service "HTTP8888" protocol tcp src-port 0-65535 dst-port 8888-8888 set service "RPC over HTTPS" protocol tcp src-port 0-65535 dst-port 6001-6004 set service "SMTPSecure" protocol tcp src-port 0-65535 dst-port 2555-2555 set service "Terminal Services" protocol tcp src-port 0-65535 dst-port 3389-3389 set service "VIP PPTP" protocol tcp src-port 0-65535 dst-port 1723-1723 set service "VIP PPTP" + 47 src-port 0-65535 dst-port 0-65535 set service "VIP PPTP" + 47 src-port 0-65535 dst-port 0-65535 set service "VIP PPTP" timeout 30 set service "CompanyWeb" protocol tcp src-port 0-65535 dst-port 444-444 set service "CompanyWeb" + tcp src-port 0-65535 dst-port 135-135 set service "CompanyWeb" + tcp src-port 0-65535 dst-port 995-995 set service "3Com Phones" protocol udp src-port 0-65535 dst-port 2093-2096 unset alg sip enable unset alg mgcp enable unset alg sccp enable unset alg h323 enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth banner telnet login "User Authentication" set auth banner telnet success "User Authentication: Accepted" set auth banner telnet fail "User Authentication: Failed" set auth banner ftp login "220 User Authentication Ready" set auth banner http success "User Authentication: Accepted" set auth radius accounting port 1646 set admin name "user" set admin password "nIcpFHr7JLwPcTDBjs+Ig9NtIAIkan" set admin user "user" password "nNLBCbr+IoWAcDnL0sdA99GtqJEpHn" privilege "all" set admin user "user" password "nJlNLwrjNDUPcGbLZsQFfIPtJ3K5wn" privilege "all" set admin manager-ip 192.168.1.0 255.255.255.0 set admin manager-ip XX.XX.XX.XX 255.255.255.255 set admin manager-ip XX.XX.XX.XX 255.255.255.255 set admin manager-ip XX.XX.XX.XX 255.255.255.255 set admin manager-ip XX.XX.XX.XX 255.255.255.255 set admin port 8086 set admin mail alert set admin mail server-name "192.168.1.11" set admin mail mail-addr1 "username2@domain.com" set admin mail traffic-log set admin auth timeout 20 set admin auth server "Local" set admin auth banner telnet login "Management Console" set admin auth banner console login "Management Console" set admin format dos set vip multi-port set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "VLAN" block set zone "VLAN" tcp-rst set zone "Trust" screen alarm-without-drop set zone "Trust" screen icmp-flood set zone "Trust" screen udp-flood set zone "Trust" screen tear-drop set zone "Trust" screen syn-flood set zone "Trust" screen ping-death set zone "Trust" screen land set zone "Trust" screen icmp-fragment set zone "Trust" screen syn-fin set zone "Untrust" screen icmp-flood set zone "Untrust" screen udp-flood set zone "Untrust" screen winnuke set zone "Untrust" screen port-scan set zone "Untrust" screen ip-sweep set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ip-spoofing set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "Untrust" screen syn-frag set zone "Untrust" screen tcp-no-flag set zone "Untrust" screen ip-record-route set zone "Untrust" screen ip-timestamp-opt set zone "Untrust" screen ip-security-opt set zone "Untrust" screen ip-loose-src-route set zone "Untrust" screen ip-strict-src-route set zone "Untrust" screen ip-stream-opt set zone "Untrust" screen syn-fin set zone "Untrust" screen fin-no-ack set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "trust" zone "Trust" set interface "untrust" zone "Untrust" set interface "tunnel.1" zone "Untrust" set interface "tunnel.2" zone "Untrust" unset interface vlan1 ip set interface trust ip 192.168.1.1/24 set interface trust nat set interface untrust ip XX.XX.XX.XX/28 set interface untrust route set interface tunnel.1 ip unnumbered interface untrust set interface tunnel.2 ip unnumbered interface untrust unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface trust manage-ip 192.168.1.253 set interface trust ip manageable set interface untrust ip manageable set interface untrust manage ping set interface untrust manage telnet set interface untrust manage snmp set interface untrust manage ssl set interface untrust manage web set interface untrust vip untrust 21 "FTP" 192.168.1.11 set interface untrust vip untrust 444 "CompanyWeb" 192.168.1.11 set interface untrust vip untrust 80 "HTTP" 192.168.1.11 set interface untrust vip untrust 3389 "Terminal Services" 192.168.1.11 set interface untrust vip untrust 443 "HTTPS" 192.168.1.11 set interface untrust vip untrust 2555 "SMTPSecure" 192.168.1.11 set interface untrust vip untrust 8888 "HTTP8888" 192.168.1.11 set interface untrust vip untrust 110 "POP3" 192.168.1.11 set interface untrust vip untrust 25 "MAIL" 192.168.1.200 set interface untrust vip untrust 143 "IMAP" 192.168.1.11 set interface untrust vip untrust 2093 "3Com Phones" 192.168.1.190 set interface trust dhcp server service set interface trust dhcp server enable set interface trust dhcp server option lease 7200 set interface trust dhcp server option gateway 192.168.1.1 set interface trust dhcp server option netmask 255.255.255.0 set interface trust dhcp server option domainname domain.com set interface trust dhcp server option dns1 192.168.1.11 set interface trust dhcp server option wins1 192.168.1.11 set interface trust dhcp server ip 192.168.1.50 to 192.168.1.150 unset interface trust dhcp server config next-server-ip set interface "untrust" mip XX.XX.XX.XX host 192.168.1.10 netmask 255.255.255.255 vr "trust-vr" set flow tcp-mss unset flow tcp-syn-check set hostname NS-5GT-PLUS-AV-MEP set webauth banner success "Success" set pki authority default scep mode "auto" set pki x509 default cert-path partial set dns host dns1 192.168.1.11 set dns host dns2 65.106.7.196 set dns host schedule 06:28 set address "Trust" "XX.XX.XX.XX/24" XX.XX.XX.XX 255.255.255.0 set address "Trust" "192.168.1.50/24" 192.168.1.50 255.255.255.0 set address "Trust" "192.168.100.0/24" 192.168.100.0 255.255.255.0 set address "Trust" "XX.XX.XX.XX/32" XX.XX.XX.XX 255.255.255.255 set address "Trust" "XX.XX.XX.XX/32" XX.XX.XX.XX 255.255.255.255 set address "Trust" "XX.XX.XX.XX/32" XX.XX.XX.XX 255.255.255.255 set address "Trust" "BOS1" 192.168.1.10 255.255.255.255 set address "Trust" "Pizza Box" 192.168.1.11 255.255.255.255 set address "Trust" "Trusted Lan" 192.168.1.0 255.255.255.0 "Local Network" set address "Untrust" "10 Rowes Wharf" XX.XX.XX.XX 255.255.255.255 "Rowes Wharf Firewall" set address "Untrust" "10 Rowes Wharf LAN" 192.168.3.0 255.255.255.0 "Rowes Wharf LAN" set address "Untrust" "125 High Street Firewall" XX.XX.XX.XX 255.255.255.255 "External IP" set address "Untrust" "125 High Street LAN" 192.168.1.0 255.255.255.0 set address "Untrust" "XX.XX.XX.XX /32" XX.XX.XX.XX 255.255.255.255 set address "Untrust" "Cape LAN" 192.168.2.0 255.255.255.0 set address "Untrust" "CZECH" XX.XX.XX.XX 255.255.255.255 "Monoitoring Node" set address "Untrust" "Edgerock FLA" XX.XX.XX.XX 255.255.255.240 "XX.XX.XX.XX /28" set address "Untrust" "Edgerock FLA LAN" 192.168.4.0 255.255.255.0 set address "Untrust" "MaxHire" XX.XX.XX.XX 255.255.255.240 set address "Untrust" "San Jose LAN" 192.168.5.0 255.255.255.0 set ippool "XAuthUsers" 192.168.100.1 192.168.100.100 set user "GregVPN" uid 5 set user "GregVPN" ike-id u-fqdn "USERNAME3@DOMAIN.com" share-limit 1 set user "GregVPN" type ike xauth set user "GregVPN" password "J1rdtQv7NjmZqHsZ6VCVy5hU4knTLNp3xg==" unset user "GregVPN" type auth set user "GregVPN" "enable" set user "Mark" uid 6 set user "Mark" ike-id u-fqdn "USERNAME2@DOMAIN.com" share-limit 1 set user "Mark" type ike l2tp set user "Mark" password "xIEYfxoqN0meHbsi7rCmj9FzxXnad62CLA==" unset user "Mark" type auth set user "Mark" "enable" set user "frank" uid 1 set user "frank" ike-id fqdn "frank" share-limit 1 set user "frank" type ike set user "frank" "enable" set user "frankvpn" uid 2 set user "frankvpn" ike-id u-fqdn "USERNAME@DOMAIN.com" share-limit 1 set user "frankvpn" type ike xauth set user "frankvpn" password "eOcbUBfjNEzE0ssAuaCOPidi8CnofdxXzg==" unset user "frankvpn" type auth set user "frankvpn" "enable" set user "mmorency" uid 4 set user "mmorency" ike-id fqdn "mmorency" share-limit 1 set user "mmorency" type ike set user "mmorency" "enable" set user-group "Remote Users" id 1 set user-group "Remote Users" user "Mark" set ike gateway "To 10 Rowes Wharf" address XX.XX.XX.XX Main outgoing-interface "untrust" preshare "elOADA3UNTQ0qGsD+UCo7DtRIUnAtPG5PA==" proposal "pre-g2-aes128-sha" set ike gateway "To Cape" address 0.0.0.0 id "cape" Aggr outgoing-interface "untrust" preshare "9KWSoS1VNKWVU+sInPCVOSSBvWnEnXUP7A==" proposal "pre-g2-3des-sha" "pre-g2-3des-sha" set ike gateway "To Cape" cert peer-ca all unset ike gateway "To Cape" nat-traversal set ike gateway "Test-3com-IPT-roaming" address 0.0.0.0 id "myxilplic" Main local-id "192.168.1.1" outgoing-interface "untrust" preshare "vNVoQ6dBNSN/2IsRgBCEN/YKZ9nl4OfNgCTlFZmacJxk7mRTab2XnSY=" sec-level compatible set ike gateway "Test-3com-IPT-roaming" cert peer-ca all unset ike gateway "Test-3com-IPT-roaming" nat-traversal set ike gateway "Gateway for Any" dialup "frank" Aggr outgoing-interface "untrust" preshare "GO6kzBPnNhiHCasQscCttAhqENn+4v4qmRxDXS2sx2OLG8qyaWTazv4=" sec-level compatible set ike gateway "Gateway for Any" nat-traversal udp-checksum set ike gateway "Gateway for Any" nat-traversal keepalive-frequency 5 set ike gateway "xAuthuserGate" dialup "frankvpn" Aggr outgoing-interface "untrust" preshare "CVEbXHk+N4qTCKsrR4CNycvR40n+YE6gCQ==" proposal "pre-g1-des-sha" set ike gateway "xAuthuserGate" nat-traversal udp-checksum set ike gateway "xAuthuserGate" nat-traversal keepalive-frequency 5 set ike gateway "xAuthuserGate" xauth unset ike gateway "xAuthuserGate" xauth do-edipi-auth set ike gateway "VPN to Edgerock FLA" address 70.110.73.214 id "tampa" Aggr outgoing-interface "untrust" preshare "JVbAumbGNTskccse1mCh6+reRbngn0Q6Ig==" proposal "rsa-g2-3des-sha" "pre-g2-3des-md5" set ike gateway "To San Jose" address 0.0.0.0 id "sanjose" Aggr outgoing-interface "untrust" preshare "uJufWI6KNhNLi1sbPYCPM/cLsCngJZEVhQ==" proposal "pre-g2-3des-sha" "pre-g2-3des-md5" unset ike gateway "To San Jose" nat-traversal set ike gateway "Gateway for Any_0" dialup "mmorency" Aggr outgoing-interface "trust" preshare "d3Ha2RX0NCY9AtspJICPTjcOqvnthWPyFA==" sec-level standard set ike gateway "Gateway for Any_0" nat-traversal udp-checksum set ike gateway "Gateway for Any_0" nat-traversal keepalive-frequency 5 set ike gateway "newgateway" dialup "GregVPN" Aggr outgoing-interface "trust" preshare "8xXO+wl2N+4vqisDuQCKSTaSvanQXqyOaQ==" proposal "pre-g1-des-md5" unset ike gateway "newgateway" nat-traversal udp-checksum set ike gateway "newgateway" nat-traversal keepalive-frequency 5 set ike gateway "newgateway" xauth set ike gateway "newgateway" xauth server auth-method chap pap unset ike gateway "newgateway" xauth do-edipi-auth set ike respond-bad-spi 1 set ike gateway "To 10 Rowes Wharf" heartbeat hello 300 set ike gateway "To 10 Rowes Wharf" heartbeat reconnect 6000 set ike gateway "VPN to Edgerock FLA" heartbeat hello 300 set ike gateway "VPN to Edgerock FLA" heartbeat reconnect 6000 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set xauth default ippool "XAuthUsers" set xauth default dns1 192.168.1.11 set xauth default wins1 192.168.1.11 set vpn "VPN to 10 Rowes Wharf" gateway "To 10 Rowes Wharf" no-replay tunnel idletime 0 proposal "g2-esp-aes128-sha" set vpn "VPN to 10 Rowes Wharf" monitor source-interface trust destination-ip 192.168.3.100 set vpn "VPN to Cape" gateway "To Cape" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" "g2-esp-3des-md5" set vpn "3COM-IPT-FRANK-House" gateway "Test-3com-IPT-roaming" no-replay tunnel idletime 0 sec-level compatible set vpn "VPN for Any" gateway "Gateway for Any" replay tunnel idletime 0 sec-level compatible set vpn "VPN for Any" id 13 bind interface tunnel.1 set vpn "XAuthuserIKE-Frank" gateway "xAuthuserGate" no-replay tunnel idletime 0 proposal "nopfs-esp-des-sha" set vpn "VPN to Edgerock FLA" gateway "VPN to Edgerock FLA" replay tunnel idletime 0 proposal "g2-esp-3des-sha" "g2-esp-3des-md5" set vpn "VPN to San Jose" gateway "To San Jose" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" "g2-esp-3des-md5" set vpn "VPN for Any_0" gateway "Gateway for Any_0" replay tunnel idletime 0 sec-level standard set vpn "VPN for Any_0" id 27 bind interface tunnel.1 set vpn "NewXAuthIKE" gateway "newgateway" no-replay tunnel idletime 0 proposal "nopfs-esp-des-sha" set l2tp default ppp-auth chap set l2tp "Standard Remote User Tennel" id 1 outgoing-interface untrust keepalive 60 set l2tp "Standard Remote User Tennel" remote-setting dns1 192.168.1.11 wins1 192.168.1.11 set l2tp "Standard Remote User Tennel" auth server "Local" user-group "Remote Users" set attack db mode Update set attack db schedule daily 00:00 set av all fail-mode traffic permit unset av http keep-alive set av http webmail enable set av profile "scan-mgr" set ftp scan-mode scan-all set ftp decompress-layer 2 set http scan-mode scan-all set imap scan-mode scan-all set imap decompress-layer 2 set pop3 scan-mode scan-all set pop3 decompress-layer 2 set smtp scan-mode scan-all set smtp decompress-layer 2 exit set url protocol websense exit set anti-spam profile ns-profile unset sbl default-server enable set default action tag subject "***SPAM*** " exit set policy id 43 name "VPN to/from San Jose" from "Untrust" to "Trust" "San Jose LAN" "Trusted Lan" "ANY" tunnel vpn "VPN to San Jose" id 26 pair-policy 44 log set policy id 43 exit set policy id 59 from "Untrust" to "Trust" "Edgerock FLA LAN" "Trusted Lan" "ANY" tunnel vpn "VPN to Edgerock FLA" id 38 pair-policy 58 log set policy id 59 set log session-init exit set policy id 60 from "Untrust" to "Trust" "Dial-Up VPN" "Trusted Lan" "ANY" tunnel vpn "XAuthuserIKE-Frank" id 47 set policy id 60 exit set policy id 44 name "VPN to/from San Jose" from "Trust" to "Untrust" "Trusted Lan" "San Jose LAN" "ANY" tunnel vpn "VPN to San Jose" id 26 pair-policy 43 log set policy id 44 exit set policy id 58 from "Trust" to "Untrust" "Trusted Lan" "Edgerock FLA LAN" "ANY" tunnel vpn "VPN to Edgerock FLA" id 38 pair-policy 59 log set policy id 58 set log session-init exit set policy id 46 from "Trust" to "Untrust" "Any" "Any" "ANY" permit set policy id 46 exit set policy id 42 from "Untrust" to "Trust" "MaxHire" "Any" "ANY" permit log set policy id 42 exit set policy id 41 name "MaxHire Test" from "Trust" to "Untrust" "Any" "MaxHire" "ANY" permit log set policy id 41 exit set policy id 32 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log set policy id 32 exit set policy id 18 name "To / From Cape" from "Untrust" to "Trust" "Cape LAN" "Trusted Lan" "ANY" tunnel vpn "VPN to Cape" id 8 pair-policy 17 log set policy id 18 exit set policy id 17 name "To / From Cape" from "Trust" to "Untrust" "Trusted Lan" "Cape LAN" "ANY" tunnel vpn "VPN to Cape" id 8 pair-policy 18 log set policy id 17 exit set policy id 16 name "To / From 10 Rowes Wharf" from "Untrust" to "Trust" "10 Rowes Wharf LAN" "Trusted Lan" "ANY" tunnel vpn "VPN to 10 Rowes Wharf" id 7 pair-policy 15 log set policy id 16 exit set policy id 28 name "IPT-3COM-FRANK-HOUSE" from "Untrust" to "Trust" "Any" "Trusted Lan" "ANY" tunnel vpn "3COM-IPT-FRANK-HOUSE" id 12 pair-policy 29 log set policy id 28 exit set policy id 15 name "To / From 10 Rowes Wharf" from "Trust" to "Untrust" "Trusted Lan" "10 Rowes Wharf LAN" "ANY" tunnel vpn "VPN to 10 Rowes Wharf" id 7 pair-policy 16 log set policy id 15 exit set policy id 14 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log count set policy id 14 exit set policy id 3 from "Untrust" to "Trust" "Any" "VIP(untrust)" "POP3" permit log count set policy id 3 application "POP3" set policy id 3 exit set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log set policy id 1 exit set policy id 4 from "Untrust" to "Trust" "Any" "VIP(untrust)" "MAIL" permit log count set policy id 4 exit set policy id 6 from "Untrust" to "Trust" "Any" "VIP(untrust)" "HTTP8888" permit log count set policy id 6 application "HTTP" set policy id 6 exit set policy id 7 from "Untrust" to "Trust" "Any" "VIP(untrust)" "SMTPSecure" permit log count set policy id 7 exit set policy id 9 from "Untrust" to "Trust" "Any" "VIP(untrust)" "Terminal Services" permit log count set policy id 9 exit set policy id 10 from "Untrust" to "Trust" "Any" "VIP(untrust)" "VIP PPTP" permit log count set policy id 10 exit set policy id 11 from "Trust" to "Untrust" "Any" "Any" "PPTP" permit log set policy id 11 exit set policy id 12 from "Trust" to "Untrust" "Any" "Any" "ICMP-ANY" permit log set policy id 12 exit set policy id 13 from "Trust" to "Untrust" "Any" "Any" "TRACEROUTE" permit log set policy id 13 exit set policy id 19 from "Untrust" to "Trust" "Any" "VIP(untrust)" "HTTP" permit log set policy id 19 application "HTTP" set policy id 19 exit set policy id 20 from "Untrust" to "Trust" "Any" "VIP(untrust)" "HTTPS" permit log set policy id 20 exit set policy id 21 from "Untrust" to "Trust" "Any" "VIP(untrust)" "CompanyWeb" permit log set policy id 21 exit set policy id 24 from "Trust" to "Untrust" "Any" "Any" "GRE" permit log set policy id 24 exit set policy id 25 from "Untrust" to "Trust" "Any" "MIP(XX.XX.XX.XX)" "VIP PPTP" permit log set policy id 25 exit set policy id 26 from "Untrust" to "Trust" "Any" "MIP(XX.XX.XX.XX)" "GRE" permit log set policy id 26 exit set policy id 27 from "Untrust" to "Trust" "Any" "VIP(untrust)" "RPC over HTTPS" permit log set policy id 27 exit set policy id 29 name "IPT-3COM-FRANK-HOUSE" from "Trust" to "Untrust" "Trusted Lan" "Any" "ANY" tunnel vpn "3COM-IPT-FRANK-HOUSE" id 12 pair-policy 28 log set policy id 29 exit set policy id 30 from "Trust" to "Untrust" "Any" "Any" "GRE" permit log set policy id 30 exit set policy id 31 from "Trust" to "Untrust" "Any" "Any" "GRE" permit log set policy id 31 exit set policy id 45 from "Untrust" to "Trust" "Any" "VIP(untrust)" "IMAP" permit set policy id 45 exit set syslog src-interface trust set log module system level emergency destination console set log module system level alert destination console set log module system level critical destination console set log module system level error destination console set log module system level warning destination console set log module system level notification destination console set log module system level information destination console set log module system level debugging destination console unset log module system level notification destination email set log module system level error destination webtrends set log module system level warning destination webtrends unset log module system level notification destination webtrends unset log module system level notification destination NSM unset log module system level information destination NSM unset log module system level debugging destination NSM set nsmgmt bulkcli reboot-timeout 60 set nsmgmt bulkcli reboot-wait 0 set ssh version v2 set config lock timeout 5 set ntp server "time.mit.edu" set ntp server backup1 "0.0.0.0" set ntp server backup2 "0.0.0.0" set modem speed 115200 set modem retry 3 set modem interval 10 set modem idle-time 10 set snmp community "ghSNMP" Read-Only Trap-off version any set snmp host "ghSNMP" XXX.XXX.XXX.XXX 255.255.255.255 src-interface untrust trap v1 set snmp location "Rowes Wharf, Boston, MA" set snmp contact "Grace-Hunt" set snmp name "NS-5GT-PLUS-AV-MEP" set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 0.0.0.0/0 interface untrust gateway XXX.XXX.XXX.XXX ***Untrust IP*** exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit