set clock ntp set clock timezone 1 set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set service "MyGRE" protocol 47 src-port 0-65535 dst-port 2048-2048 set service "GREcustom" protocol tcp src-port 0-65535 dst-port 47-47 set service "PPTP Custom" protocol tcp src-port 0-65535 dst-port 1723-1723 set service "PPTP Custom" + tcp src-port 0-65535 dst-port 47-47 set alg appleichat enable unset alg appleichat re-assembly enable set alg sctp enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth-server "RSA VPN Auth" id 1 set auth-server "RSA VPN Auth" server-name "172.16.4.199" set auth-server "RSA VPN Auth" account-type auth l2tp xauth set auth-server "RSA VPN Auth" type securid set auth-server "Radius_or_SecurID" id 2 set auth-server "Radius_or_SecurID" server-name "172.16.4.199" set auth-server "Radius_or_SecurID" account-type xauth set auth default auth server "Local" set auth radius accounting port 1646 set admin name "administrator" set admin password "nLdUOyrZMLrFcSXFjsnKQDPtiAGYHn" set admin port 8080 set admin auth web timeout 10 set admin auth dial-in timeout 3 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone id 100 "VPN" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst unset zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "DMZ" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst unset zone "VPN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet0/0" zone "Untrust" set interface "ethernet0/1" zone "DMZ" set interface "ethernet0/2" zone "Trust" set interface "bgroup0" zone "Trust" set interface "tunnel.1" zone "VPN" unset interface vlan1 ip set interface ethernet0/0 ip 10.10.10.4/24 set interface ethernet0/0 route set interface ethernet0/2 ip 172.16.6.3/16 set interface ethernet0/2 nat set interface tunnel.1 mtu 1500 set interface ethernet0/0 proxy dns set interface bgroup0 proxy dns unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet0/0 ip manageable set interface ethernet0/2 ip manageable set interface ethernet0/0 manage ping set interface ethernet0/0 manage telnet set interface ethernet0/0 manage web unset interface ethernet0/2 manage ssh unset interface ethernet0/2 manage snmp unset interface ethernet0/2 manage ssl set interface bgroup0 manage mtrace set interface ethernet0/0 vip interface-ip 2048 "MyGRE" 172.16.4.199 manual set interface ethernet0/0 vip interface-ip 25 "SMTP" 172.16.4.199 manual set interface ethernet0/0 vip interface-ip 80 "HTTP" 172.16.4.100 set interface ethernet0/0 vip interface-ip 1723 "PPTP Custom" 172.16.4.199 manual set interface ethernet0/0 vip interface-ip 47 "GREcustom" 172.16.4.199 manual set interface ethernet0/1 dhcp client enable set interface "serial0/0" modem settings "USR" init "AT&F" set interface "serial0/0" modem settings "USR" active set interface "serial0/0" modem speed 115200 set interface "serial0/0" modem retry 3 set interface "serial0/0" modem interval 10 set interface "serial0/0" modem idle-time 10 set flow tcp-mss unset flow tcp-syn-check unset flow tcp-syn-bit-check set flow reverse-route clear-text prefer set flow reverse-route tunnel always set pki authority default scep mode "auto" set pki x509 default cert-path partial set pki x509 dn state-name "Zuid-Holland" set pki x509 dn local-name "Rotterdam" set pki x509 dn org-name "Leijnse Artz Advocaten" set pki x509 dn org-unit-name "Addvocaten" set pki x509 dn name "Leijnse Artz" set pki x509 dn phone "010244344" set pki x509 dn email "info@leijnseartz.com" set pki x509 cert-fqdn vpn.leijnseartz.com set dns host dns1 172.19.3.1 src-interface ethernet0/0 set dns host dns2 172.19.3.2 set dns host dns3 0.0.0.0 set dns proxy set dns proxy enable set dns server-select domain leijnseartz.com outgoing-interface bgroup0 primary-server 172.19.3.1 secondary-server 172.19.3.2 failover set dns server-select domain * outgoing-interface ethernet0/0 primary-server 172.19.3.1 failover set address "Trust" "172.16.0.0/16" 172.16.0.0 255.255.0.0 set address "VPN" "172.16.5.0/24" 172.16.5.0 255.255.255.0 set ippool "VPN DHCP POOL" 172.16.5.200 172.16.5.225 set user "NICOLAI" uid 7 set user "NICOLAI" type xauth set user "NICOLAI" password "+c0upcAEN0/M5+sALpCN8AhPR8nJku7g5w==" unset user "NICOLAI" type auth set user "NICOLAI" "enable" set user "vpn@customer.com" uid 6 set user "vpn@customer.com" ike-id u-fqdn "vpn@customer.com" share-limit 25 set user "vpn@customer.com" type ike set user "vpn@customer.com" "enable" set user-group "IKE VPN User grouo" id 2 set user-group "IKE VPN User grouo" user "vpn@customer.com" set ike gateway "VPN CLIENTS" dialup "IKE VPN User grouo" Main outgoing-interface "ethernet0/0" preshare "jrXDlj0dND3h40sRBnCPxCxNC8no1PURvg==" proposal "pre-g2-aes128-sha" set ike gateway "VPN CLIENTS" nat-traversal udp-checksum set ike gateway "VPN CLIENTS" nat-traversal keepalive-frequency 5 set ike gateway "VPN CLIENTS" xauth unset ike gateway "VPN CLIENTS" xauth do-edipi-auth set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set xauth default ippool "VPN DHCP POOL" set xauth default dns1 172.16.4.100 set xauth default dns2 172.16.4.195 set xauth default wins1 172.16.4.100 set vpn "vpn cLIENTS" gateway "VPN CLIENTS" no-replay tunnel idletime 0 proposal "g2-esp-aes128-sha" set vpn "vpn cLIENTS" id 0x4 bind interface tunnel.1 set vrouter "untrust-vr" exit set vrouter "trust-vr" exit set l2tp default dns1 172.16.4.100 set l2tp default ippool "VPN DHCP POOL" set l2tp default wins1 172.16.4.100 set l2tp "WindowsVPN-l2tp" id 3 outgoing-interface ethernet0/0 set url protocol websense exit set anti-spam profile ns-profile set sbl default-server enable exit set vpn "vpn cLIENTS" proxy-id local-ip 0.0.0.0/0 remote-ip 255.255.255.255/32 "ANY" set policy id 4 from "Untrust" to "Global" "Any" "VIP(ethernet0/0)" "MyGRE" permit log set policy id 4 exit set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" nat src permit set policy id 1 exit set policy id 3 name "OPEN" from "Untrust" to "Trust" "Any" "VIP(ethernet0/0)" "ANY" permit log set policy id 3 exit set policy id 27 from "Trust" to "Untrust" "Any" "Any" "PPTP" permit log count set policy id 27 exit set policy id 65 from "Trust" to "Untrust" "Any" "Any" "GRE" permit log count set policy id 65 exit set policy id 66 from "Untrust" to "Trust" "Any" "VIP(ethernet0/0)" "PPTP Custom" permit log count set policy id 66 exit set policy id 67 name "vpn cLIENTS Allowed" from "VPN" to "Trust" "172.16.5.0/24" "172.16.0.0/16" "ANY" permit log set policy id 67 exit set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set config lock timeout 5 unset license-key auto-update set ssl port 4343 set ntp server "200.49.40.1" set ntp server src-interface "ethernet0/0" set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit