set clock dst-off
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "postgres" protocol tcp src-port 0-65535 dst-port 5432-5432 
set service "postgres" + udp src-port 0-65535 dst-port 5432-5432 
set service "VPN" protocol tcp src-port 0-65535 dst-port 1723-1723 
set service "VPN" + udp src-port 0-65535 dst-port 1723-1723 
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "x"
set admin password "x"
set admin auth web timeout 10
set admin auth dial-in timeout 3
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "MGT" block 
set zone "DMZ" tcp-rst 
set zone "VLAN" block 
unset zone "VLAN" tcp-rst 
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "DMZ"
set interface "ethernet0/3" zone "DMZ"
set interface "bgroup0" zone "Trust"
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Untrust"
set interface "tunnel.3" zone "Untrust"
set interface bgroup0 port ethernet0/4
set interface bgroup0 port ethernet0/5
set interface bgroup0 port ethernet0/6
unset interface vlan1 ip
set interface ethernet0/0 ip x.x.x.x/28
set interface ethernet0/0 route
set interface ethernet0/1 ip 192.168.4.254/24
set interface ethernet0/1 nat
set interface ethernet0/2 ip 192.168.3.254/24
set interface ethernet0/2 nat
set interface ethernet0/3 ip 192.168.5.254/24
set interface ethernet0/3 nat
set interface bgroup0 ip 192.168.2.254/24
set interface bgroup0 nat
set interface tunnel.1 ip unnumbered interface ethernet0/0
set interface tunnel.2 ip unnumbered interface ethernet0/0
set interface tunnel.3 ip unnumbered interface ethernet0/0
set interface ethernet0/0 mtu 1500
set interface tunnel.1 mtu 1500
set interface tunnel.2 mtu 1500
set interface tunnel.3 mtu 1500
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/1 ip manageable
set interface ethernet0/2 ip manageable
set interface ethernet0/3 ip manageable
set interface bgroup0 ip manageable
set interface ethernet0/0 manage ping
set interface ethernet0/0 manage web
set interface ethernet0/1 manage web
set interface ethernet0/2 manage ssh
set interface ethernet0/2 manage web
unset interface bgroup0 manage snmp
unset interface bgroup0 manage ssl
set interface bgroup0 manage mtrace
set interface ethernet0/1 dhcp server service
set interface bgroup0 dhcp server service
set interface ethernet0/1 dhcp server auto
set interface bgroup0 dhcp server auto
set interface ethernet0/1 dhcp server option lease 1440 
set interface ethernet0/1 dhcp server option gateway 192.168.4.254 
set interface ethernet0/1 dhcp server option netmask 255.255.255.0 
set interface ethernet0/1 dhcp server option dns1 x.x.x.x
set interface ethernet0/1 dhcp server option dns2 x.x.x.x
set interface bgroup0 dhcp server option lease 1440 
set interface bgroup0 dhcp server option gateway 192.168.2.254 
set interface bgroup0 dhcp server option dns1 x.x.x.x
set interface bgroup0 dhcp server option dns2 x.x.x.x
set interface ethernet0/1 dhcp server ip 192.168.4.5 to 192.168.4.25 
set interface bgroup0 dhcp server ip 192.168.2.20 to 192.168.2.158 
unset interface ethernet0/1 dhcp server config next-server-ip
unset interface bgroup0 dhcp server config next-server-ip
set interface "ethernet0/0" mip x.x.x.x host 192.168.2.61 netmask 255.255.255.255 vr "trust-vr"
set interface "ethernet0/0" mip x.x.x.x host 192.168.2.3 netmask 255.255.255.255 vr "trust-vr"
set interface "ethernet0/0" mip x.x.x.x host x.x.x.x netmask 255.255.255.255 vr "trust-vr"
set interface "serial0/0" modem settings "USR" init "AT&F"
set interface "serial0/0" modem settings "USR" active
set interface "serial0/0" modem speed 115200
set interface "serial0/0" modem retry 3
set interface "serial0/0" modem interval 10
set interface "serial0/0" modem idle-time 10
set flow tcp-mss
unset flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set console page 10
unset hostname
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 x.x.x.x
set dns host dns2 x.x.x.x
set dns host dns3 0.0.0.0
set address "Trust" "192.168.100.0/24" 192.168.100.0 255.255.255.0
set address "Trust" "192.168.2.0/24" 192.168.2.0 255.255.255.0
set address "Trust" "192.168.2.55/255.255.255.255" 192.168.2.55 255.255.255.255
set address "Trust" "192.168.4.0/24" 192.168.4.0 255.255.255.0
set address "Trust" "192.168.4.1/24" 192.168.4.1 255.255.255.0
set address "Trust" "x.x.x.x/28" x.x.x.x 255.255.255.240
set address "Trust" "Internal Net" 192.168.2.0 255.255.255.0
set address "Trust" "Local Lan" 192.168.2.0 255.255.255.0
set address "Untrust" "x.x.x.x/16" x.x.x.x 255.255.0.0
set address "Untrust" "192.168.0.0/24" 192.168.0.0 255.255.255.0
set address "Untrust" "192.168.100.0/24" 192.168.100.0 255.255.255.0
set address "Untrust" "192.168.2.0/24" 192.168.2.0 255.255.255.0
set address "Untrust" "192.168.49.0/24" 192.168.49.0 255.255.255.0
set address "Untrust" "ABCD" .x.x.x.x 255.255.255.252
set address "Untrust" "ABCD_LAN" 192.168.100.0 255.255.255.0
set address "DMZ" "DMZ" 192.168.4.0 255.255.255.0
set ippool "vpnclienthyd" X.X.X.X Y.Y.Y.Y
set user "xyzv" uid 9
set user "xyzv" type xauth
set user "xyzv" password "abcd"
unset user "xyzv" type auth
set user "xyvz" "enable"
set user "abcd" uid 2
set user "abcd" ike-id u-fqdn "test@juniper.com" share-limit 1
set user "abcd" type ike xauth
set user "abcd" password "cxdg"
unset user "ohyd" type auth
set user "ohyd" "enable"
set user "ovpn_hyd" uid 6
set user "ovpn_hyd" ike-id u-fqdn "a@abcd.com" share-limit 1
set user "ovpn_hyd" type ike
set user "ovpn_hyd" "enable"
set user "vpnuser_ohyd" uid 5
set user "vpnuser_ohyd" ike-id fqdn "client.shrew.net" share-limit 5
set user "vpnuser_chyd" type ike xauth
set user "vpnuser_ohyd" password "abcd"
unset user "abcd" type auth
set user "xydg" "enable"
set user-group "OYD_GROUP" id 3
set user-group "OGROUP" user "ocvpn_hyd"
set user-group "vpnclient_group" id 5
set user-group "vpnclient_group" user "vpnuser_ochyd"
set ike gateway "GATEWAY_USA" address x.x.x.x Main outgoing-interface "ethernet0/0" preshare "SOIlTpg==" proposal "pre-g2-3des-sha"
set ike gateway "OCHYD_GW" dialup "OCHYD_GROUP" Aggr outgoing-interface "ethernet0/0" preshare "QTC7eG0znSDL0RTw==" proposal "pre-g2-3des-sha"
unset ike gateway "OCHYD_GW" nat-traversal udp-checksum
set ike gateway "OCHYD_GW" nat-traversal keepalive-frequency 5
set ike gateway "ocguest" dialup "ochyd" Aggr outgoing-interface "ethernet0/0" preshare "e+m7APY1N4MGFdsDNSCx6acx8Inwr23D1A==" proposal "pre-g2-des-sha"
unset ike gateway "ocguest" nat-traversal
set ike gateway "ocguest" xauth
unset ike gateway "ocguest" xauth do-edipi-auth
set ike gateway "OCUS-NEWGW" address x.x.x.x Main outgoing-interface "ethernet0/0" preshare "oOTg9SUU8n8YE3B0w==" proposal "pre-g2-3des-sha"
set ike gateway "vpnclient_gateway" dialup "vpnclient_group" Aggr local-id "vpngw.shrew.net" outgoing-interface "ethernet0/0" preshare "zr+wC2RKNWKxI" proposal "pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha" "pre-g2-aes128-md5"
set ike gateway "vpnclient_gateway" cert peer-ca all
set ike gateway "vpnclient_gateway" dpd-liveness interval 30
unset ike gateway "vpnclient_gateway" nat-traversal
set ike gateway "vpnclient_gateway" xauth server "Local"
unset ike gateway "vpnclient_gateway" xauth do-edipi-auth
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "vpnclienthyd"
set xauth default dns1 x.x.x.x
set xauth default dns2 x.x.x.x
set xauth default wins1 x.x.x.x
set xauth default wins2 x.x.x.x
set vpn "OCUS-VPN" gateway "GATEWAY_USA" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" 
set vpn "OCUS-VPN" monitor optimized rekey
set vpn "OCUS-VPN" id 0x1 bind interface tunnel.1
set vpn "OCHYD_VPN" gateway "OCHYD_GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" 
set vpn "ocguest" gateway "ocguest" no-replay tunnel idletime 0 proposal "nopfs-esp-des-md5" 
set vpn "ocguest" monitor
set vpn "OCUS-NEWTUNNEL" gateway "OCUS-NEWGW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" 
set vpn "OCUS-NEWTUNNEL" monitor optimized
set vpn "OCUS-NEWTUNNEL" id 0xc bind interface tunnel.3
set vpn "vpnclient_tunnel" gateway "vpnclient_gateway" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha"  "nopfs-esp-3des-md5"  "nopfs-esp-aes128-sha"  "nopfs-esp-aes128-md5" 
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set url protocol websense
exit 
set policy id 27 from "Untrust" to "Trust"  "Dial-Up VPN" "192.168.2.0/24" "ANY" tunnel vpn "ocguest" id 0x8 log 
set policy id 27
set log session-init
exit
set policy id 17 from "Untrust" to "Trust"  "Dial-Up VPN" "192.168.2.0/24" "ANY" tunnel vpn "OCHYD_VPN" id 0x5 
set policy id 17
exit
set policy id 37 from "Trust" to "Untrust"  "192.168.2.0/24" "192.168.0.0/24" "ANY" permit log 
set policy id 37
set log session-init
exit
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" nat src permit 
set policy id 1
exit
set policy id 4 from "Untrust" to "Trust"  "Any" "Local Lan" "ANY" nat src permit 
set policy id 4
exit
set policy id 36 from "Untrust" to "Trust"  "192.168.0.0/24" "192.168.2.0/24" "ANY" permit 
set policy id 36
exit
set policy id 38 from "Untrust" to "Trust"  "192.168.0.0/24" "192.168.2.0/24" "ANY" permit 
set policy id 38
exit
set policy id 40 from "Untrust" to "Trust"  "Dial-Up VPN" "Local Lan" "ANY" tunnel vpn "vpnclient_tunnel" id 0xe log 
set policy id 40
exit
set policy id 47 from "Untrust" to "Trust"  "Any" "MIP(x.x.x.x)" "VPN" permit 
set policy id 47
exit
set policy id 48 from "Untrust" to "Trust"  "Any" "MIP(x.x.x.z)" "FTP" permit 
set policy id 48
exit
set policy id 49 from "Trust" to "Untrust"  "192.168.2.0/24" "192.168.100.0/24" "ANY" permit 
set policy id 49
exit
set policy id 50 from "Untrust" to "Trust"  "192.168.100.0/24" "192.168.2.0/24" "ANY" permit 
set policy id 50
exit
set policy id 51 from "Untrust" to "Trust"  "Any" "MIP(192.168.2.100)" "ANY" permit 
set policy id 51
exit
set nsmgmt report proto-dist enable
set nsmgmt report statistics ethernet enable
set nsmgmt report statistics attack enable
set nsmgmt report statistics flow enable
set nsmgmt report statistics policy enable
set nsmgmt report alarm traffic enable
set nsmgmt report alarm attack enable
set nsmgmt report alarm other enable
set nsmgmt report alarm di enable
set nsmgmt report log config enable
set nsmgmt report log info enable
set nsmgmt report log self enable
set nsmgmt report log traffic enable
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
set source-routing enable
exit
set vrouter "trust-vr"
unset add-default-route
set route 192.168.0.0/24 interface tunnel.3
set route 0.0.0.0/0 interface ethernet0/0 gateway x.x.x.x
set route 192.168.10.0/24 interface bgroup0 gateway 192.168.2.61
set route 192.168.100.0/24 interface tunnel.3 gateway x.x.x.x
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit