version 12.1X44-D35.5; system { host-name sml-vjz-r1; root-authentication { encrypted-password "$1$V9K9aCrS$9qejXzjW5wA2idJBiun"; ## SECRET-DATA } services { ssh; } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; } interfaces { fe-0/0/0 { unit 0 { encapsulation ppp-over-ether; } } gr-0/0/0 { unit 0 { description VJZ1-SML1; tunnel { source vjz_ISP1.1_addr; destination sml_ISP1.1_addr; } family inet { address 172.16.2.2/30; } } unit 1 { description VJZ1-SML2; tunnel { source vjz_ISP1.2_addr; destination sml_ISP2.1_addr; } family inet { address 172.16.2.6/30; } } } fe-0/0/1 { description 3G; unit 0 { family inet { address 10.68.6.51/29; } } } lo0 { unit 0 { family inet { address vjz_ISP1.2_addr/32; } } } pp0 { unit 0 { ppp-options { pap { local-name pppoename; no-rfc2486; local-password "$9$0SjjOIcMWxbYg1Rw24JDjBIRh"; ## SECRET-DATA passive; } } pppoe-options { underlying-interface fe-0/0/0.0; auto-reconnect 1; } family inet { negotiate-address; } } } st0 { unit 0 { family inet { address 172.16.68.2/24; } } } } routing-options { static { route 0.0.0.0/0 { next-hop pp0.0; qualified-next-hop 10.68.6.50 { metric 10; } } route sml_ISP2.2_addr/32 next-hop 10.68.6.50; } router-id 172.16.68.2; } protocols { ospf { area 0.0.0.0 { interface gr-0/0/0.0 { metric 5; hello-interval 5; dead-interval 20; } interface gr-0/0/0.1 { metric 10; hello-interval 5; dead-interval 20; } interface st0.0 { metric 15; hello-interval 5; dead-interval 20; } } } } security { ike { policy ike_pol_all { mode aggressive; proposal-set basic; pre-shared-key ascii-text "$9$f5n90OIcrKaZ"; ## SECRET-DATA } gateway SML-C-R1 { ike-policy ike_pol_all; address sml_ISP2.2_addr; local-identity hostname SML-VJZ-R1; external-interface fe-0/0/1.0; } } ipsec { proposal ipsec_esp { protocol esp; authentication-algorithm hmac-sha1-96; } policy ipsec_pol_esp { proposals ipsec_esp; } vpn VJZ2-SML2 { bind-interface st0.0; df-bit clear; ike { gateway SML-C-R1; no-anti-replay; proxy-identity { local 0.0.0.0/0; remote 0.0.0.0/0; service any; } ipsec-policy ipsec_pol_esp; } establish-tunnels immediately; } } policies { from-zone trust to-zone trust { policy trust-to-trust { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { fe-0/0/0.0; fe-0/0/1.0; st0.0; pp0.0; lo0.0; gr-0/0/0.0; gr-0/0/0.1; } } } }