gr-4/0/0 {
description To-Aicent;
unit 0 {
tunnel {
source 192.168.40.3;
destination 192.168.40.4;
}
family inet {
mtu 1514;
address 216.200.75.133/30;
}
}
}
sp-4/0/0 {
unit 0 {
family inet;
}
unit 1 {
family inet;
service-domain outside;
}
unit 2 {
family inet;
service-domain inside;
}
gr-4/0/0 { description To-Aicent; unit 0 { tunnel { source 192.168.40.3; destination 192.168.40.4; } family inet { mtu 1514; address 216.200.75.133/30; } } } sp-4/0/0 { unit 0 { family inet; } unit 1 { family inet; service-domain outside; } unit 2 { family inet; service-domain inside; }
lo0 {
unit 0 {
family inet {
address 112.110.160.254/32;
address 192.168.40.3/32;
}
}
}
route 192.168.40.4/32 {
next-hop sp-4/0/0.2;
resolve;
}
services {
ipsec-vpn {
rule VPN-TO-AIC {
term gre-tunnel {
from {
source-address {
192.168.40.3/32;
}
destination-address {
192.168.40.4/32;
}
}
then {
remote-gateway 94.31.2.10;
dynamic {
ike-policy AIC-IKE-POLICY;
ipsec-policy AIC-IPSEC-POLICY;
}
}
}
match-direction input;
}
ipsec {
proposal AIC-IPSEC-PROPOSAL {
protocol esp;
authentication-algorithm hmac-md5-96;
encryption-algorithm des-cbc;
lifetime-seconds 3600;
}
policy AIC-IPSEC-POLICY {
perfect-forward-secrecy {
keys group1;
}
proposals AIC-IPSEC-PROPOSAL;
}
}
ike {
proposal idea-to-aic {
authentication-method pre-shared-keys;
dh-group group1;
authentication-algorithm md5;
encryption-algorithm des-cbc;
lifetime-seconds 86400;
}
policy AIC-IKE-POLICY {
mode main;
proposals idea-to-aicent;
pre-shared-key ascii-text "$9$k.m5CA0IRSmfu1IEKvxN-VwYDjq5T3wYgJ"; ## SECRET-DATA
}
}
inactive: traceoptions {
file AIC_VPN;
flag ike;
flag all;
}
establish-tunnels immediately;
}
service-set ICL-AIC-GRE {
next-hop-service {
inside-service-interface sp-4/0/0.2;
outside-service-interface sp-4/0/0.1;
}
ipsec-vpn-options {
local-gateway 124.124.111.49;
}
ipsec-vpn-rules VPN-TO-AIC;
}
}