unset hardware wdt-reset set clock timezone -5 set vrouter trust-vr sharable unset vrouter "trust-vr" auto-route-export set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set admin auth timeout 10 set admin auth server "Local" set admin privilege read-write set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" unset zone "Trust" tcp-rst unset zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "VLAN" block set zone "VLAN" tcp-rst unset zone "Untrust" screen tear-drop unset zone "Untrust" screen syn-flood unset zone "Untrust" screen ping-death unset zone "Untrust" screen ip-filter-src unset zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "trust" zone "Trust" set interface "untrust" zone "Untrust" unset interface vlan1 ip set interface trust ip 172.31.35.5/24 set interface trust nat set interface untrust ip xx.xx.xx.xx/32 set interface untrust route set interface untrust mtu 1500 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface trust ip manageable set interface untrust ip manageable unset interface trust manage telnet unset interface trust manage snmp set interface trust manage ident-reset set interface untrust manage ping set interface untrust manage ssh set interface untrust manage ssl set interface untrust manage web set interface trust dhcp server service set interface trust dhcp server enable set interface trust dhcp server option gateway 172.31.35.5 set interface trust dhcp server option netmask 255.255.255.0 set interface trust dhcp server option dns1 207.164.234.193 set interface trust dhcp server ip 172.31.35.37 to 172.31.35.130 set flow tcp-mss set flow all-tcp-mss 1304 set hostname FW1LPGCTL set dns host dns1 207.164.234.193 set dns host dns2 207.164.234.129 set dns host schedule 06:28 set address "Trust" "172.31.35.0/24" 172.31.35.0 255.255.255.0 set address "Trust" "172.31.36.0/24" 172.31.36.0 255.255.255.0 set address "Untrust" "172.31.36.0/24" 172.31.36.0 255.255.255.0 set ippool "UWOL2TP_pool" 172.31.36.7 172.31.36.25 set user "mihulko" uid 2 set user "mihulko" ike-id asn1-dn wildcard "" share-limit 1 set user "mihulko" type ike l2tp set user "mihulko" password unset user "mihulko" type auth set user "mihulko" "enable" set user-group "UWO-l2tp" id 2 set user-group "UWO-l2tp" user "mihulko" set ike p1-proposal "UWO" rsa-sig group2 esp des sha-1 hour 8 set ike gateway "UWOVPN-gateway" dialup "UWO-l2tp" Main outgoing-interface "untrust" proposal "rsa-g2-des-md5" "rsa-g2-des-sha" "rsa-g2-3des-md5" "rsa-g2-3des-sha" set ike gateway "UWOVPN-gateway" cert peer-cert-type x509-sig set ike gateway "UWOVPN-gateway" cert peer-ca all unset ike gateway "UWOVPN-gateway" nat-traversal set ike respond-bad-spi 1 set vpn "UWOVPN-vpn" gateway "UWOVPN-gateway" no-replay transport idletime 0 sec-level compatible set l2tp default ippool "UWOL2TP_pool" set l2tp default ppp-auth chap set l2tp "UWOL2TP-tunnel" id 1 outgoing-interface untrust keepalive 60 set pki authority default cert-status revocation-check none set pki authority default scep mode "auto" set pki ldap crl-url "http://www.uwo.ca/its/pki/CA/itsca-crl.crl" set pki x509 default cert-path full set pki x509 dn country-name "CA" set pki x509 dn state-name "ON" set pki x509 dn local-name "London" set pki x509 dn org-name "University of Western Ontario" set pki x509 dn org-unit-name "NOC" set pki x509 dn name "fw1lpgctl" set pki x509 dn phone "519-661-2111" set pki x509 cert-fqdn fw1lpgctl.threepigs.uwo.ca set policy id 2 name "UWOVPN-Policy" from "Untrust" to "Trust" "Dial-Up VPN" "172.31.35.0/24" "ANY" tunnel vpn "UWOVPN-vpn" id 12 l2tp "UWOL2TP-tunnel" set policy id 3 from "Trust" to "Untrust" "172.31.35.0/24" "172.31.36.0/24" "ANY" permit set policy id 1 from "Trust" to "Untrust" "172.31.35.0/24" "Any" "ANY" permit set pppoe name "UWO" set pppoe name "UWO" username "" password "" set pppoe name "UWO" ac "" set pppoe name "UWO" static-ip set pppoe name "UWO" interface untrust unset pppoe name "UWO" update-dhcpserver set global-pro policy-manager primary outgoing-interface untrust set global-pro policy-manager secondary outgoing-interface untrust set ssh version v2 set ssh enable set scp enable set config lock timeout 5 set ssl cert-hash "" set ssl encrypt 3des sha-1 set modem speed 115200 set modem retry 3 set modem interval 10 set modem idle-time 10 set snmp name "ns5gt" set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 172.31.36.0/24 interface trust gateway 172.31.35.5 exit