set version 11.4R4.4
set system host-name visa
set system time-zone 
set system root-authentication encrypted-password
set system name-server -
set system name-server -
set system login class spectrum permissions secret
set system login class spectrum permissions view-configuration
set system login class spectrum allow-commands show
set system login user Spec_adm uid 2001
set system login user Spec_adm class spec
set system login user Spec_adm authentication encrypted-password -
set system login user - uid 2000
set system login user - class super-user
set system login user - authentication encrypted-password -
set system services ssh protocol-version v2
set system services telnet
set system services netconf ssh
set system services web-management https system-generated-certificate
set system services dhcp name-server -
set system services dhcp name-server -
set system services dhcp router 192.168.55.1
set system services dhcp pool 192.168.55.0/24 address-range low 192.168.55.10
set system services dhcp pool 192.168.55.0/24 address-range high 192.168.55.200
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system syslog file default-log-messages any any
set system syslog file default-log-messages structured-data
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system ntp server -
set system ntp server -
set interfaces fe-0/0/0 vlan-tagging
set interfaces fe-0/0/0 unit 0 description Svdptb
set interfaces fe-0/0/0 unit 0 vlan-id 112
set interfaces fe-0/0/0 unit 0 family inet address -
set interfaces fe-0/0/0 unit 1 vlan-id 103
set interfaces fe-0/0/0 unit 1 family inet address -
set interfaces fe-0/0/1 unit 0 description Internet
set interfaces fe-0/0/3 unit 0 description "Public LAN"
set interfaces fe-0/0/3 unit 0 family inet filter input untrust-vr
set interfaces fe-0/0/3 unit 0 family inet address 192.168.55.1/24
set interfaces fe-0/0/7 unit 0 description "LAN"
set interfaces fe-0/0/7 unit 0 family inet address 172.16.249.209/30
set interfaces st0 unit 0 family inet address 192.168.129.54/24
set interfaces st0 unit 1 description "Tunnel to for VP MGMT"
set interfaces st0 unit 1 family inet
set snmp name "-."
set snmp location "-"
set snmp community Gmtv5MhB authorization read-only
set snmp community Gmtv5MhB clients -/28
set snmp trap-group Gmtv5MhB destination-port 162
set snmp trap-group Gmtv5MhB targets -
set routing-options interface-routes rib-group inet int-routes
set routing-options static route 0.0.0.0/0 next-hop 192.168.129.1
set routing-options static route 10.245.0.0/16 next-hop -
set routing-options static route 10.16.166.0/24 next-hop 172.16.249.210
set routing-options static route 172.16.166.0/24 next-hop 172.16.249.210
set routing-options rib-groups int-routes import-rib inet.0
set routing-options rib-groups int-routes import-rib untrust-vr.inet.0
set security ike policy vmi_std mode main
set security ike policy vmi_std proposal-set standard
set security ike policy vmi_std pre-shared-key ascii-text "-"
set security ike gateway vmi_dc ike-policy vmi_std
set security ike gateway vmi_dc address -
set security ike gateway vmi_dc external-interface fe-0/0/0.0
set security ipsec proposal des protocol esp
set security ipsec proposal des authentication-algorithm hmac-sha1-96
set security ipsec proposal des encryption-algorithm des-cbc
set security ipsec policy vmi_std perfect-forward-secrecy keys group2
set security ipsec policy vmi_std proposal-set standard
set security ipsec policy weak perfect-forward-secrecy keys group2
set security ipsec policy weak proposals des
set security ipsec vpn vmi_dc bind-interface st0.0
set security ipsec vpn vmi_dc vpn-monitor optimized
set security ipsec vpn vmi_dc ike gateway vmi_dc
set security ipsec vpn vmi_dc ike proxy-identity local -/32
set security ipsec vpn vmi_dc ike proxy-identity remote -/32
set security ipsec vpn vmi_dc ike proxy-identity service any
set security ipsec vpn vmi_dc ike ipsec-policy vmi_std
set security ipsec vpn vmi_dc establish-tunnels immediately
set security ipsec vpn vp_vmi_dc bind-interface st0.1
set security ipsec vpn vp_vmi_dc vpn-monitor optimized
set security ipsec vpn vp_vmi_dc ike gateway vmi_dc
set security ipsec vpn vp_vmi_dc ike proxy-identity local 1-/32
set security ipsec vpn vp_vmi_dc ike proxy-identity remote -/32
set security ipsec vpn vp_vmi_dc ike proxy-identity service any
set security ipsec vpn vp_vmi_dc ike ipsec-policy vmi_std
set security alg dns disable
set security alg ftp disable
set security alg h323 disable
set security alg mgcp disable
set security alg msrpc disable
set security alg sunrpc disable
set security alg real disable
set security alg rsh disable
set security alg rtsp disable
set security alg sccp disable
set security alg sip disable
set security alg sql disable
set security alg talk disable
set security alg tftp disable
set security alg pptp disable
set security flow tcp-mss all-tcp mss 1450
set security flow tcp-mss ipsec-vpn mss 1350
set security flow tcp-session no-syn-check-in-tunnel
set security flow force-ip-reassembly
set security nat source rule-set to-untrust from zone public
set security nat source rule-set to-untrust to zone untrust
set security nat source rule-set to-untrust rule 1 match destination-address 0.0.0.0/0
set security nat source rule-set to-untrust rule 1 then source-nat interface
set security policies from-zone trust to-zone vpt policy 1 match source-address any
set security policies from-zone trust to-zone vpt policy 1 match destination-address any
set security policies from-zone trust to-zone vpt policy 1 match application any
set security policies from-zone trust to-zone vpt policy 1 then permit
set security policies from-zone trust to-zone vpt policy 1 then log session-close
set security policies from-zone vpt to-zone trust policy 2 match source-address any
set security policies from-zone vpt to-zone trust policy 2 match destination-address any
set security policies from-zone vpt to-zone trust policy 2 match application any
set security policies from-zone vpt to-zone trust policy 2 then permit
set security policies from-zone vpt to-zone trust policy 2 then log session-close
set security policies from-zone public to-zone untrust policy 3 match source-address public_lan
set security policies from-zone public to-zone untrust policy 3 match destination-address any
set security policies from-zone public to-zone untrust policy 3 match application any
set security policies from-zone public to-zone untrust policy 3 then permit
set security policies from-zone public to-zone untrust policy 3 then log session-close
set security policies from-zone public to-zone vp_mgmt policy 10 match source-address public_lan
set security policies from-zone public to-zone vp_mgmt policy 10 match destination-address vp_wan
set security policies from-zone public to-zone vp_mgmt policy 10 match application any
set security policies from-zone public to-zone vp_mgmt policy 10 then permit
set security policies from-zone public to-zone vp_mgmt policy 10 then log session-close
set security policies from-zone vp_mgmt to-zone public policy 11 match source-address vp_wan
set security policies from-zone vp_mgmt to-zone public policy 11 match destination-address public_lan
set security policies from-zone vp_mgmt to-zone public policy 11 match application any
set security policies from-zone vp_mgmt to-zone public policy 11 then permit
set security policies from-zone vp_mgmt to-zone public policy 11 then log session-close
set security zones security-zone svdpt tcp-rst
set security zones security-zone svdpt host-inbound-traffic system-services ssh
set security zones security-zone svdpt host-inbound-traffic system-services netconf
set security zones security-zone svdpt host-inbound-traffic system-services ping
set security zones security-zone svdpt host-inbound-traffic system-services https
set security zones security-zone svdpt host-inbound-traffic system-services snmp
set security zones security-zone svdpt host-inbound-traffic system-services ike
set security zones security-zone svdpt interfaces fe-0/0/0.0
set security zones security-zone trust host-inbound-traffic system-services ping
set security zones security-zone trust interfaces fe-0/0/7.0
set security zones security-zone vpt host-inbound-traffic system-services ping
set security zones security-zone vpt interfaces st0.0
set security zones security-zone untrust host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces fe-0/0/0.1
set security zones security-zone public address-book address public_lan 192.168.55.0/24
set security zones security-zone public host-inbound-traffic system-services ping
set security zones security-zone public interfaces fe-0/0/3.0 host-inbound-traffic system-services ping
set security zones security-zone public interfaces fe-0/0/3.0 host-inbound-traffic system-services dhcp
set security zones security-zone vp_mgmt address-book address vp_wan 192.168.0.0/18
set security zones security-zone vp_mgmt interfaces st0.1
set firewall filter untrust-vr term 1 from source-address 192.168.55.0/24
set firewall filter untrust-vr term 1 then routing-instance untrust-vr
set firewall filter untrust-vr term all then accept
set routing-instances untrust-vr instance-type virtual-router
set routing-instances untrust-vr interface fe-0/0/0.1
set routing-instances untrust-vr interface st0.1
set routing-instances untrust-vr routing-options static route 0.0.0.0/0 next-hop -
set routing-instances untrust-vr routing-options static route 192.168.0.0/18 next-hop st0.1