# saved_cfg_timestamp:327965015 ############################################################################################## set clock ntp set clock timezone -7 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth-server "$infranet_1" id 1 set auth-server "$infranet_1" server-name "45.200.1.78" set auth-server "$infranet_1" account-type xauth 802.1X set auth-server "$infranet_1" radius secret "TDH00dPnNg4xkJsu5aC3lTecaJnCTw/3m1l7yG/+ikYWJLe2pR2w/DZerP4mRASS91XB6Y5/k1hM" set auth-server "$infranet_1" radius attribute calling-station-id set auth-server "$infranet" id 2 set auth-server "$infranet" server-name "45.200.1.78" set auth-server "$infranet" account-type xauth 802.1X set auth-server "$infranet" radius secret "Pc2v6jZhNZRfyus3IzCVGj2ojhnJhlrNC5L1hT+CIjDLG57glnyIruzTQDJ85qPeFclrCPpj8A4x" set auth-server "$infranet" radius attribute calling-station-id set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "nEQGIprLE9/PcidFCstLJfFtCYB2Tn" set admin user "admin" password "nAIxN3rGAHRLcfOE8s3FTEBt99JIOn" privilege "all" set admin auth timeout 10 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "DMZ" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet1" zone "Trust" set interface "ethernet2" zone "DMZ" set interface "ethernet3" zone "Untrust" set interface "ethernet4" zone "MGT" unset interface vlan1 ip set interface ethernet1 ip 45.200.21.1/24 set interface ethernet1 route set interface ethernet4 ip 45.200.1.64/24 set interface ethernet4 route unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip unset interface ethernet1 ip manageable set interface ethernet4 manage mtrace set auth-server "$infranet_1" src-interface "ethernet4" set auth-server "$infranet" src-interface "ethernet4" unset flow no-tcp-seq-check set flow tcp-syn-check set console page 0 set domain nac.ilabs.interop.net set hostname juniper-ns204 set alias show "get" set user "$infra-u-6-2" uid 1 set user "$infra-u-6-2" ike-id u-fqdn "u6-2.juniper.net" share-limit 1000 set user "$infra-u-6-2" type ike set user "$infra-u-6-2" "enable" set user-group "$infra-g-6-2" id 1 set user-group "$infra-g-6-2" user "$infra-u-6-2" set ike p2-proposal "nopfs-esp-null-sha" no-pfs esp null sha-1 second 3600 set ike gateway "$infra-gw-6-2" dialup "$infra-g-6-2" Aggr outgoing-interface "ethernet3" seed-preshare "t3jQF9ZjNiNOiAsPdyCansriAonK3QDza2Ylzr3cxvMPDGKnoKq2BZqY8BCu8WX7TGSQYhaTLqh9" proposal "pre-g2-3des-sha" set ike gateway "$infra-gw-6-2" nat-traversal udp-checksum set ike gateway "$infra-gw-6-2" nat-traversal keepalive-frequency 5 set ike gateway "$infra-gw-6-2" xauth server "$infranet_1" query-config set ike gateway "$infra-gw-6-2" xauth server auth-method chap unset ike gateway "$infra-gw-6-2" xauth do-edipi-auth set ike respond-bad-spi 1 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set vpn "$infra-vpn-6-2" gateway "$infra-gw-6-2" no-replay tunnel idletime 0 sec-level compatible set dns host dns1 45.200.1.2 set dns host dns2 0.0.0.0 set dns host dns3 0.0.0.0 set url protocol websense exit set policy id 1 from "Untrust" to "Trust" "Dial-Up VPN" "Any" "ANY" tunnel vpn "$infra-vpn-6-2" id 2 Infranet-Auth set policy id 1 exit set pki authority default scep mode "auto" set pki x509 default cert-path partial set infranet controller name "juniper-uac" set infranet controller name "juniper-uac" host-name "juniper-uac.nac.ilabs.interop.net" port 11122 set infranet controller name "juniper-uac" src-interface ethernet4 set infranet controller name "juniper-uac" password "5U+t8v6mNl3OuQsd5OCxV6vkqAnJPu3L8g==" set infranet controller name "juniper-uac" ca-hash "43CCF641EA884CB5048718785FA2028CF665379F" set nsmgmt report alarm traffic enable set nsmgmt report alarm attack enable set nsmgmt report alarm other enable set nsmgmt report alarm di enable set nsmgmt report log config enable set nsmgmt report log info enable set nsmgmt report log self enable set nsmgmt report log traffic enable set nsmgmt init id C02D27D21C811956CED42A9CA5F7AF041404AAC100 set nsmgmt server primary 45.200.1.6 port 7800 set nsmgmt bulkcli reboot-timeout 60 set nsmgmt hb-interval 20 set nsmgmt hb-threshold 5 set nsmgmt enable set ssh version v2 set ssh enable set config lock timeout 5 set ntp server "45.200.1.2" set ntp server backup1 "0.0.0.0" set ntp server backup2 "0.0.0.0" set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 0.0.0.0/0 interface ethernet4 gateway 45.200.1.1 preference 20 exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit