API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 13th, 2015
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.54 KB | None | 0 0
raw download clone embed print report
  1. interfaces {
  2. st0 {
  3. unit 3 {
  4. description "IPv4 tunnel to c2821";
  5. family inet {
  6. mtu 1420;
  7. address 172.25.144.243/31;
  8. }
  9. }
  10. }
  11. }
  12. event-options {
  13. policy dyn-dns-updater {
  14. events SYSTEM;
  15. attributes-match {
  16. SYSTEM.message matches "EVENT Add at-1/0/0.0";
  17. }
  18. then {
  19. event-script dyn-dns-update.xslt;
  20. }
  21. }
  22. event-script {
  23. file dyn-dns-update.xslt;
  24. }
  25. }
  26. security {
  27. ike {
  28. proposal ike-proposal-j2c-1 {
  29. authentication-method pre-shared-keys;
  30. dh-group group5;
  31. authentication-algorithm sha-256;
  32. encryption-algorithm aes-256-cbc;
  33. lifetime-seconds 28800;
  34. }
  35. policy ike-policy-j2c-1 {
  36. mode main;
  37. proposals ike-proposal-j2c-1;
  38. pre-shared-key ascii-text "SECRET-DATA"; ## SECRET-DATA
  39. }
  40. gateway ike-gateway-j2c-1 {
  41. ike-policy ike-policy-j2c-1;
  42. address 1.2.3.4;
  43. local-identity hostname srx110c2821;
  44. external-interface at-1/0/0.0;
  45. }
  46. }
  47. ipsec {
  48. proposal ipsec-proposal-j2c-1 {
  49. protocol esp;
  50. authentication-algorithm hmac-sha-256-128;
  51. encryption-algorithm aes-256-cbc;
  52. lifetime-seconds 3600;
  53. lifetime-kilobytes 4608000;
  54. }
  55. policy ipsec-policy-j2c-1 {
  56. proposals ipsec-proposal-j2c-1;
  57. }
  58. vpn ipsec-vpn-j2c-1 {
  59. bind-interface st0.3;
  60. ike {
  61. gateway ike-gateway-j2c-1;
  62. ipsec-policy ipsec-policy-j2c-1;
  63. }
  64. establish-tunnels immediately;
  65. }
  66. }
  67. }
  68.  
  69.  
  70.  
  71. crypto keyring j2c-keyring
  72. pre-shared-key address 0.0.0.0 0.0.0.0 key SECRET-DATA
  73. !
  74. crypto isakmp policy 1
  75. encr aes 256
  76. hash sha256
  77. authentication pre-share
  78. group 5
  79. crypto isakmp profile j2c-1
  80. keyring j2c-keyring
  81. match identity user-fqdn srx110c2821
  82. !
  83. crypto ipsec transform-set ESP_AES256 esp-aes 256 esp-sha256-hmac
  84. !
  85. crypto ipsec profile j2c-1
  86. set transform-set ESP_AES256
  87. set isakmp-profile j2c-1
  88. !
  89. interface Tunnel0
  90. description IPv4 tunnel to srx110
  91. ip address 172.25.144.242 255.255.255.254
  92. ip mtu 1420
  93. tunnel source Dialer0
  94. tunnel mode ipsec ipv4
  95. ! tunnel destination set by EEM script
  96. tunnel protection ipsec profile j2c-1
  97. !
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!