Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- set version 10.4R4.5
- set system host-name RemoteOffice_FW
- set system time-zone GMT-8
- set system root-authentication encrypted-password "dont be looking here"
- set system name-server 208.67.222.222
- set system name-server 208.67.220.220
- set system services ssh
- set system services telnet
- set system services web-management https
- set system services web-management https system-generated-certificate
- set system services web-management https interface st0.0
- set system services web-management https interface fe-0/0/0.0
- set system services dhcp pool 10.20.35.0/24 address-range low 10.20.35.100
- set system services dhcp pool 10.20.35.0/24 address-range high 10.20.35.254
- set system services dhcp pool 10.20.35.0/24 default-lease-time 86400
- set system services dhcp pool 10.20.35.0/24 domain-name ourdomain.gov
- set system services dhcp pool 10.20.35.0/24 name-server 10.10.1.23
- set system services dhcp pool 10.20.35.0/24 name-server 10.10.1.14
- set system services dhcp pool 10.20.35.0/24 router 10.20.35.1
- set system services dhcp pool 10.20.35.0/24 option 242 string MCIPADD=10.20.1.215,10.18.1.215,HTTPSRVR=10.10.11.119,L2Q=1,L2QVLAN=35,VLANTEST=20
- set system syslog archive size 100k
- set system syslog archive files 3
- set system syslog user * any emergency
- set system syslog file messages any critical
- set system syslog file messages authorization info
- set system syslog file interactive-commands interactive-commands error
- set system max-configurations-on-flash 5
- set system max-configuration-rollbacks 5
- set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
- set interfaces fe-0/0/0 unit 0 description External
- set interfaces fe-0/0/0 unit 0 family inet address 200.1.1.74/29
- set interfaces fe-0/0/1 vlan-tagging
- set interfaces fe-0/0/1 unit 0 description internal
- set interfaces fe-0/0/1 unit 0 vlan-id 1
- set interfaces fe-0/0/1 unit 20 description RemoteOffice_Mgmt
- set interfaces fe-0/0/1 unit 20 vlan-id 20
- set interfaces fe-0/0/1 unit 20 family inet address 10.20.20.1/24
- set interfaces fe-0/0/1 unit 35 description VoIP_RemoteOffice
- set interfaces fe-0/0/1 unit 35 vlan-id 35
- set interfaces fe-0/0/1 unit 35 family inet address 10.20.35.1/24
- set interfaces lo0 unit 0 family inet address 127.0.0.1/32
- set interfaces st0 unit 0 family inet
- set interfaces vlan unit 0
- set snmp description "Remote Office Firewall"
- set snmp location "Remote Office"
- set snmp community SNMPReadString authorization read-only
- set routing-options static route 0.0.0.0/0 next-hop 200.1.1.78
- set routing-options static route 10.0.0.0/8 next-hop st0.0
- set security ike proposal RemoteOffice-Phase1-Prop authentication-method pre-shared-keys
- set security ike proposal RemoteOffice-Phase1-Prop dh-group group2
- set security ike proposal RemoteOffice-Phase1-Prop authentication-algorithm sha1
- set security ike proposal RemoteOffice-Phase1-Prop encryption-algorithm aes-192-cbc
- set security ike proposal RemoteOffice-Phase1-Prop lifetime-seconds 28800
- set security ike policy RemoteOffice-IKE-Policy mode main
- set security ike policy RemoteOffice-IKE-Policy proposals RemoteOffice-Phase1-Prop
- set security ike policy RemoteOffice-IKE-Policy pre-shared-key ascii-text "some key"
- set security ike gateway RemoteOffice-VPN-Gateway ike-policy RemoteOffice-IKE-Policy
- set security ike gateway RemoteOffice-VPN-Gateway address 100.50.10.33
- set security ike gateway RemoteOffice-VPN-Gateway local-identity inet 200.1.1.74
- set security ike gateway RemoteOffice-VPN-Gateway external-interface fe-0/0/0
- set security ipsec proposal RemoteOffice-Phase2-Prop protocol esp
- set security ipsec proposal RemoteOffice-Phase2-Prop authentication-algorithm hmac-sha1-96
- set security ipsec proposal RemoteOffice-Phase2-Prop encryption-algorithm aes-192-cbc
- set security ipsec proposal RemoteOffice-Phase2-Prop lifetime-seconds 28000
- set security ipsec policy RemoteOffice-IPSEC-Policy perfect-forward-secrecy keys group2
- set security ipsec policy RemoteOffice-IPSEC-Policy proposals RemoteOffice-Phase2-Prop
- set security ipsec vpn RemoteOffice bind-interface st0.0
- set security ipsec vpn RemoteOffice ike gateway RemoteOffice-VPN-Gateway
- set security ipsec vpn RemoteOffice ike ipsec-policy RemoteOffice-IPSEC-Policy
- set security ipsec vpn RemoteOffice establish-tunnels immediately
- set security zones security-zone trust host-inbound-traffic system-services all
- set security zones security-zone trust host-inbound-traffic protocols all
- set security zones security-zone trust interfaces fe-0/0/1.0 host-inbound-traffic system-services all
- set security zones security-zone trust interfaces fe-0/0/1.0 host-inbound-traffic protocols all
- set security zones security-zone trust interfaces fe-0/0/1.20 host-inbound-traffic system-services all
- set security zones security-zone trust interfaces fe-0/0/1.20 host-inbound-traffic protocols all
- set security zones security-zone trust interfaces fe-0/0/1.35 host-inbound-traffic system-services all
- set security zones security-zone trust interfaces fe-0/0/1.35 host-inbound-traffic protocols all
- set security zones security-zone vpn host-inbound-traffic system-services all
- set security zones security-zone vpn host-inbound-traffic protocols all
- set security zones security-zone vpn interfaces st0.0 host-inbound-traffic system-services all
- set security zones security-zone vpn interfaces st0.0 host-inbound-traffic protocols all
- set security zones security-zone untrust host-inbound-traffic system-services ike
- set security zones security-zone untrust host-inbound-traffic protocols all
- set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ike
- set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ssh
- set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
- set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic protocols all
- set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
- set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
- set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
- set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
- set security policies from-zone trust to-zone vpn policy trust-to-vpn match source-address any
- set security policies from-zone trust to-zone vpn policy trust-to-vpn match destination-address any
- set security policies from-zone trust to-zone vpn policy trust-to-vpn match application any
- set security policies from-zone trust to-zone vpn policy trust-to-vpn then permit
- set security policies from-zone vpn to-zone trust policy vpn-to-trust match source-address any
- set security policies from-zone vpn to-zone trust policy vpn-to-trust match destination-address any
- set security policies from-zone vpn to-zone trust policy vpn-to-trust match application any
- set security policies from-zone vpn to-zone trust policy vpn-to-trust then permit
- set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
- set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
- set security policies from-zone trust to-zone trust policy trust-to-trust match application any
- set security policies from-zone trust to-zone trust policy trust-to-trust then permit
- set security alg dns disable
- set security alg ftp disable
- set security alg h323 disable
- set security alg mgcp disable
- set security alg msrpc disable
- set security alg sunrpc disable
- set security alg rsh disable
- set security alg rtsp disable
- set security alg sccp disable
- set security alg sip disable
- set security alg sql disable
- set security alg talk disable
- set security alg tftp disable
- set security alg pptp disable
- set security flow tcp-mss ipsec-vpn mss 1350
- set security flow tcp-mss gre-in mss 1350
- set security flow tcp-mss gre-out mss 1350
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement