Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- security {
- ike {
- traceoptions {
- flag all;
- }
- policy ike_pol_wizard_dyn_vpn {
- mode aggressive;
- proposal-set standard;
- pre-shared-key ascii-text
- }
- gateway gw_wizard_dyn_vpn {
- ike-policy ike_pol_wizard_dyn_vpn;
- dynamic {
- hostname srx220-indy1.trelane.net;
- connections-limit 50;
- ike-user-type group-ike-id;
- }
- external-interface ge-0/0/0.0;
- xauth access-profile remote_access_profile;
- }
- }
- ipsec {
- traceoptions {
- flag all;
- }
- policy ipsec_pol_wizard_dyn_vpn {
- perfect-forward-secrecy {
- keys group1;
- }
- proposal-set standard;
- }
- vpn wizard_dyn_vpn {
- ike {
- gateway gw_wizard_dyn_vpn;
- ipsec-policy ipsec_pol_wizard_dyn_vpn;
- }
- }
- }
- dynamic-vpn {
- access-profile remote_access_profile;
- clients {
- wizard-dyn-group {
- remote-protected-resources {
- 192.168.100.0/24;
- }
- ipsec-vpn wizard_dyn_vpn;
- user {
- trelane;
- }
- }
- }
- }
- forwarding-options {
- family {
- inet6 {
- mode flow-based;
- }
- }
- }
- screen {
- ids-option Internet-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- limit-session {
- destination-ip-based 50;
- }
- }
- }
- nat {
- source {
- rule-set nsw_srcnat {
- from zone Internal;
- to zone Internet;
- rule nsw-src-interface {
- match {
- source-address 0.0.0.0/0;
- destination-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- destination {
- pool test {
- address 192.168.100.10/32 port 22;
- }
- rule-set DNAT {
- from zone Internet;
- rule test {
- match {
- destination-address 0.0.0.0/0;
- destination-port {
- 2222;
- }
- protocol tcp;
- }
- then {
- destination-nat {
- pool {
- test;
- }
- }
- }
- }
- }
- }
- }
- policies {
- from-zone Internal to-zone Internet {
- policy All_Internal_Internet {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone Internet to-zone Internal {
- policy policy_in_wizard_dyn_vpn {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit {
- tunnel {
- ipsec-vpn wizard_dyn_vpn;
- }
- }
- }
- }
- }
- }
- zones {
- security-zone Internal {
- interfaces {
- vlan.1 {
- host-inbound-traffic {
- system-services {
- ping;
- dhcp;
- ssh;
- snmp;
- http;
- https;
- traceroute;
- }
- protocols {
- router-discovery;
- }
- }
- }
- }
- }
- security-zone Internet {
- screen Internet-screen;
- interfaces {
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- dhcp;
- ssh;
- ike;
- traceroute;
- dhcpv6;
- http;
- https;
- }
- }
- }
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement