## Last commit: 2022-11-19 14:46:22 UTC by root
version 20200319.130545_builder.r1095278;
system {
root-authentication {
encrypted-password "$6$zthUz2jD$loeVj1tqVxoBdEgNcUAMBqfagMfp0buHnB/kABodRJlgZeyXEPVR5c99ivJutG7qGH3CyBXZp6B.9SLOP5byo0"; ## SECRET-DATA
}
services {
ssh;
web-management {
http {
interface fxp0.0;
}
https {
system-generated-certificate;
interface fxp0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
ike {
policy ike-1 {
proposal-set compatible;
pre-shared-key ascii-text "$9$rrdKLxwYgoZU-d"; ## SECRET-DATA
}
gateway gre-ike {
ike-policy ike-1;
address 160.191.81.201;
external-interface ge-0/0/0;
}
}
ipsec {
policy ipsec-1 {
proposal-set compatible;
}
vpn gre-vpn {
bind-interface st0.0;
ike {
gateway gre-ike;
ipsec-policy ipsec-1;
}
establish-tunnels immediately;
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set rs1 {
from zone trust;
to zone untrust;
rule r1 {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy internet-access {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
}
protocols {
ospf;
}
}
}
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
ping;
}
protocols {
ospf;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
ike;
}
}
}
security-zone vpn {
host-inbound-traffic {
system-services {
ike;
all;
}
protocols {
ospf;
all;
}
}
interfaces {
st0.0;
ge-0/0/0.0;
gr-0/0/0.0;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 177.242.52.193/30;
}
}
}
gr-0/0/0 {
unit 0 {
clear-dont-fragment-bit;
tunnel {
source 177.242.52.193;
destination 160.191.81.201;
allow-fragmentation;
path-mtu-discovery;
}
family inet {
mtu 1476;
address 172.18.18.1/30;
}
copy-tos-to-outer-ip-header;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.10.1.2/30;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.10.2.6/30;
}
}
}
fxp0 {
unit 0;
}
st0 {
unit 0 {
family inet {
address 172.18.18.1/30;
}
}
}
}
policy-options {
policy-statement PO1 {
term 1 {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement PO9 {
term 1 {
from protocol ospf;
then accept;
}
}
}
protocols {
ospf {
area 0.0.0.3 {
interface ge-0/0/1.0 {
interface-type p2p;
}
interface ge-0/0/2.0 {
interface-type p2p;
}
interface gr-0/0/0.0 {
interface-type p2p;
}
}
export PO1;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 177.242.52.194;
}
generate {
defaults {
preference 10;
}
route 0.0.0.0/0;
}
}
Сложный
Средний
Средний
Средний
Простой
Простой
