[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sat May 23 12:02:23 CDT 2015
Index: configs/core.goo.onenet.net
===================================================================
--- configs/core.goo.onenet.net (revision 127343)
+++ configs/core.goo.onenet.net (working copy)
@@ -299,28 +299,28 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1085270 up up
-#lsi.1085271 up up
-#lsi.1085272 up up
-#lsi.1085273 up up
-#lsi.1085274 up up
-#lsi.1085275 up up
-#lsi.1085276 up up
-#lsi.1085277 up up
-#lsi.1085278 up up
-#lsi.1085279 up up
-#lsi.1085280 up up
-#lsi.1085281 up up
-#lsi.1085282 up up
-#lsi.1085283 up up
-#lsi.1085284 up up
-#lsi.1085285 up up
-#lsi.1085286 up up
-#lsi.1085287 up up
-#lsi.1085288 up up
-#lsi.1085289 up up
-#lsi.1085290 up up
-#lsi.1085291 up up
+#lsi.1086084 up up
+#lsi.1086085 up up
+#lsi.1086086 up up
+#lsi.1086087 up up
+#lsi.1086088 up up
+#lsi.1086089 up up
+#lsi.1086090 up up
+#lsi.1086091 up up
+#lsi.1086092 up up
+#lsi.1086093 up up
+#lsi.1086094 up up
+#lsi.1086095 up up
+#lsi.1086096 up up
+#lsi.1086097 up up
+#lsi.1086098 up up
+#lsi.1086099 up up
+#lsi.1086100 up up
+#lsi.1086101 up up
+#lsi.1086102 up up
+#lsi.1086103 up up
+#lsi.1086104 up up
+#lsi.1086105 up up
#me0 up up
#mtun up up
#pimd up up
Index: configs/core.woo.onenet.net
===================================================================
--- configs/core.woo.onenet.net (revision 127340)
+++ configs/core.woo.onenet.net (working copy)
@@ -351,13 +351,13 @@
#lsi.1058693 up up
#lsi.1059118 up up
#lsi.1059246 up up
-#lsi.1059357 up up
#lsi.1059393 up up
#lsi.1059833 up up
#lsi.1059848 up up
#lsi.1059856 up up
#lsi.1059873 up up
-#lsi.1059955 up up
+#lsi.1059962 up up
+#lsi.1060030 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.end.onenet.net
===================================================================
--- configs/core.end.onenet.net (revision 127343)
+++ configs/core.end.onenet.net (working copy)
@@ -400,7 +400,7 @@
#lsi.1058883 up up
#lsi.1058884 up up
#lsi.1058973 up up
-#lsi.1059004 up up
+#lsi.1059041 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.law.onenet.net
===================================================================
--- configs/core.law.onenet.net (revision 127340)
+++ configs/core.law.onenet.net (working copy)
@@ -502,7 +502,6 @@
#lsi.1072114 up up
#lsi.1072775 up up
#lsi.1072901 up up
-#lsi.1073014 up up
#lsi.1073050 up up
#lsi.1073382 up up
#lsi.1073422 up up
@@ -510,7 +509,8 @@
#lsi.1073509 up up
#lsi.1073517 up up
#lsi.1073534 up up
-#lsi.1073616 up up
+#lsi.1073623 up up
+#lsi.1073692 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/acx.cai.hart-acx2100.onenet.net
===================================================================
--- configs/acx.cai.hart-acx2100.onenet.net (revision 127328)
+++ configs/acx.cai.hart-acx2100.onenet.net (working copy)
@@ -1,6 +1,7 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> show system commit
+# show chassis environment
# 2015-05-06 18:53:44 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-05-06 14:16:13 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-05-06 14:06:19 CDT by andrew via cli
Index: configs/core.dur.onenet.net
===================================================================
--- configs/core.dur.onenet.net (revision 127343)
+++ configs/core.dur.onenet.net (working copy)
@@ -360,7 +360,6 @@
#lsi.1050155 up up
#lsi.1057564 up up
#lsi.1057825 up up
-#lsi.1057864 up up
#lsi.1057934 up up
#lsi.1057935 up up
#lsi.1057938 up up
@@ -396,7 +395,8 @@
#lsi.1059885 up up
#lsi.1059886 up up
#lsi.1059975 up up
-#lsi.1060006 up up
+#lsi.1060007 up up
+#lsi.1060044 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.say.onenet.net
===================================================================
--- configs/core.say.onenet.net (revision 127340)
+++ configs/core.say.onenet.net (working copy)
@@ -357,7 +357,6 @@
#lsi.1059216 up up
#lsi.1059319 up up
#lsi.1059344 up up
-#lsi.1059456 up up
#lsi.1059493 up up
#lsi.1059494 up up
#lsi.1059530 up up
@@ -369,7 +368,8 @@
#lsi.1059962 up up
#lsi.1059979 up up
#lsi.1059980 up up
-#lsi.1060062 up up
+#lsi.1060069 up up
+#lsi.1060137 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.mus.onenet.net
===================================================================
--- configs/core.mus.onenet.net (revision 127340)
+++ configs/core.mus.onenet.net (working copy)
@@ -368,7 +368,6 @@
#lsi.1058674 up up
#lsi.1058675 up up
#lsi.1058802 up up
-#lsi.1058914 up up
#lsi.1058986 up up
#lsi.1059050 up up
#lsi.1059394 up up
@@ -377,7 +376,8 @@
#lsi.1059411 up up
#lsi.1059419 up up
#lsi.1059420 up up
-#lsi.1059518 up up
+#lsi.1059525 up up
+#lsi.1059594 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.elr.onenet.net
===================================================================
--- configs/core.elr.onenet.net (revision 127259)
+++ configs/core.elr.onenet.net (working copy)
@@ -329,7 +329,7 @@
#lsi.0 up up
#lsi.1049619 up up
#lsi.1049632 up up
-#lsi.1049633 up up
+#lsi.1049634 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.ada.onenet.net
===================================================================
--- configs/core.ada.onenet.net (revision 127343)
+++ configs/core.ada.onenet.net (working copy)
@@ -405,7 +405,7 @@
#lsi.1060980 up up
#lsi.1060981 up up
#lsi.1061070 up up
-#lsi.1061101 up up
+#lsi.1061138 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.ida.onenet.net
===================================================================
--- configs/core.ida.onenet.net (revision 127340)
+++ configs/core.ida.onenet.net (working copy)
@@ -350,7 +350,6 @@
#lsi.1 up up
#lsi.1053696 up up
#lsi.1053697 up up
-#lsi.1053698 up up
#lsi.1053699 up up
#lsi.1053700 up up
#lsi.1053701 up up
@@ -369,7 +368,8 @@
#lsi.1054725 up up
#lsi.1054733 up up
#lsi.1054750 up up
-#lsi.1054832 up up
+#lsi.1054870 up up
+#lsi.1054907 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.mca.onenet.net
===================================================================
--- configs/core.mca.onenet.net (revision 127340)
+++ configs/core.mca.onenet.net (working copy)
@@ -384,7 +384,6 @@
#lsi.1056874 up up
#lsi.1056875 up up
#lsi.1057002 up up
-#lsi.1057114 up up
#lsi.1057186 up up
#lsi.1057250 up up
#lsi.1057594 up up
@@ -393,7 +392,8 @@
#lsi.1057611 up up
#lsi.1057619 up up
#lsi.1057620 up up
-#lsi.1057718 up up
+#lsi.1057725 up up
+#lsi.1057794 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.pot.onenet.net
===================================================================
--- configs/core.pot.onenet.net (revision 127340)
+++ configs/core.pot.onenet.net (working copy)
@@ -382,7 +382,6 @@
#lsi.1058695 up up
#lsi.1058696 up up
#lsi.1058823 up up
-#lsi.1058935 up up
#lsi.1059005 up up
#lsi.1059069 up up
#lsi.1059374 up up
@@ -390,7 +389,8 @@
#lsi.1059415 up up
#lsi.1059430 up up
#lsi.1059431 up up
-#lsi.1059536 up up
+#lsi.1059543 up up
+#lsi.1059612 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.ard.onenet.net
===================================================================
--- configs/core.ard.onenet.net (revision 127343)
+++ configs/core.ard.onenet.net (working copy)
@@ -344,7 +344,6 @@
#lsi.1059722 up up
#lsi.1059725 up up
#lsi.1059778 up up
-#lsi.1060502 up up
#lsi.1060535 up up
#lsi.1060767 up up
#lsi.1060814 up up
@@ -360,7 +359,8 @@
#lsi.1061303 up up
#lsi.1061356 up up
#lsi.1061393 up up
-#lsi.1061424 up up
+#lsi.1061425 up up
+#lsi.1061463 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.odmhsas-okc.onenet.net
===================================================================
--- configs/core.odmhsas-okc.onenet.net (revision 126926)
+++ configs/core.odmhsas-okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ODMHSAS-OKC-MX104> show system commit
+# 2015-05-23 11:58:55 CDT by andrew via cli
+# 2015-05-23 11:52:25 CDT by andrew via cli
+# 2015-05-23 11:44:56 CDT by andrew via cli
# 2015-04-23 08:53:21 CDT by andrew via cli
# 2015-04-21 11:09:37 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-04-15 23:33:53 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-04-14 19:44:18 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-04-14 16:19:03 CDT by admin via cli
-# 2015-04-14 16:12:40 CDT by admin via cli
# grnoc-mon at ODMHSAS-OKC-MX104> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -73,9 +73,12 @@
# PIC 0 BUILTIN BUILTIN 10x 1GE(LAN) -E SFP
# Xcvr 0 REV 02 740-013111 D499289 SFP-T
# Xcvr 1 REV 02 740-013111 D446323 SFP-T
+# Xcvr 2 REV 02 740-013111 D498213 SFP-T
# Xcvr 3 REV 02 740-013111 D446379 SFP-T
-# Xcvr 4 REV 02 740-013111 D458974 SFP-T
+# Xcvr 4 REV 02 740-013111 D499260 SFP-T
+# Xcvr 5 REV 02 740-013111 D458974 SFP-T
# PIC 1 BUILTIN BUILTIN 10x 1GE(LAN) -E SFP
+# Xcvr 7 REV 02 740-013111 D458782 SFP-T
# Xcvr 8 REV 02 740-013111 D480275 SFP-T
# Xcvr 9 REV 01 740-011613 USOSX25280 SFP-SX
# FPC 1 BUILTIN BUILTIN MPC BUILTIN
@@ -197,22 +200,23 @@
# grnoc-mon at ODMHSAS-OKC-MX104> show version
# Hostname: ODMHSAS-OKC-MX104 # Model: mx104 # Junos: 13.3R4.6 # JUNOS Base OS boot [13.3R4.6] # JUNOS Base OS Software Suite [13.3R4.6] # JUNOS Kernel Software Suite [13.3R4.6] # JUNOS Crypto Software Suite [13.3R4.6] # JUNOS Packet Forwarding Engine Support (MX104) [13.3R4.6] # JUNOS Online Documentation [13.3R4.6] # JUNOS Services Application Level Gateways [13.3R4.6] # JUNOS Services Jflow Container package [13.3R4.6] # JUNOS Services Stateful Firewall [13.3R4.6] # JUNOS Services NAT [13.3R4.6] # JUNOS Services RPM [13.3R4.6] # JUNOS Services Crypto [13.3R4.6] # JUNOS Services SSL [13.3R4.6] # JUNOS Services IPSec [13.3R4.6] # JUNOS Routing Software Suite [13.3R4.6] # # grnoc-mon at ODMHSAS-OKC-MX104> file list /var/tmp detail #
# /var/tmp:
-# total blocks: 500392
+# total blocks: 1001096
# -rw-r--r-- 1 root field 30 Dec 31 2009 ex.txt
# drwxr-xr-x 2 root field 512 Dec 31 2009 gres-tp/
# drwxrwxrwx 2 root wheel 512 Dec 31 2009 install/
# -rwxr-xr-x 1 root field 256095290 Mar 17 13:12 jinstall-ppc-13.3R4.6-domestic-signed.tgz*
+# -rw-r----- 1 eng field 256266846 May 23 11:38 jinstall-ppc-13.3R6.5-domestic-signed.tgz
# drwxrwxrwx 2 root wheel 512 Dec 31 2009 pics/
# -r--r--r-- 1 root field 237 Mar 17 13:25 preinstall_boot_loader.conf
# drwxr-xr-x 2 root field 512 Dec 31 2009 rtsdb/
# -rw-r----- 1 root field 1068 Apr 23 09:02 sampled.pkts
# drwxrwxrwt 2 root wheel 512 Dec 31 2009 vi.recover/
-# total files: 4
+# total files: 5
#
# grnoc-mon at ODMHSAS-OKC-MX104> show system uptime
# System booted: 2015-05-12 07:28 CDT
# Protocols started: 2015-05-12 07:31 CDT
-# Last configured: 2015-04-23 08:53 CDT by andrew
+# Last configured: 2015-05-23 11:58 CDT by andrew
#
# grnoc-mon at ODMHSAS-OKC-MX104> show interface terse
#Interface Admin Link
@@ -227,11 +231,12 @@
#ge-0/0/1 up up
#ge-0/0/1.0 up up
#ge-0/0/2 up down
-#ge-0/0/3 up up
-#ge-0/0/4 up up
-#ge-0/0/4.0 up up
-#ge-0/0/5 up down
+#ge-0/0/3 up down
+#ge-0/0/4 up down
+#ge-0/0/5 up up
+#ge-0/0/5.0 up up
#ge-0/0/6 up down
+#ge-0/0/6.0 up down
#ge-0/0/7 up down
#ge-0/0/8 up down
#ge-0/0/9 up down
@@ -242,9 +247,11 @@
#ge-0/1/4 up down
#ge-0/1/5 up down
#ge-0/1/6 up down
-#ge-0/1/7 up down
+#ge-0/1/7 up up
+#ge-0/1/7.255 up up
+#ge-0/1/7.32767 up up
#ge-0/1/8 up up
-#ge-0/1/8.255 up up
+#ge-0/1/8.9 up up
#ge-0/1/8.32767 up up
#ge-0/1/9 up up
#ge-0/1/9.500 up up
@@ -273,7 +280,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ODMHSAS-OKC-MX104> show configuration
-## Last commit: 2015-04-23 08:53:21 CDT by andrew
+## Last commit: 2015-05-23 11:58:55 CDT by andrew
version 13.3R4.6;
system {
host-name ODMHSAS-OKC-MX104;
@@ -457,7 +464,16 @@
}
}
}
+ ge-0/0/2 {
+ description "SERVER IN [NO-MONITOR]";
+ }
+ ge-0/0/3 {
+ description "SERVER OUT [NO-MONITOR]";
+ }
ge-0/0/4 {
+ description "SERVERS OUTSIDE FIREWALL [NO-MONITOR]";
+ }
+ ge-0/0/5 {
description "MPLS to Legacy Wan [NO-MONITOR]";
unit 0 {
family inet {
@@ -465,7 +481,15 @@
}
}
}
- ge-0/1/8 {
+ ge-0/0/6 {
+ description "OLD SERVERS TO NORMAN [NO-MONITOR]";
+ unit 0 {
+ family inet {
+ address 10.2.11.218/16;
+ }
+ }
+ }
+ ge-0/1/7 {
description COX;
flexible-vlan-tagging;
mtu 9192;
@@ -482,6 +506,19 @@
}
}
}
+ ge-0/1/8 {
+ description "COX to Norman [NO-MONITOR]";
+ flexible-vlan-tagging;
+ mtu 9192;
+ encapsulation flexible-ethernet-services;
+ unit 9 {
+ vlan-id 9;
+ family inet {
+ mtu 1500;
+ address 192.168.230.1/30;
+ }
+ }
+ }
ge-0/1/9 {
description "CORE 1GE to swi1.dhs-mid-okc ge-0/1/1 | OneNet-OKL110DHS-OKL120ODM-GE-6219";
flexible-vlan-tagging;
@@ -590,7 +627,7 @@
mpls {
interface lo0.0;
interface ge-0/1/9.500;
- interface ge-0/1/8.255;
+ interface ge-0/1/7.255;
}
bgp {
group CORE-RR-OKC-V4 {
@@ -695,7 +732,7 @@
md5 7 key "$9$.mQF/Cu01hCAhrevN-ikq.T39ApOIcFnA0BIcS"; ## SECRET-DATA
}
}
- interface ge-0/1/8.255 {
+ interface ge-0/1/7.255 {
metric 65535;
authentication {
md5 7 key "$9$xv.7bs4aUDHmaJmTz3puWLXxVYoJGjkPs2JDikPf"; ## SECRET-DATA
@@ -712,7 +749,7 @@
interface ge-0/1/9.500 {
ipsec-sa OneNet-OSPF3-AUTH;
}
- interface ge-0/1/8.255 {
+ interface ge-0/1/7.255 {
ipsec-sa OneNet-OSPF3-AUTH;
}
}
@@ -720,7 +757,7 @@
ldp {
preference 255;
track-igp-metric;
- interface ge-0/1/8.255;
+ interface ge-0/1/7.255;
interface ge-0/1/9.500;
interface lo0.0;
}
@@ -1126,7 +1163,7 @@
description ODMHSAS-L3VPN;
instance-type vrf;
interface ge-0/0/1.0;
- interface ge-0/0/4.0;
+ interface ge-0/0/5.0;
route-distinguisher 164.58.199.85:2559;
vrf-import ODMHSAS-VRF-IMPORT;
vrf-export ODMHSAS-VRF-EXPORT;
@@ -1166,10 +1203,21 @@
}
}
}
+ ODMHSAS-OKC-NOR {
+ instance-type virtual-router;
+ interface ge-0/0/6.0;
+ interface ge-0/1/8.9;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.2.5.50;
+ route 10.1.0.0/16 next-hop 192.168.230.2;
+ }
+ }
+ }
}
# grnoc-mon at ODMHSAS-OKC-MX104> show ospf neighbor
# Address Interface State ID Pri Dead
-# 164.58.244.144 ge-0/1/8.255 Full 164.58.199.214
+# 164.58.244.144 ge-0/1/7.255 Full 164.58.199.214
# 164.58.244.146 ge-0/1/9.500 Full 164.58.199.215
#
# grnoc-mon at ODMHSAS-OKC-MX104> show bfd session
Index: configs/hub.tsb.onenet.net
===================================================================
--- configs/hub.tsb.onenet.net (revision 127343)
+++ configs/hub.tsb.onenet.net (working copy)
@@ -200,7 +200,7 @@
# -rw-rw---- 1 root field 51994624 Oct 24 2013 ifinfo.core.1
# -rw-rw---- 1 root field 51974144 Oct 24 2013 ifinfo.core.2
# -rw-rw---- 1 root field 52744192 Oct 24 2013 ifinfo.core.3
-# -rw-rw---- 1 root field 52727808 May 23 11:00 ifinfo.core.4
+# -rw-rw---- 1 root field 52727808 May 23 12:00 ifinfo.core.4
# drwxrwxrwx 2 root wheel 512 Oct 12 2012 install/
# -rw-rw---- 1 root field 33464320 Mar 3 2014 jdiameterd.core.0
# -rw-r--r-- 1 eng field 99542994 Apr 23 2013 jinstall-ppc-11.4R7.5-domestic-signed.tgz
Index: configs/core.alt.onenet.net
===================================================================
--- configs/core.alt.onenet.net (revision 127343)
+++ configs/core.alt.onenet.net (working copy)
@@ -407,7 +407,7 @@
#lsi.1192557 up up
#lsi.1192610 up up
#lsi.1192647 up up
-#lsi.1192678 up up
+#lsi.1192716 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/hub.say.onenet.net
===================================================================
--- configs/hub.say.onenet.net (revision 127343)
+++ configs/hub.say.onenet.net (working copy)
@@ -300,8 +300,8 @@
#t1-2/0/2:4.0 up up
#t1-2/0/2:5 up up
#t1-2/0/2:5.0 up down
-#t1-2/0/2:6 up up
-#t1-2/0/2:6.0 up up
+#t1-2/0/2:6 up down
+#t1-2/0/2:6.0 up down
#t1-2/0/2:7 down down
#t1-2/0/2:8 down down
#t1-2/0/2:9 down down
Index: configs/core.chi.onenet.net
===================================================================
--- configs/core.chi.onenet.net (revision 127343)
+++ configs/core.chi.onenet.net (working copy)
@@ -326,7 +326,6 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1057435 up up
#lsi.1057483 up up
#lsi.1057510 up up
#lsi.1057522 up up
@@ -347,7 +346,8 @@
#lsi.1059105 up up
#lsi.1059158 up up
#lsi.1059195 up up
-#lsi.1059226 up up
+#lsi.1059227 up up
+#lsi.1059265 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.wea.onenet.net
===================================================================
--- configs/core.wea.onenet.net (revision 127340)
+++ configs/core.wea.onenet.net (working copy)
@@ -327,7 +327,6 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1059075 up up
#lsi.1059080 up up
#lsi.1059083 up up
#lsi.1059129 up up
@@ -338,7 +337,6 @@
#lsi.1059970 up up
#lsi.1060149 up up
#lsi.1060201 up up
-#lsi.1060212 up up
#lsi.1060248 up up
#lsi.1060534 up up
#lsi.1060621 up up
@@ -348,7 +346,9 @@
#lsi.1060717 up up
#lsi.1060734 up up
#lsi.1060787 up up
-#lsi.1060817 up up
+#lsi.1060824 up up
+#lsi.1060856 up up
+#lsi.1060894 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/odmhsas.central-office.okc.client.onenet.net
===================================================================
--- configs/odmhsas.central-office.okc.client.onenet.net (revision 127328)
+++ configs/odmhsas.central-office.okc.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system commit
+# 2015-05-23 11:59:37 CDT by andrew via cli
# 2015-05-20 17:40:55 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-05-16 00:47:25 CDT by andrew via cli
# 2015-05-16 00:44:57 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-05-05 23:31:00 CDT by andrew via cli
# 2015-05-05 23:16:42 CDT by andrew via cli
-# 2015-05-05 23:15:56 CDT by andrew via cli
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -130,7 +130,7 @@
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system uptime
# System booted: 2015-05-12 07:28 CDT
# Protocols started: 2015-05-12 07:30 CDT
-# Last configured: 2015-05-20 17:40 CDT by andrew
+# Last configured: 2015-05-23 11:59 CDT by andrew
#
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show interface terse
#Interface Admin Link
@@ -147,10 +147,11 @@
#ge-0/0/1 up up
#ge-0/0/1.0 up up
#ge-0/0/2 down down
+#ge-0/0/2.0 up down
#ge-0/0/3 down down
#ge-0/0/4 down down
-#ge-0/0/5 up up
-#ge-0/0/5.0 up up
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
#ge-0/0/6 up down
#ge-0/0/6.0 up down
#ge-0/0/7 up down
@@ -174,6 +175,7 @@
#ppd0 up up
#ppe0 up up
#st0 up up
+#st0.0 up down
#st0.12 up up
#st0.13 up up
#st0.14 up up
@@ -202,7 +204,7 @@
#tap up up
#vlan up up
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show configuration
-## Last commit: 2015-05-20 17:40:55 CDT by andrew
+## Last commit: 2015-05-23 11:59:37 CDT by andrew
version 12.1X46-D20.5;
system {
host-name ODMHSAS-CENTRAL-OFFICE-OKC-SRX550;
@@ -338,7 +340,13 @@
}
}
ge-0/0/2 {
+ description "Link to HP VPN";
disable;
+ unit 0 {
+ family inet {
+ address 128.212.228.90/30;
+ }
+ }
}
ge-0/0/3 {
disable;
@@ -372,6 +380,10 @@
}
}
st0 {
+ unit 0 {
+ description HP-VPN;
+ family inet;
+ }
unit 12 {
description Backup-VPN-to-ODMHSAS-CAMHC-Ada;
family inet {
@@ -816,6 +828,13 @@
encryption-algorithm aes-128-cbc;
lifetime-seconds 28800;
}
+ proposal IKE-PROPOSAL-HP-VPN {
+ authentication-method pre-shared-keys;
+ dh-group group2;
+ authentication-algorithm md5;
+ encryption-algorithm 3des-cbc;
+ lifetime-seconds 3600;
+ }
policy IKE-ODMHSAS-TEST {
mode main;
proposals PRE-G2-AES128-SHA;
@@ -941,6 +960,11 @@
proposals PRE-G2-AES128-SHA;
pre-shared-key ascii-text "$9$jYqm5OBEcreCtRSrvXxjHkmT3CtOB1ETzCu0OREdbsYaZf5F/9pg4"; ## SECRET-DATA
}
+ policy IKE-HP-VPN {
+ mode main;
+ proposals IKE-PROPOSAL-HP-VPN;
+ pre-shared-key ascii-text "$9$85tx7Vs2aHqfDi6Au0hcylK8X-"; ## SECRET-DATA
+ }
gateway IKE-GATE-ODMHSAS-TEST {
ike-policy IKE-ODMHSAS-TEST;
address 166.130.131.48;
@@ -1066,6 +1090,11 @@
address 166.130.131.71;
external-interface ge-0/0/0.0;
}
+ gateway IKE-GATE-HP-VPN {
+ ike-policy IKE-ODMHSAS-TEST;
+ address 70.184.28.104;
+ external-interface ge-0/0/2.0;
+ }
}
ipsec {
vpn-monitor-options {
@@ -1079,6 +1108,12 @@
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;
}
+ proposal IPSEC-PROPOSAL-HP-VPN {
+ protocol esp;
+ authentication-algorithm hmac-md5-96;
+ encryption-algorithm 3des-cbc;
+ lifetime-seconds 28800;
+ }
policy VPN-POLICY-ODMHSAS-TEST {
proposals G2-ESP-AES128-SHA;
}
@@ -1154,6 +1189,9 @@
policy VPN-POLICY-LELAND-WOLF-USERS {
proposals G2-ESP-AES128-SHA;
}
+ policy VPN-POLICY-HP-VPN {
+ proposals IPSEC-PROPOSAL-HP-VPN;
+ }
inactive: vpn IPSEC-VPN-ODMHSAS-TEST {
bind-interface st0.63;
vpn-monitor {
@@ -1479,6 +1517,38 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-HP-VPN {
+ bind-interface st0.0;
+ ike {
+ gateway IKE-GATE-HP-VPN;
+ ipsec-policy VPN-POLICY-HP-VPN;
+ }
+ traffic-selector HP-TS-01 {
+ local-ip 192.168.133.0/24;
+ remote-ip 128.212.227.0/24;
+ }
+ traffic-selector HP-TS-02 {
+ local-ip 192.168.133.0/24;
+ remote-ip 128.212.228.0/25;
+ }
+ traffic-selector HP-TS-03 {
+ local-ip 192.168.133.0/24;
+ remote-ip 192.168.176.0/20;
+ }
+ traffic-selector HP-TS-04 {
+ local-ip 192.168.133.0/24;
+ remote-ip 192.85.171.0/24;
+ }
+ traffic-selector HP-TS-05 {
+ local-ip 192.168.133.0/24;
+ remote-ip 192.168.69.0/24;
+ }
+ traffic-selector HP-TS-06 {
+ local-ip 192.168.133.0/24;
+ remote-ip 192.168.3.17/32;
+ }
+ establish-tunnels immediately;
+ }
}
utm {
feature-profile {
@@ -1547,6 +1617,11 @@
164.58.58.131/32;
}
}
+ pool HP-VPN-POOL {
+ address {
+ 192.168.133.1/32 to 192.168.133.200/32;
+ }
+ }
rule-set TRUST-TO-UNTRUST-NAT {
from zone TRUST;
to zone UNTRUST;
@@ -1563,7 +1638,436 @@
}
}
}
+ rule-set TRUST-TO-HP-VPN-NAT {
+ from zone TRUST;
+ to zone HP-VPN;
+ rule NAT-TRUST-TO-HP-VPN {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ pool {
+ HP-VPN-POOL;
+ }
+ }
+ }
+ }
+ }
}
+ static {
+ rule-set HP-VPN-NAT {
+ from zone HP-VPN;
+ rule 192_168_133_216 {
+ match {
+ destination-address 192.168.133.216/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.2.0.20/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_218 {
+ match {
+ destination-address 192.168.133.218/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.2.11.23/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_219 {
+ match {
+ destination-address 192.168.133.219/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.17.0.12/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_221 {
+ match {
+ destination-address 192.168.133.221/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.17.0.2/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_224 {
+ match {
+ destination-address 192.168.133.224/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.16.0.9/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_225 {
+ match {
+ destination-address 192.168.133.225/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.16.0.3/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_226 {
+ match {
+ destination-address 192.168.133.226/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.16.3.92/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_227 {
+ match {
+ destination-address 192.168.133.227/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.1.255.4/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_228 {
+ match {
+ destination-address 192.168.133.228/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.6.0.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_229 {
+ match {
+ destination-address 192.168.133.229/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.6.12/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_230 {
+ match {
+ destination-address 192.168.133.230/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.5.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_231 {
+ match {
+ destination-address 192.168.133.231/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.7.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_232 {
+ match {
+ destination-address 192.168.133.232/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.2.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_233 {
+ match {
+ destination-address 192.168.133.233/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.8.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_234 {
+ match {
+ destination-address 192.168.133.234/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.6.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_235 {
+ match {
+ destination-address 192.168.133.235/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.4.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_236 {
+ match {
+ destination-address 192.168.133.236/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.3.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_237 {
+ match {
+ destination-address 192.168.133.237/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.21.1.11/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_238 {
+ match {
+ destination-address 192.168.133.238/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.7.0.10/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_239 {
+ match {
+ destination-address 192.168.133.239/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.7.0.8/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_240 {
+ match {
+ destination-address 192.168.133.240/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.1.255.1/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_241 {
+ match {
+ destination-address 192.168.133.241/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.2.5.17/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_242 {
+ match {
+ destination-address 192.168.133.242/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.2.5.53/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_243 {
+ match {
+ destination-address 192.168.133.243/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.7.0.9/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_244 {
+ match {
+ destination-address 192.168.133.244/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.3.2.5/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_245 {
+ match {
+ destination-address 192.168.133.245/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.3.1.1/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_246 {
+ match {
+ destination-address 192.168.133.246/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.5.0.18/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_247 {
+ match {
+ destination-address 192.168.133.247/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.5.0.21/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_248 {
+ match {
+ destination-address 192.168.133.248/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.5.0.8/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_250 {
+ match {
+ destination-address 192.168.133.250/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.23.1.2/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_251 {
+ match {
+ destination-address 192.168.133.251/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.23.1.3/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_252 {
+ match {
+ destination-address 192.168.133.252/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.2.5.1/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_253 {
+ match {
+ destination-address 192.168.133.253/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.2.5.2/32;
+ }
+ }
+ }
+ }
+ rule 192_168_133_254 {
+ match {
+ destination-address 192.168.133.254/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.2.5.23/32;
+ }
+ }
+ }
+ }
+ }
+ }
}
policies {
from-zone TRUST to-zone UNTRUST {
@@ -1604,6 +2108,30 @@
}
}
}
+ from-zone TRUST to-zone HP-VPN {
+ policy TRUST-TO-HP-VPN {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone HP-VPN to-zone TRUST {
+ policy HP-VPN-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
security-zone TRUST {
@@ -1680,6 +2208,29 @@
ge-0/0/5.0;
}
}
+ security-zone HP-VPN-LINK {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ ike;
+ }
+ }
+ interfaces {
+ ge-0/0/2.0;
+ }
+ }
+ security-zone HP-VPN {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ interfaces {
+ st0.0;
+ }
+ }
}
}
firewall {
@@ -1732,6 +2283,15 @@
}
}
routing-instances {
+ HP-VPN-LINK {
+ instance-type virtual-router;
+ interface ge-0/0/2.0;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 128.212.228.89;
+ }
+ }
+ }
OMES-INTERNET {
instance-type virtual-router;
interface ge-0/0/5.0;
Index: configs/core.sem.onenet.net
===================================================================
--- configs/core.sem.onenet.net (revision 127340)
+++ configs/core.sem.onenet.net (working copy)
@@ -355,13 +355,13 @@
#lsi.1055569 up up
#lsi.1055989 up up
#lsi.1056116 up up
-#lsi.1056228 up up
#lsi.1056264 up up
#lsi.1056704 up up
#lsi.1056719 up up
#lsi.1056727 up up
#lsi.1056744 up up
-#lsi.1056826 up up
+#lsi.1056833 up up
+#lsi.1056901 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.wil.onenet.net
===================================================================
--- configs/core.wil.onenet.net (revision 127340)
+++ configs/core.wil.onenet.net (working copy)
@@ -387,14 +387,14 @@
#lsi.1049431 up up
#lsi.1049534 up up
#lsi.1049560 up up
-#lsi.1049671 up up
#lsi.1049807 up up
#lsi.1049908 up up
#lsi.1050164 up up
#lsi.1050165 up up
#lsi.1050173 up up
#lsi.1050174 up up
-#lsi.1050272 up up
+#lsi.1050279 up up
+#lsi.1050347 up up
#mtun up up
#pimd up up
#pime up up
More information about the Nocrancid
mailing list