[Nocrancid] autopop-onenet.net/core2.nor-mx80.onenet.net[0] router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Fri Sep 18 01:14:57 CDT 2015
Index: router.db
===================================================================
--- router.db (revision 133919)
+++ router.db (working copy)
@@ -0,0 +1,304 @@
+#--- rancid_config generated for admin_net onenet.net by /gnoc/autorancid/autopopulator/bin/autorancid.pl:
+acx.cai.ato-acx2100.onenet.net:juniper:up
+acx.cai.dpsdur-acx2100.onenet.net:juniper:up
+acx.cai.dpseni-acx2100.onenet.net:juniper:up
+acx.cai.hart-acx2100.onenet.net:juniper:up
+acx.caipan.onenet.net:juniper:up
+acx.owtcalb.onenet.net:juniper:up
+acx.owtccla.onenet.net:juniper:up
+ADA-HIGH-SCHOOL-SRX240.client.onenet.net:juniper:down
+alex-ps.client.onenet.net:juniper:down
+baptist-girls-home-srx220.client.onenet.net:juniper:up
+bennington-ps-srx220.onenet.net:juniper:up
+blackwell-ps.client.onenet.net:juniper:up
+BLACKWELL-PUB-LIB-SRX220.clients.onenenet.net:juniper:down
+buffalo-valley-ps-ge112.nid.onenet.net:fsp150:up
+calera-ps.client.onenet.net:juniper:up
+CAMERON-PS-SRX220.clients.onenet.net:juniper:down
+Capitol-3550.onenet.net:cisco:down
+chisholm-ps-srx220.client.onenet.net:juniper:up
+clayton-ps-srx220.client.onenet.net:juniper:up
+cleveland-ps-srx220.client.onenet.net:juniper:up
+CLI-adva.p.onenet.net:fsp3000:up
+core.ada.onenet.net:juniper:up
+core.alt.onenet.net:juniper:up
+core.ard.onenet.net:juniper:up
+core.cai.gc.onenet.net:juniper:up
+core.chi.onenet.net:juniper:up
+core.dun.onenet.net:juniper:up
+core.dur.onenet.net:juniper:up
+core.elr.onenet.net:juniper:up
+core.end.onenet.net:juniper:up
+core.goo.onenet.net:juniper:up
+core.hut.412.onenet.net:juniper:up
+core.hut.ard.onenet.net:juniper:up
+core.hut.ato.onenet.net:juniper:up
+core.hut.cli.onenet.net:juniper:up
+core.hut.elk.onenet.net:juniper:up
+core.hut.elr.onenet.net:juniper:up
+core.hut.gra.onenet.net:juniper:up
+core.hut.hen.onenet.net:juniper:up
+core.hut.hug.onenet.net:juniper:up
+core.hut.law.onenet.net:juniper:up
+core.hut.ori.onenet.net:juniper:up
+core.hut.pra.onenet.net:juniper:up
+core.hut.sal.onenet.net:juniper:up
+core.hut.sei.onenet.net:juniper:up
+core.hut.waur.onenet.net:juniper:up
+core.hut.wea.onenet.net:juniper:up
+core.hut.web.onenet.net:juniper:up
+core.ida.onenet.net:juniper:up
+core.law.onenet.net:juniper:up
+core.mca.onenet.net:juniper:up
+core.mus.onenet.net:juniper:up
+core.odmhsas-okc.onenet.net:juniper:up
+core.okc.onenet.net:cisco:down
+core.okcbok.onenet.net:juniper:up
+core.okclab.onenet.net:cisco:down
+core.owtcred.onenet.net:juniper:up
+core.ponc.onenet.net:juniper:up
+core.pot.onenet.net:juniper:up
+core.ptc.onenet.net:cisco:down
+core.rack59.onenet.net:juniper:up
+core.sal.onenet.net:juniper:up
+core.say.onenet.net:juniper:up
+core.sem.onenet.net:juniper:up
+core.tul.onenet.net:cisco:down
+core.wea.onenet.net:juniper:up
+core.wil.onenet.net:juniper:up
+core.wless.velm.onenet.net:juniper:up
+core.woo.onenet.net:juniper:up
+core1.dc.onenet.net:juniper:up
+core1.edm.onenet.net:juniper:up
+core1.lan-MX80.onenet.net:juniper:up
+core1.nor.onenet.net:juniper:up
+core1.okc-MX960.onenet.net:juniper:up
+core1.okccc.onenet.net:juniper:up
+core1.ptc.onenet.net:juniper:up
+core1.sti-MX960.onenet.net:juniper:up
+core1.tul-MX960.onenet.net:juniper:up
+core10.tul.onenet.net:juniper:down
+core2-okc-MX960.onenet.net:juniper:up
+core2.dc.onenet.net:juniper:up
+core2.nor-MX80.onenet.net:juniper:up
+core2.okc.onenet.net:cisco:down
+core2.sti.onenet.net:juniper:up
+core2.tul-MX960.onenet.net:juniper:up
+core2.tul.onenet.net:cisco:down
+core3.okc-M120.onenet.net:juniper:up
+core3.tul-M120.onenet.net:juniper:up
+core3.tul.onenet.net:cisco:down
+core4.okc.onenet.net:juniper:up
+core4.tul.onenet.net:juniper:up
+core5.okc.onenet.net:juniper:up
+core5.tul.onenet.net:juniper:up
+core6.okc-M7i.onenet.net:juniper:up
+core6.tul-M7i.onenet.net:juniper:up
+core7.tul.onenet.net:juniper:down
+core8.okc-MX480.onenet.net:juniper:up
+core8.okc.onenet.net:cisco:down
+core8.tul-C7603.onenet.net:cisco:down
+core8.tul.onenet.net:juniper:up
+core9.tul.onenet.net:cisco:down
+decom.san-sw-tulsa.onenet.net:cisco:down
+denison-ps-srx220.client.onenet.net:juniper:up
+DICKSON-SCHOOLS-SRX240.client.onenet.net:juniper:up
+dps-okc-mlk-ge114.nid.onenet.net:fsp150:up
+faye.okcdc.onenet.net:juniper:down
+gatekeeper-backup-3725:cisco:down
+geronimo-ps.client.onenet.net:juniper:down
+GROVE-ELEM-DIST-63-SRX220.client.onenet.net:juniper:down
+HARRA-PS-SRX240.onenet.net:juniper:up
+HAYWOOD-PS-SRX240.client.onenet.net:juniper:down
+hennessey-ps-srx220.client.onenet.net:juniper:up
+hu.ada.onenet.net:cisco:down
+hu.alv.onenet.net:cisco:down
+hu.chi.onenet.net:cisco:down
+hu.cla.onenet.net:cisco:down
+hu.dunc.onenet.net:cisco:down
+hu.dur.onenet.net:cisco:down
+hu.elr.onenet.net:cisco:down
+hu.end.onenet.net:cisco:down
+hu.goo.onenet.net:cisco:down
+hu.ida.onenet.net:cisco:down
+hu.law.onenet.net:cisco:down
+hu.mca.onenet.net:cisco:down
+hu.mia.onenet.net:cisco:down
+hu.mus.onenet.net:cisco:down
+hu.mwc.onenet.net:juniper:down
+hu.okm.onenet.net:cisco:down
+hu.ponc.onenet.net:cisco:down
+hu.pot.onenet.net:cisco:down
+hu.sal.onenet.net:cisco:down
+hu.sem.onenet.net:cisco:down
+hu.tah.onenet.net:cisco:down
+hu.tis.onenet.net:cisco:down
+hu.ton.onenet.net:cisco:down
+hu.wea.onenet.net:cisco:down
+hu.wil.onenet.net:cisco:down
+hu.woo.onenet.net:cisco:down
+hub.ada.onenet.net:juniper:up
+hub.alt.onenet.net:juniper:up
+hub.alv.onenet.net:juniper:up
+hub.ard.onenet.net:juniper:up
+hub.bar.onenet.net:juniper:up
+hub.chi.onenet.net:juniper:up
+hub.cla.onenet.net:juniper:up
+hub.cyril-tower.onenet.net:cisco:down
+hub.dun.onenet.net:juniper:up
+hub.dur.onenet.net:juniper:up
+hub.edm.onenet.net:cisco:down
+hub.elr.onenet.net:juniper:up
+hub.end.onenet.net:juniper:up
+hub.goo.onenet.net:juniper:down
+hub.ida.onenet.net:juniper:up
+hub.lan.onenet.net:cisco:down
+hub.lawM120.onenet.net:juniper:up
+hub.lawton-tower-router-MW.onenet.net:cisco:up
+hub.mca.onenet.net:juniper:up
+hub.mia.onenet.net:juniper:up
+hub.mus.onenet.net:juniper:up
+hub.mwc.onenet.net:juniper:up
+hub.Newcastle-router-MW.onenet.net:cisco:up
+hub.nor.onenet.net:cisco:down
+hub.nor1.onenet.net:cisco:down
+hub.okccc.onenet.net:cisco:down
+hub.okm.onenet.net:juniper:up
+hub.osuokc.onenet.net:juniper:up
+hub.osuokc.onenet.netold:cisco:down
+hub.pot.onenet.net:juniper:up
+hub.RushSprings-router-MW.onenet.net:cisco:up
+hub.sal.onenet.net:juniper:up
+hub.say.onenet.net:juniper:up
+hub.sem.onenet.net:juniper:up
+hub.snyder-tower.onenet.net:cisco:up
+hub.sti.onenet.net:cisco:down
+hub.tah.onenet.net:juniper:up
+hub.tis.onenet.net:juniper:up
+hub.ton.onenet.net:juniper:up
+hub.tsb.onenet.net:juniper:up
+hub.velma-tower.onenet.net:cisco:up
+hub.war.onenet.net:juniper:up
+hub.war7304.onenet.net:cisco:down
+hub.wea.onenet.net:juniper:up
+hub.wil.onenet.net:juniper:up
+hub.woo.onenet.net:juniper:up
+hutelr-adva.p.onenet.net:fsp3000:up
+KEOTA-HS-SRX220.client.onenet.net:juniper:up
+lukfata-ps.client.onenet.net:juniper:up
+madill-ps-srx220.client.onenet.net:juniper:up
+miami-ps-srx220.client.onenet.net:juniper:up
+mid-america-tech-ctr.client.onenet.net:juniper:up
+mwc-2912switch:cisco:down
+navajo-ps-srx220.client.onenet.net:juniper:up
+NE-AREA-VOTECH-PRYOR.client.onenet.net:juniper:up
+nor-adva.p.onenet.net:fsp3000:up
+NORTH-ROCK-CREEK-PS.client.onenet.net:juniper:up
+ns3.onenet.net:PC:up
+odmhsas.central-office.okc.client.onenet.net:juniper:up
+OJA-SW-YOUTH-CENTER-MANITOU-SRX220.onenet.net:juniper:down
+OKC-DC-EDGE1-MX80.onenet.net:juniper:down
+okdepvotec-2950custend1.onenet.net:cisco:down
+OKTAHA-SRX240.onenet.net:juniper:up
+OMES-MX480-0:juniper:down
+OMES-MX480-1:juniper:down
+onenet-dc-xg210.nid.onenet.net:fsp150:up
+opt.AHEC.onenet.net:ons15327:down
+opt.ard.onenet.net:ons15454:down
+opt.art.onenet.net:ons15454:up
+opt.cfh.onenet.net:ons15327:down
+opt.dps.onenet.net:ons15327:up
+opt.hal.onenet.net:ons15454:up
+opt.lan.onenet.net:ons15327:down
+opt.law.onenet.net:ons15327:up
+opt.mem.onenet.net:ons15454:up
+opt.mid.onenet.net:ons15454:down
+opt.mid2.onenet.net:ons15454:up
+opt.mtc.onenet.net:ons15454:up
+opt.nlr.onenet.net:ons15454:down
+opt.nor.onenet.net:ons15454:down
+opt.nrm.onenet.net:ons15454:up
+opt.occ.onenet.net:ons15454:up
+opt.oeta.onenet.net:ons15454:up
+opt.okc.onenet.net:ons15454:up
+opt.okc6.onenet.net:ons15454:down
+opt.sti.onenet.net:ons15454:up
+opt.tul.onenet.net:ons15454:up
+opt.tul6.onenet.net:ons15454:down
+opt2.nor.onenet.net:ons15454:up
+opt2.str.onenet.net:ons15454:down
+opt3.okc.onenet.net:ons15454:up
+opt3.sti.onenet.net:ons15454:up
+opt3.tul.onenet.net:ons15454:up
+opt4.okc.onenet.net:ons15454:up
+opt4.tul.onenet.net:ons15454:up
+opt5.okc.onenet.net:ons15454:down
+opt5.tul.onenet.net:ons15454:down
+ore13.okc.onenet.net:cisco:down
+ore14.okc.onenet.net:cisco:down
+ore5.okc.onenet.net:cisco:down
+ore6.okc.onenet.net:cisco:down
+panola-ps.client.onenet.net:juniper:up
+PIONEER-TECH-ASH-SRX220-MR.client.onenet.net:juniper:up
+pioneer-tech-ponc-srx220.client.onenet.net:juniper:up
+PORUM-PUB-SCH-SRX240.client.onenet.net:juniper:up
+QUAPAW-PUB-SCHOOL-SRX240.client.onenet.net:juniper:down
+rp3-adva.p.onenet.net:fsp3000:up
+rpswi1.okc.onenet.net:juniper:up
+rpswi1.rp3f2.onenet.net:cisco:up
+rpswi2.rp1f3.onenet.net:juniper:up
+rpswi2.rp2f4.onenet.net:cisco:down
+rpswi2.rp3f1.onenet.net:cisco:down
+rpswi2.rp3f2.onenet.net:cisco:up
+rpswi3.rp3f2.onenet.net:juniper:up
+rpswi4.rp3f1.onenet.net:juniper:down
+san-sw-lawton.onenet.net:juniper:down
+san-sw-tulsa-EX2200.onenet.net:juniper:up
+SMITHVILLE-PUB-SCH-SRX240.client.onenet.net:juniper:down
+SRX1.RP3F1-JOEL-SRX-220:juniper:down
+sti-ps.onenet.net:PC:up
+swi.cai.ato.onenet.net:juniper:down
+swi.cai.chey.onenet.net:juniper:down
+swi.cai.cleet.onenet.net:juniper:up
+swi.cai.coal.onenet.net:juniper:up
+swi.cai.com.onenet.net:juniper:up
+swi.cai.dpsdur.onenet.net:juniper:down
+swi.cai.dpsend.onenet.net:juniper:down
+swi.cai.dun.onenet.net:juniper:up
+swi.cai.eosc.onenet.net:juniper:up
+swi.cai.gc.onenet.net:juniper:down
+swi.cai.jef.onenet.net:juniper:up
+swi.cai.law.onenet.net:juniper:up
+swi.cai.nok.onenet.net:juniper:up
+swi.cai.nwosu.onenet.net:juniper:up
+swi.cai.sei.onenet.net:juniper:up
+swi.cai.woo.onenet.net:juniper:down
+swi.sw-tech-center-altus.onenet.net:juniper:up
+swi1-rp3f0-3750x.onenet.net:cisco:up
+swi1.cap.onenet.net:cisco:down
+swi1.chi-EX2200.onenet.net:juniper:up
+swi1.dhs-mid-okc.onenet.net:juniper:up
+swi1.ggc-etn.onenet.net:juniper:up
+swi1.langston-okc.onenet.net:juniper:up
+swi1.law.onenet.net:juniper:up
+swi1.mia.onenet.net:juniper:up
+swi1.norman-ps.onenet.net:juniper:up
+swi1.odot.ada-hq.onenet.net:juniper:up
+swi1.odot.dun-hq.onenet.net:juniper:up
+swi1.odot.ton-intmaint.onenet.net:juniper:up
+swi1.rp5f0.onenet.net:cisco:down
+swi1.towalt.onenet.net:juniper:up
+swi1.wayne.onenet.net:juniper:up
+swi5.okcdc.onenet.net:juniper:down
+taloga-ps-srx240.client.onenet.net:juniper:up
+tuskahoma-ps.client.onenet.net:juniper:up
+ub.say.onenet.net:cisco:down
+union-city-ps.client.onenet.net:juniper:down
+vinita-public-library-srx220.onenet.net:juniper:up
+walters-ps.client.onenet.net:juniper:down
+wanette-ps-srx220.client.onenet.net:juniper:up
+wapanucka-ps-srx220.client.onenet.net:juniper:up
+wetumka-isd-srx220.client.onenet.net:juniper:up
+whitesboro-ps.client.onenet.net:juniper:up
+wilson-isd-srx220.client.onenet.net:juniper:up
+woodward-public-library-srx240.client.onenet.net:juniper:up
Index: configs/odmhsas.central-office.okc.client.onenet.net
===================================================================
--- configs/odmhsas.central-office.okc.client.onenet.net (revision 133170)
+++ configs/odmhsas.central-office.okc.client.onenet.net (working copy)
@@ -1,2456 +0,0 @@
-# RANCID-CONTENT-TYPE: juniper
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system commit
-# 2015-07-28 13:23:21 CDT by andrew via cli
-# 2015-07-28 10:02:53 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-05-23 19:23:38 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-05-23 14:05:01 CDT by andrew via cli commit confirmed, rollback in 5mins
-# 2015-05-23 13:45:29 CDT by andrew via cli
-# 2015-05-23 13:34:23 CDT by andrew via cli
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis environment
-# Class Item Status Measurement
-# Temp Routing Engine OK
-# Routing Engine CPU OK
-# Routing Engine Absent
-# Routing Engine CPU Absent
-# Fans SRXSME Chassis Fan 0 OK
-# SRXSME Chassis Fan 1 OK
-# SRXSME Chassis Fan 2 OK
-# SRXSME Chassis Fan 3 OK
-# Power Power Supply 0 OK
-# Power Supply 1 OK
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis firmware
-# Part Type Version
-# FPC 0 O/S Version 12.1X46-D20.5 by builder on 2014-05
-# FWDD O/S Version 12.1X46-D20.5 by builder on 2014-05
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis fpc detail
-# Slot 0 information:
-# State Online
-# Total CPU DRAM ---- CPU less FPC ----
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis hardware
-# Hardware inventory:
-# Item Version Part number Serial number Description
-# Chassis AL1015AK0094 SRX550
-# Midplane REV 22 750-035027 ACMD7424
-# Routing Engine REV 12 711-035026 ACMD7155 RE-SRXSME-SRX550
-# FPC 0 FPC
-# PIC 0 6x GE, 4x GE SFP Base PIC
-# Power Supply 0 Rev 04 740-024283 ZB57779 PS 645W AC
-# Power Supply 1 Rev 04 740-024283 YJ54313 PS 645W AC
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis hardware models
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis routing-engine
-# Routing Engine status:
-# Serial ID ACMD7155
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis scb
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis sfm detail
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis ssb
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system boot-messages
-# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
-# All rights reserved.
-# Copyright (c) 1992-2006 The FreeBSD Project.
-# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
-# The Regents of the University of California. All rights reserved.
-# FreeBSD/SMP: Multiprocessor System Detected: 6 CPUs
-# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
-# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
-# netisr_init: !debug_mpsafenet, forcing maxthreads from 6 to 1
-# cpu0 on motherboard
-# : CAVIUM's OCTEON 63XX CPU Rev. 0.10 with no FPU implemented
-# L1 Cache: I size 37kb(128 line), D size 32kb(128 line), direct mapped.
-# L2 Cache: Size 2048kb, 16 way
-# obio0 on motherboard
-# uart0: <Octeon-16550 channel 0> on obio0
-# uart0: console (9600,n,8,1)
-# twsi0 on obio0
-# cpld0 on obio0
-# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
-# Disabling Octeon big bar support
-# pcib0: Initialized controller
-# pci0: <PCI bus> on pcib0
-# pci0: <processor> at device 0.0 (no driver attached)
-# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
-# pci1: <PCI bus> on pcib1
-# pcib2: <PCI-PCI bridge> mem 0xf0000000-0xf001ffff irq 0 at device 0.0 on pci1
-# pci2: <PCI bus> on pcib2
-# pcib3: <PCI-PCI bridge> irq 0 at device 1.0 on pci2
-# pci3: <PCI bus> on pcib3
-# pcib4: <PCI-PCI bridge> irq 0 at device 2.0 on pci2
-# pci4: <PCI bus> on pcib4
-# pcib5: <PCI-PCI bridge> irq 0 at device 4.0 on pci2
-# pci5: <PCI bus> on pcib5
-# pci5: <network, ethernet> at device 0.0 (no driver attached)
-# pcib6: <PCI-PCI bridge> irq 0 at device 5.0 on pci2
-# pci6: <PCI bus> on pcib6
-# pcib7: <PCI-PCI bridge> irq 0 at device 6.0 on pci2
-# pci7: <PCI bus> on pcib7
-# pcib8: <PCI-PCI bridge> irq 0 at device 7.0 on pci2
-# pci8: <PCI bus> on pcib8
-# pcib9: <PCI-PCI bridge> irq 0 at device 8.0 on pci2
-# pci9: <PCI bus> on pcib9
-# atapci0: <SiI 3132 SATA300 controller> mem 0xf0700000-0xf070007f,0xf0740000-0xf0743fff irq 0 at device 0.0 on pci9
-# ata0: <ATA channel 0> on atapci0
-# ata0: signature=00000101
-# ata1: <ATA channel 1> on atapci0
-# pcib10: <PCI-PCI bridge> irq 0 at device 9.0 on pci2
-# pci10: <PCI bus> on pcib10
-# pcib11: <PCI-PCI bridge> irq 0 at device 10.0 on pci2
-# pci11: <PCI bus> on pcib11
-# pcib12: <PCI-PCI bridge> irq 0 at device 12.0 on pci2
-# pci12: <PCI bus> on pcib12
-# pcib13: <PCI-PCI bridge> irq 0 at device 14.0 on pci2
-# pci13: <PCI bus> on pcib13
-# ehci0: <Octeon EHCI USB 2.0 controller> on obio0
-# usb0: EHCI version 1.0
-# usb0 on ehci0
-# usb0: USB revision 2.0
-# uhub0: vendor 0x0000 EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
-# uhub0: 2 ports with 2 removable, self powered
-# gblmem0 on obio0
-# octpkt0: <Octeon RGMII> on obio0
-# cfi0: <AMD/Fujitsu - 8MB> on obio0
-# Timecounter "mips" frequency 1300000000 Hz quality 0
-# ###PCB Group initialized for udppcbgroup
-# ###PCB Group initialized for tcppcbgroup
-# ad0: Device does not support APM
-# ad0: 2000MB <CF 2GB 20100924> at ata0-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s2a
-# WARNING: / was not properly dismounted
-# WARNING: / was not properly dismounted
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show version
-# Hostname: ODMHSAS-CENTRAL-OFFICE-OKC-SRX550 # Model: srx550 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
-# total files: 1
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system uptime
-# System booted: 2015-05-23 14:42 CDT
-# Protocols started: 2015-05-23 14:43 CDT
-# Last configured: 2015-07-28 13:23 CDT by andrew
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show interface terse
-#Interface Admin Link
-#ge-0/0/0 up up
-#ge-0/0/0.0 up up
-#gr-0/0/0 up up
-#ip-0/0/0 up up
-#lsq-0/0/0 up up
-#lt-0/0/0 up up
-#mt-0/0/0 up up
-#sp-0/0/0 up up
-#sp-0/0/0.0 up up
-#sp-0/0/0.16383 up up
-#ge-0/0/1 up up
-#ge-0/0/1.0 up up
-#ge-0/0/2 up up
-#ge-0/0/2.0 up up
-#ge-0/0/3 up down
-#ge-0/0/3.0 up down
-#ge-0/0/4 down down
-#ge-0/0/5 up down
-#ge-0/0/5.0 up down
-#ge-0/0/6 down down
-#ge-0/0/7 down down
-#ge-0/0/8 down down
-#ge-0/0/9 down down
-#fxp2 up up
-#fxp2.0 up up
-#gre up up
-#ipip up up
-#irb up up
-#lo0 up up
-#lo0.0 up up
-#lo0.16384 up up
-#lo0.16385 up up
-#lo0.32768 up up
-#lsi up up
-#mtun up up
-#pimd up up
-#pime up up
-#pp0 up up
-#ppd0 up up
-#ppe0 up up
-#st0 up up
-#st0.0 up down
-#st0.12 up up
-#st0.13 up up
-#st0.14 up up
-#st0.15 up up
-#st0.16 up up
-#st0.17 up up
-#st0.18 up down
-#st0.19 up up
-#st0.20 up up
-#st0.21 up up
-#st0.22 up up
-#st0.23 up up
-#st0.24 up up
-#st0.25 up up
-#st0.26 up up
-#st0.27 up up
-#st0.30 up up
-#st0.31 up up
-#st0.32 up up
-#st0.33 up up
-#st0.34 up up
-#st0.35 up up
-#st0.36 up up
-#st0.37 up up
-#st0.38 up up
-#st0.63 up up
-#tap up up
-#vlan up up
-#vlan.3 up up
-#vlan.4 up up
-#vlan.5 up down
-#vlan.10 up down
-#vlan.20 up down
-#vlan.30 up down
-#vlan.40 up down
-#vlan.50 up down
-#vlan.90 up up
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show configuration
-## Last commit: 2015-07-28 13:23:21 CDT by andrew
-version 12.1X46-D20.5;
-system {
- host-name ODMHSAS-CENTRAL-OFFICE-OKC-SRX550;
- domain-name onenet.net;
- time-zone America/Chicago;
- authentication-order [ radius password ];
- ports {
- console log-out-on-disconnect;
- }
- root-authentication {
-# encrypted-password <removed>;
- }
- name-server {
- 164.58.253.10;
- 164.58.198.10;
- }
- radius-server {
- 156.110.31.11 {
-# secret "<removed>"; ## SECRET-DATA
- source-address 156.110.27.62;
- }
- }
- radius-options {
- attributes {
- nas-ip-address 156.110.27.62;
- }
- }
- login {
- message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
- class admin {
- idle-timeout 30;
- permissions all;
- }
- class lockdown {
- idle-timeout 2;
- permissions view;
- deny-commands .*;
- deny-configuration .*;
- }
- class operator-local {
- idle-timeout 15;
- permissions [ access admin configure firewall interface network routing snmp system trace view ];
- allow-commands "show log messages";
- }
- class robot {
- idle-timeout 10;
- permissions [ admin configure firewall interface routing secret security snmp system trace view ];
- }
- user admin {
- uid 1000;
- class super-user;
- authentication {
-# encrypted-password <removed>;
- }
- }
- user eng {
- uid 2018;
- class admin;
- }
- user rancid {
- uid 2001;
- class robot;
- }
- user remote {
- uid 2002;
- class operator-local;
- }
- user upgrades {
- uid 2003;
- class operator;
- authentication {
-# ssh-rsa <removed>;
- }
- }
- }
- services {
- ssh {
- root-login deny;
- protocol-version v2;
- }
- }
- syslog {
- archive size 10m files 5;
- user * {
- any emergency;
- }
- file messages {
- any notice;
- authorization info;
- match "!(WEBFILTER_)";
- }
- file interactive-commands {
- interactive-commands any;
- }
- file PROTECT-RE {
- firewall any;
- archive no-world-readable;
- }
- file traffic {
- any any;
- match RT_FLOW_SESSION;
- }
- file updown {
- any any;
- match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
- }
- file webfilter {
- any notice;
- match WEBFILTER_;
- }
- }
- max-configurations-on-flash 20;
- max-configuration-rollbacks 20;
- ntp {
- server 164.58.3.98 prefer;
- }
-}
-interfaces {
- ge-0/0/0 {
- description WAN;
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 3;
- }
- }
- }
- }
- ge-0/0/1 {
- description L3VPN;
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 4;
- }
- }
- }
- }
- ge-0/0/2 {
- description "Servers [NO-MONITOR]";
- unit 0 {
- family ethernet-switching {
- port-mode trunk;
- vlan {
- members 90;
- }
- }
- }
- }
- ge-0/0/3 {
- description "Link to HP VPN [NO-MONITOR]";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 5;
- }
- }
- }
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- description "Link to LAN [NO-MONITOR]";
- unit 0 {
- family ethernet-switching {
- port-mode trunk;
- vlan {
- members [ 10 20 30 40 50 ];
- }
- }
- }
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- address 10.199.11.10/32;
- }
- }
- }
- st0 {
- unit 0 {
- description "HP-VPN [NO-MONITOR]";
- family inet;
- }
- unit 12 {
- description Backup-VPN-to-ODMHSAS-CAMHC-Ada;
- family inet {
- address 10.119.21.104/31;
- }
- }
- unit 13 {
- description Backup-VPN-to-ODMHSAS-CAMHC-Altus;
- family inet {
- address 10.119.21.106/31;
- }
- }
- unit 14 {
- description Backup-VPN-to-ODMHSAS-NCBH-Alva;
- family inet {
- address 10.119.21.108/31;
- }
- }
- unit 15 {
- description Backup-VPN-to-ODMHSAS-Atoka;
- family inet {
- address 10.119.21.110/31;
- }
- }
- unit 16 {
- description Backup-VPN-to-ODMHSAS-TMHC-Duncan;
- family inet {
- address 10.119.21.112/31;
- }
- }
- unit 17 {
- description Backup-VPN-to-ODMHSAS-NCBH-Enid;
- family inet {
- address 10.119.21.114/31;
- }
- }
- unit 18 {
- description Backup-VPN-to-ODMHSAS-NCBH-Fairview;
- family inet {
- address 10.119.21.116/31;
- }
- }
- unit 19 {
- description Backup-VPN-to-ODMHSAS-NCBH-Fort-Supply;
- family inet {
- address 10.119.21.118/31;
- }
- }
- unit 20 {
- description Backup-VPN-to-ODMHSAS-NCBH-Guymon;
- family inet {
- address 10.119.21.120/31;
- }
- }
- unit 21 {
- description Backup-VPN-to-ODMHSAS-CAMHC-Heavener;
- family inet {
- address 10.119.21.122/31;
- }
- }
- unit 22 {
- description Backup-VPN-to-ODMHSAS-CAMHC-Holdenville;
- family inet {
- address 10.119.21.124/31;
- }
- }
- unit 23 {
- description Backup-VPN-to-ODMHSAS-CAMHC-Hugo;
- family inet {
- address 10.119.21.126/31;
- }
- }
- unit 24 {
- description Backup-VPN-to-ODMHSAS-CAMHC-Idabel;
- family inet {
- address 10.119.21.128/31;
- }
- }
- unit 25 {
- description Backup-VPN-to-ODMHSAS-Lawton-Main;
- family inet {
- address 10.119.21.130/31;
- }
- }
- unit 26 {
- description Backup-VPN-to-ODMHSAS-Lawton-Other;
- family inet {
- address 10.119.21.132/31;
- }
- }
- unit 27 {
- description Backup-VPN-to-ODMHSAS-CAMHC-McAlester;
- family inet {
- address 10.119.21.134/31;
- }
- }
- unit 30 {
- description Backup-VPN-to-ODMHSAS-Leland-Wolf-Users;
- family inet {
- address 10.119.21.140/31;
- }
- }
- unit 31 {
- description Backup-VPN-to-ODMHSAS-Shepard-Mall;
- family inet {
- address 10.119.21.142/31;
- }
- }
- unit 32 {
- description Backup-VPN-to-ODMHSAS-OCCIC;
- family inet {
- address 10.119.21.144/31;
- }
- }
- unit 33 {
- description Backup-VPN-to-ODMHSAS-CAMHC-Stigler;
- family inet {
- address 10.119.21.146/31;
- }
- }
- unit 34 {
- description Backup-VPN-to-ODMHSAS-Tulsa-Behavioral-Health;
- family inet {
- address 10.119.21.148/31;
- }
- }
- unit 35 {
- description Backup-VPN-to-ODMHSAS-OFC-Vinita;
- family inet {
- address 10.119.21.150/31;
- }
- }
- unit 36 {
- description Backup-VPN-to-ODMHSAS-Rose-Rock-Recovery;
- family inet {
- address 10.119.21.152/31;
- }
- }
- unit 37 {
- description Backup-VPN-to-ODMHSAS-NCBH-Woodward;
- family inet {
- address 10.119.21.154/31;
- }
- }
- unit 38 {
- description Backup-VPN-to-ODMHSAS-NCBH-Woodward-Lighthouse;
- family inet {
- address 10.119.21.156/31;
- }
- }
- unit 63 {
- description "Backup-VPN-to-ODMHSAS-Test [NO-MONITOR]";
- family inet {
- address 10.119.21.254/31;
- }
- }
- }
- vlan {
- unit 3 {
- description WAN;
- family inet {
- address 156.110.27.62/30;
- }
- }
- unit 4 {
- description L3VPN;
- family inet {
- address 10.119.20.101/31;
- }
- }
- unit 5 {
- description "HP [NO-MONITOR]";
- family inet {
- address 128.212.228.90/30;
- }
- }
- unit 10 {
- description "VOICE [NO-MONITOR]";
- }
- unit 20 {
- description "DATA [NO-MONITOR]";
- }
- unit 30 {
- description "VIDEO [NO-MONITOR]";
- }
- unit 40 {
- description "GUEST [NO-MONITOR]";
- }
- unit 50 {
- description "MGMT [NO-MONITOR]";
- }
- unit 90 {
- description "SERVERS [NO-MONITOR]";
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.27.61;
- route 164.58.58.128/26 discard;
- route 164.58.29.64/28 next-hop 10.119.20.100;
- }
- autonomous-system 64576;
-}
-protocols {
- bgp {
- group EBGP-ONENET-L3VPN {
- type external;
- import EBGP-ONENET-L3VPN-IMPORT;
- family inet {
- unicast {
- loops 2;
- }
- }
- export EBGP-ONENET-L3VPN-EXPORT;
- peer-as 64575;
- bfd-liveness-detection {
- minimum-interval 2000;
- multiplier 3;
- }
- neighbor 10.119.20.100 {
- description BGP-to-OneNet-Hubsite;
-# authentication-key <removed>;
- }
- }
- group EBGP-ONENET {
- type external;
- import EBGP-ONENET-IMPORT;
- family inet {
- unicast;
- }
- export EBGP-ONENET-EXPORT;
- peer-as 5078;
- bfd-liveness-detection {
- minimum-interval 2000;
- multiplier 3;
- }
- neighbor 156.110.27.61 {
- description BGP-to-OneNet;
-# authentication-key <removed>;
- }
- }
- group EBGP-ODMHSAS-VPN {
- type external;
- import EBGP-ODMHSAS-VPN-IMPORT;
- family inet {
- unicast {
- loops 2;
- }
- }
- export EBGP-ODMHSAS-VPN-EXPORT;
- peer-as 64577;
- neighbor 10.119.21.255 {
- description "Backup-BGP-to-ODMHSAS-Test [NO-MONITOR]";
-# authentication-key <removed>;
- }
- neighbor 10.119.21.151 {
- description Backup-BGP-to-ODMHSAS-OFC-Vinita;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.149 {
- description Backup-BGP-to-ODMHSAS-Tulsa-Behavioral-Health;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.105 {
- description Backup-BGP-to-ODMHSAS-CAMHC-Ada;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.107 {
- description Backup-BGP-to-ODMHSAS-CAMHC-Altus;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.109 {
- description Backup-BGP-to-ODMHSAS-NCBH-Alva;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.111 {
- description Backup-BGP-to-ODMHSAS-Atoka;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.131 {
- description Backup-BGP-to-ODMHSAS-Lawton-Main;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.155 {
- description Backup-BGP-to-ODMHSAS-NCBH-Woodward;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.157 {
- description Backup-BGP-to-ODMHSAS-NCBH-Woodward-Lighthouse;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.147 {
- description Backup-BGP-to-ODMHSAS-CAMHC-Stigler;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.113 {
- description Backup-BGP-to-ODMHSAS-TMHC-Duncan;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.115 {
- description Backup-BGP-to-ODMHSAS-NCBH-Enid;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.117 {
- description Backup-BGP-to-ODMHSAS-NCBH-Fairview;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.123 {
- description Backup-BGP-to-ODMHSAS-CAMHC-Heavener;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.125 {
- description Backup-BGP-to-ODMHSAS-CAMHC-Holdenville;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.129 {
- description Backup-BGP-to-ODMHSAS-CAMHC-Idabel;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.135 {
- description Backup-BGP-to-ODMHSAS-CAMHC-McAlester;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.127 {
- description Backup-BGP-to-ODMHSAS-CAMHC-Hugo;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.119 {
- description Backup-BGP-to-ODMHSAS-NCBH-Fort-Supply;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.121 {
- description Backup-BGP-to-ODMHSAS-NCBH-Guymon;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.143 {
- description Backup-BGP-to-ODMHSAS-Shepard-Mall;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.145 {
- description Backup-BGP-to-ODMHSAS-OCCIC;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.153 {
- description Backup-BGP-to-ODMHSAS-Rose-Rock-Recovery;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.141 {
- description Backup-BGP-to-ODMHSAS-Leland-Wolf-Users;
-# authentication-key <removed>;
- }
- neighbor 10.119.21.133 {
- description Backup-BGP-to-ODMHSAS-Lawton-Other;
-# authentication-key <removed>;
- }
- }
- }
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
- policy-statement EBGP-ODMHSAS-VPN-EXPORT {
- term EXPORT-DEFAULT {
- from {
- route-filter 0.0.0.0/0 exact;
- }
- then {
- as-path-prepend "64576 64576 64576 64576 64576 64576";
- accept;
- }
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
- policy-statement EBGP-ODMHSAS-VPN-IMPORT {
- term IMPORT-VPN {
- from {
- route-filter 10.0.0.0/8 orlonger;
- route-filter 192.168.100.0/24 exact;
- route-filter 192.168.101.0/24 exact;
- route-filter 172.20.10.0/24 exact;
- }
- then {
- as-path-prepend "64577 64577 64577 64577 64577 64577";
- accept;
- }
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
- policy-statement EBGP-ONENET-EXPORT {
- term EXPORT {
- from {
- route-filter 164.58.58.128/26 exact;
- }
- then {
- metric 100;
- accept;
- }
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
- policy-statement EBGP-ONENET-IMPORT {
- term DEFAULT {
- from {
- route-filter 0.0.0.0/0 exact;
- }
- then accept;
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
- policy-statement EBGP-ONENET-L3VPN-EXPORT {
- term EXPORT-DEFAULT {
- from {
- route-filter 0.0.0.0/0 exact;
- }
- then accept;
- }
- term EXPORT-ROUTES {
- from {
- route-filter 10.0.0.0/8 orlonger;
- route-filter 192.168.100.0/24 exact;
- route-filter 192.168.101.0/24 exact;
- route-filter 172.20.10.0/24 exact;
- }
- then accept;
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
- policy-statement EBGP-ONENET-L3VPN-IMPORT {
- term ROUTES {
- from {
- route-filter 10.0.0.0/8 orlonger;
- }
- then accept;
- }
- term LEGACY-ROUTES {
- from {
- route-filter 128.212.227.0/24 exact;
- route-filter 128.212.228.0/25 exact;
- route-filter 192.168.176.0/20 exact;
- route-filter 192.168.0.0/16 orlonger;
- route-filter 172.20.10.0/24 exact;
- }
- then accept;
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
-}
-security {
- ike {
- proposal PRE-G2-AES128-SHA {
- authentication-method pre-shared-keys;
- dh-group group2;
- authentication-algorithm sha1;
- encryption-algorithm aes-128-cbc;
- lifetime-seconds 28800;
- }
- proposal IKE-PROPOSAL-HP-VPN {
- authentication-method pre-shared-keys;
- dh-group group2;
- authentication-algorithm md5;
- encryption-algorithm 3des-cbc;
- lifetime-seconds 3600;
- }
- policy IKE-ODMHSAS-TEST {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$kP5zIRSrKMp0clK8N-k.m5F/p0IRESFnpB1IcSwYg4GDQz6AtOaJ"; ## SECRET-DATA
- }
- policy IKE-OFC-VINITA {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$7pVw2mPQF69jHT36AOB7-dwgJjHmPfQgojq.mTQEcyrM8Y2aUDkeK"; ## SECRET-DATA
- }
- policy IKE-TCBH {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$UlHqPu0IESr/C1hSe8LUjiqfz/Cu0OIfT/tpu1INdbw4amPQn6AY2"; ## SECRET-DATA
- }
- policy IKE-CAMHC-ADA {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$A8Wo0BRx7Vw24vWds2aDjApuBEyvWx7NVEcvLXxdVqmf536IRSeK8Qz"; ## SECRET-DATA
- }
- policy IKE-CAMHC-ALTUS {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$.5Q3EhreM80ByKMXdV.PfQnC0BEhcrn/0IREyrYgoaDiF39pu1ZG"; ## SECRET-DATA
- }
- policy IKE-NCBH-ALVA {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$z3lE69teK8XNdhSWxNbg4z3n9pBhSeKv8p0hrleW8ZUjimfAtOREykq"; ## SECRET-DATA
- }
- policy IKE-ATOKA {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$OlfERhyVb24JGX7YoJDq.O1IhrvX7Vbw2reX-dVY25QF3CtSyK8LN6/"; ## SECRET-DATA
- }
- policy IKE-LAWTON-MAIN {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$oXGDH9CuOIEz3pBIceKoJZDkPz39CAuk.z6/9pu8X7NwYiHmTQndV"; ## SECRET-DATA
- }
- policy IKE-NCBH-WOODWARD {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$DGk.f0ORhyl9AIcyKLXDiH.5F9A0OBR5Q9pu0IR-VwsoJPfz6/t2g"; ## SECRET-DATA
- }
- policy IKE-NCBH-LIGHTHOUSE {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$jXqm5OBEcreCtRSrvXxjHkmT3CtOB1ETzCu0OREdbsYaZf5F/9pg4"; ## SECRET-DATA
- }
- policy IKE-CAMHC-STIGLER {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$0GrLIESdVYgaZLxs4aUkq0B1EyKLxdVbYylLN-dsYfTzF9AcSeW87n6"; ## SECRET-DATA
- }
- policy IKE-TMHC-DUNCAN {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$E9Zylv2gJGjHdbaUjq5TEcSlMXdb2g4JM8dsY2aJ369C0BKvLN-wtp"; ## SECRET-DATA
- }
- policy IKE-NCBH-ENID {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$BIKEcrbwgoZUxN2aZj.mBIRclMxNbwsglKxdVb2gTz3nApyrvLX-/9"; ## SECRET-DATA
- }
- policy IKE-NCBH-FAIRVIEW {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$s54aGF39AuOP5/tu1cSs2gaUHP5F3n9UjPQzF/9evW8NdZGi.mTXx"; ## SECRET-DATA
- }
- policy IKE-CAMHC-HEAVENER {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$7TVw2mPQF69jHT36AOB7-dwgJjHmPfQgojq.mTQEcyrM8Y2aUDkeK"; ## SECRET-DATA
- }
- policy IKE-CAMHC-HOLDENVILLE {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$VpYgaTQn/Apqm39A0REVwsgJDqmTQznJGqf5T3nylKvX7oaUHkPW8"; ## SECRET-DATA
- }
- policy IKE-CAMHC-IDABEL {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$KYY8XNUDk.fT4aHmfz/9KMWX-w4aUDjk-V4ZGUHkp0B1cy7Nb2gJRE"; ## SECRET-DATA
- }
- policy IKE-CAMHC-MCALESTER {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$A5v.0BRx7Vw24vWds2aDjApuBEyvWx7NVEcvLXxdVqmf536IRSeK8Qz"; ## SECRET-DATA
- }
- policy IKE-CAMHC-HUGO {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$gIJGj6/tuBITzA0BErlgoaGi.Tz6/9tikT3n6AtM8XxVwDjqf5FN-"; ## SECRET-DATA
- }
- policy IKE-NCBH-FT-SUPPLY {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$fz3/SyKMLx1ReWLNwsfTQ39p1RSyrK9A1hcSeK4aZGHq6/tOBEDj"; ## SECRET-DATA
- }
- policy IKE-NCBH-GUYMON {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$Dok.f0ORhyl9AIcyKLXDiH.5F9A0OBR5Q9pu0IR-VwsoJPfz6/t2g"; ## SECRET-DATA
- }
- policy IKE-SHEPARD-MALL {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$MTOX7dji.PTzaZqfT3CAM8L7VYaZjiH.VwaUDjq.0BIRyl-ds4oGhc"; ## SECRET-DATA
- }
- policy IKE-OCCIC {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$17WhSlws4aGD7-gJGimP1RESeW7-wsY4ev7Vbwg4QFn6turlMXxd9C"; ## SECRET-DATA
- }
- policy IKE-ROSE-ROCK-RECOVERY {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$VYYgaTQn/Apqm39A0REVwsgJDqmTQznJGqf5T3nylKvX7oaUHkPW8"; ## SECRET-DATA
- }
- policy IKE-LELAND-WOLF-USERS {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$jYqm5OBEcreCtRSrvXxjHkmT3CtOB1ETzCu0OREdbsYaZf5F/9pg4"; ## SECRET-DATA
- }
- policy IKE-HP-VPN {
- proposals IKE-PROPOSAL-HP-VPN;
- pre-shared-key ascii-text "$9$85tx7Vs2aHqfDi6Au0hcylK8X-"; ## SECRET-DATA
- }
- policy IKE-LAWTON-OTHER {
- mode main;
- proposals PRE-G2-AES128-SHA;
- pre-shared-key ascii-text "$9$oXGDH9CuOIEz3pBIceKoJZDkPz39CAuk.z6/9pu8X7NwYiHmTQndV"; ## SECRET-DATA
- }
- gateway IKE-GATE-ODMHSAS-TEST {
- ike-policy IKE-ODMHSAS-TEST;
- address 166.130.131.48;
- external-interface vlan.3;
- }
- gateway IKE-GATE-OFC-VINITA {
- ike-policy IKE-OFC-VINITA;
- address 166.130.29.34;
- external-interface vlan.3;
- }
- gateway IKE-GATE-TCBH {
- ike-policy IKE-TCBH;
- address 166.130.131.65;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-ADA {
- ike-policy IKE-CAMHC-ADA;
- address 166.130.131.61;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-ALTUS {
- ike-policy IKE-CAMHC-ALTUS;
- address 166.130.131.64;
- external-interface vlan.3;
- }
- gateway IKE-GATE-NCBH-ALVA {
- ike-policy IKE-NCBH-ALVA;
- address 166.130.131.55;
- external-interface vlan.3;
- }
- gateway IKE-GATE-ATOKA {
- ike-policy IKE-ATOKA;
- address 166.130.131.53;
- external-interface vlan.3;
- }
- gateway IKE-GATE-LAWTON-MAIN {
- ike-policy IKE-LAWTON-MAIN;
- address 166.130.131.56;
- external-interface vlan.3;
- }
- gateway IKE-GATE-NCBH-WOODWARD {
- ike-policy IKE-NCBH-WOODWARD;
- address 166.130.131.47;
- external-interface vlan.3;
- }
- gateway IKE-GATE-NCBH-LIGHTHOUSE {
- ike-policy IKE-NCBH-LIGHTHOUSE;
- address 166.130.131.70;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-STIGLER {
- ike-policy IKE-CAMHC-STIGLER;
- address 166.130.131.66;
- external-interface vlan.3;
- }
- gateway IKE-GATE-TMHC-DUNCAN {
- ike-policy IKE-TMHC-DUNCAN;
- address 166.130.131.68;
- external-interface vlan.3;
- }
- gateway IKE-GATE-NCBH-ENID {
- ike-policy IKE-NCBH-ENID;
- address 166.130.131.69;
- external-interface vlan.3;
- }
- gateway IKE-GATE-NCBH-FAIRVIEW {
- ike-policy IKE-NCBH-FAIRVIEW;
- address 166.130.131.62;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-HEAVENER {
- ike-policy IKE-CAMHC-HEAVENER;
- address 166.130.131.60;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-HOLDENVILLE {
- ike-policy IKE-CAMHC-HOLDENVILLE;
- address 166.130.131.57;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-IDABEL {
- ike-policy IKE-CAMHC-IDABEL;
- address 166.130.131.27;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-MCALESTER {
- ike-policy IKE-CAMHC-MCALESTER;
- address 166.130.131.73;
- external-interface vlan.3;
- }
- gateway IKE-GATE-CAMHC-HUGO {
- ike-policy IKE-CAMHC-HUGO;
- address 166.130.131.54;
- external-interface vlan.3;
- }
- gateway IKE-GATE-NCBH-FT-SUPPLY {
- ike-policy IKE-NCBH-FT-SUPPLY;
- address 166.130.131.67;
- external-interface vlan.3;
- }
- gateway IKE-GATE-NCBH-GUYMON {
- ike-policy IKE-NCBH-GUYMON;
- address 166.130.131.58;
- external-interface vlan.3;
- }
- gateway IKE-GATE-SHEPARD-MALL {
- ike-policy IKE-SHEPARD-MALL;
- address 166.130.131.59;
- external-interface vlan.3;
- }
- gateway IKE-GATE-OCCIC {
- ike-policy IKE-OCCIC;
- address 166.130.131.52;
- external-interface vlan.3;
- }
- gateway IKE-GATE-ROSE-ROCK-RECOVERY {
- ike-policy IKE-ROSE-ROCK-RECOVERY;
- address 166.130.131.25;
- external-interface vlan.3;
- }
- gateway IKE-GATE-LELAND-WOLF-USERS {
- ike-policy IKE-LELAND-WOLF-USERS;
- address 166.130.131.71;
- external-interface vlan.3;
- }
- gateway IKE-GATE-HP-VPN {
- ike-policy IKE-ODMHSAS-TEST;
- address 70.184.28.104;
- external-interface vlan.5;
- }
- gateway IKE-GATE-LAWTON-OTHER {
- ike-policy IKE-LAWTON-OTHER;
- address 166.130.4.159;
- external-interface vlan.3;
- }
- }
- ipsec {
- vpn-monitor-options {
- interval 60;
- threshold 5;
- }
- proposal G2-ESP-AES128-SHA {
- description group2;
- protocol esp;
- authentication-algorithm hmac-sha1-96;
- encryption-algorithm aes-128-cbc;
- lifetime-seconds 3600;
- }
- proposal IPSEC-PROPOSAL-HP-VPN {
- protocol esp;
- authentication-algorithm hmac-md5-96;
- encryption-algorithm 3des-cbc;
- lifetime-seconds 28800;
- }
- policy VPN-POLICY-ODMHSAS-TEST {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-OFC-VINITA {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-TCBH {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-ADA {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-ALTUS {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-NCBH-ALVA {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-ATOKA {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-LAWTON-MAIN {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-NCBH-WOODWARD {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-NCBH-LIGHTHOUSE {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-STIGLER {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-TMHC-DUNCAN {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-NCBH-ENID {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-NCBH-FAIRVIEW {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-HEAVENER {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-HOLDENVILLE {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-IDABEL {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-MCALESTER {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-CAMHC-HUGO {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-NCBH-FT-SUPPLY {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-NCBH-GUYMON {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-SHEPARD-MALL {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-OCCIC {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-ROSE-ROCK-RECOVERY {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-LELAND-WOLF-USERS {
- proposals G2-ESP-AES128-SHA;
- }
- policy VPN-POLICY-HP-VPN {
- proposals IPSEC-PROPOSAL-HP-VPN;
- }
- policy VPN-POLICY-LAWTON-OTHER {
- proposals G2-ESP-AES128-SHA;
- }
- inactive: vpn IPSEC-VPN-ODMHSAS-TEST {
- bind-interface st0.63;
- vpn-monitor {
- optimized;
- source-interface st0.63;
- destination-ip 10.119.21.255;
- }
- ike {
- gateway IKE-GATE-ODMHSAS-TEST;
- ipsec-policy VPN-POLICY-ODMHSAS-TEST;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-OFC-VINITA {
- bind-interface st0.35;
- vpn-monitor {
- optimized;
- source-interface st0.35;
- destination-ip 10.119.21.151;
- }
- ike {
- gateway IKE-GATE-OFC-VINITA;
- ipsec-policy VPN-POLICY-OFC-VINITA;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-TCBH {
- bind-interface st0.34;
- vpn-monitor {
- optimized;
- source-interface st0.34;
- destination-ip 10.119.21.149;
- }
- ike {
- gateway IKE-GATE-TCBH;
- ipsec-policy VPN-POLICY-TCBH;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-ADA {
- bind-interface st0.12;
- vpn-monitor {
- optimized;
- source-interface st0.12;
- destination-ip 10.119.21.105;
- }
- ike {
- gateway IKE-GATE-CAMHC-ADA;
- ipsec-policy VPN-POLICY-CAMHC-ADA;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-ALTUS {
- bind-interface st0.13;
- vpn-monitor {
- optimized;
- source-interface st0.13;
- destination-ip 10.119.21.107;
- }
- ike {
- gateway IKE-GATE-CAMHC-ALTUS;
- ipsec-policy VPN-POLICY-CAMHC-ALTUS;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-NCBH-ALVA {
- bind-interface st0.14;
- vpn-monitor {
- optimized;
- source-interface st0.14;
- destination-ip 10.119.21.109;
- }
- ike {
- gateway IKE-GATE-NCBH-ALVA;
- ipsec-policy VPN-POLICY-NCBH-ALVA;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-ATOKA {
- bind-interface st0.15;
- vpn-monitor {
- optimized;
- source-interface st0.15;
- destination-ip 10.119.21.111;
- }
- ike {
- gateway IKE-GATE-ATOKA;
- ipsec-policy VPN-POLICY-ATOKA;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-LAWTON-MAIN {
- bind-interface st0.25;
- vpn-monitor {
- optimized;
- source-interface st0.25;
- destination-ip 10.119.21.131;
- }
- ike {
- gateway IKE-GATE-LAWTON-MAIN;
- ipsec-policy VPN-POLICY-LAWTON-MAIN;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-NCBH-WOODWARD {
- bind-interface st0.37;
- vpn-monitor {
- optimized;
- source-interface st0.37;
- destination-ip 10.119.21.155;
- }
- ike {
- gateway IKE-GATE-NCBH-WOODWARD;
- ipsec-policy VPN-POLICY-NCBH-WOODWARD;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-NCBH-LIGHTHOUSE {
- bind-interface st0.38;
- vpn-monitor {
- optimized;
- source-interface st0.38;
- destination-ip 10.119.21.157;
- }
- ike {
- gateway IKE-GATE-NCBH-LIGHTHOUSE;
- ipsec-policy VPN-POLICY-NCBH-LIGHTHOUSE;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-STIGLER {
- bind-interface st0.33;
- vpn-monitor {
- optimized;
- source-interface st0.33;
- destination-ip 10.119.21.147;
- }
- ike {
- gateway IKE-GATE-CAMHC-STIGLER;
- ipsec-policy VPN-POLICY-CAMHC-STIGLER;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-TMHC-DUNCAN {
- bind-interface st0.16;
- vpn-monitor {
- optimized;
- source-interface st0.16;
- destination-ip 10.119.21.113;
- }
- ike {
- gateway IKE-GATE-TMHC-DUNCAN;
- ipsec-policy VPN-POLICY-TMHC-DUNCAN;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-NCBH-ENID {
- bind-interface st0.17;
- vpn-monitor {
- optimized;
- source-interface st0.17;
- destination-ip 10.119.21.115;
- }
- ike {
- gateway IKE-GATE-NCBH-ENID;
- ipsec-policy VPN-POLICY-NCBH-ENID;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-NCBH-FAIRVIEW {
- bind-interface st0.18;
- vpn-monitor {
- optimized;
- source-interface st0.18;
- destination-ip 10.119.21.117;
- }
- ike {
- gateway IKE-GATE-NCBH-FAIRVIEW;
- ipsec-policy VPN-POLICY-NCBH-FAIRVIEW;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-HEAVENER {
- bind-interface st0.21;
- vpn-monitor {
- optimized;
- source-interface st0.21;
- destination-ip 10.119.21.123;
- }
- ike {
- gateway IKE-GATE-CAMHC-HEAVENER;
- ipsec-policy VPN-POLICY-CAMHC-HEAVENER;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-HOLDENVILLE {
- bind-interface st0.22;
- vpn-monitor {
- optimized;
- source-interface st0.22;
- destination-ip 10.119.21.125;
- }
- ike {
- gateway IKE-GATE-CAMHC-HOLDENVILLE;
- ipsec-policy VPN-POLICY-CAMHC-HOLDENVILLE;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-IDABEL {
- bind-interface st0.24;
- vpn-monitor {
- optimized;
- source-interface st0.24;
- destination-ip 10.119.21.129;
- }
- ike {
- gateway IKE-GATE-CAMHC-IDABEL;
- ipsec-policy VPN-POLICY-CAMHC-IDABEL;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-MCALESTER {
- bind-interface st0.27;
- vpn-monitor {
- optimized;
- source-interface st0.27;
- destination-ip 10.119.21.135;
- }
- ike {
- gateway IKE-GATE-CAMHC-MCALESTER;
- ipsec-policy VPN-POLICY-CAMHC-MCALESTER;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-CAMHC-HUGO {
- bind-interface st0.23;
- vpn-monitor {
- optimized;
- source-interface st0.23;
- destination-ip 10.119.21.127;
- }
- ike {
- gateway IKE-GATE-CAMHC-HUGO;
- ipsec-policy VPN-POLICY-CAMHC-HUGO;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-NCBH-FT-SUPPLY {
- bind-interface st0.19;
- vpn-monitor {
- optimized;
- source-interface st0.19;
- destination-ip 10.119.21.119;
- }
- ike {
- gateway IKE-GATE-NCBH-FT-SUPPLY;
- ipsec-policy VPN-POLICY-NCBH-FT-SUPPLY;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-NCBH-GUYMON {
- bind-interface st0.20;
- vpn-monitor {
- optimized;
- source-interface st0.20;
- destination-ip 10.119.21.121;
- }
- ike {
- gateway IKE-GATE-NCBH-GUYMON;
- ipsec-policy VPN-POLICY-NCBH-GUYMON;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-SHEPARD-MALL {
- bind-interface st0.31;
- vpn-monitor {
- optimized;
- source-interface st0.31;
- destination-ip 10.119.21.143;
- }
- ike {
- gateway IKE-GATE-SHEPARD-MALL;
- ipsec-policy VPN-POLICY-SHEPARD-MALL;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-OCCIC {
- bind-interface st0.32;
- vpn-monitor {
- optimized;
- source-interface st0.32;
- destination-ip 10.119.21.145;
- }
- ike {
- gateway IKE-GATE-OCCIC;
- ipsec-policy VPN-POLICY-OCCIC;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-ROSE-ROCK-RECOVERY {
- bind-interface st0.36;
- vpn-monitor {
- optimized;
- source-interface st0.36;
- destination-ip 10.119.21.153;
- }
- ike {
- gateway IKE-GATE-ROSE-ROCK-RECOVERY;
- ipsec-policy VPN-POLICY-ROSE-ROCK-RECOVERY;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-LELAND-WOLF-USERS {
- bind-interface st0.30;
- vpn-monitor {
- optimized;
- source-interface st0.30;
- destination-ip 10.119.21.141;
- }
- ike {
- gateway IKE-GATE-LELAND-WOLF-USERS;
- ipsec-policy VPN-POLICY-LELAND-WOLF-USERS;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-HP-VPN {
- bind-interface st0.0;
- ike {
- gateway IKE-GATE-HP-VPN;
- ipsec-policy VPN-POLICY-HP-VPN;
- }
- traffic-selector HP-TS-01 {
- local-ip 192.168.133.0/24;
- remote-ip 128.212.227.0/24;
- }
- traffic-selector HP-TS-02 {
- local-ip 192.168.133.0/24;
- remote-ip 128.212.228.0/25;
- }
- traffic-selector HP-TS-03 {
- local-ip 192.168.133.0/24;
- remote-ip 192.168.176.0/20;
- }
- traffic-selector HP-TS-04 {
- local-ip 192.168.133.0/24;
- remote-ip 192.85.171.0/24;
- }
- traffic-selector HP-TS-05 {
- local-ip 192.168.133.0/24;
- remote-ip 192.168.69.0/24;
- }
- traffic-selector HP-TS-06 {
- local-ip 192.168.133.0/24;
- remote-ip 192.168.3.17/32;
- }
- establish-tunnels immediately;
- }
- vpn IPSEC-VPN-LAWTON-OTHER {
- bind-interface st0.26;
- vpn-monitor {
- optimized;
- source-interface st0.26;
- destination-ip 10.119.21.133;
- }
- ike {
- gateway IKE-GATE-LAWTON-OTHER;
- ipsec-policy VPN-POLICY-LAWTON-OTHER;
- }
- establish-tunnels immediately;
- }
- }
- utm {
- feature-profile {
- web-filtering {
- type websense-redirect;
- websense-redirect {
- profile JUNOS-WF-WEBSENSE-DEFAULT {
- server {
- host 10.2.11.237;
- port 15868;
- }
- fallback-settings {
- default log-and-permit;
- }
- timeout 10;
- sockets 8;
- }
- }
- }
- }
- utm-policy WEBSENSE-UTM-POLICY {
- web-filtering {
- http-profile JUNOS-WF-WEBSENSE-DEFAULT;
- }
- }
- }
- forwarding-options {
- family {
- inet6 {
- mode flow-based;
- }
- }
- }
- flow {
- tcp-mss {
- ipsec-vpn {
- mss 1360;
- }
- }
- }
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- pool 164_58_58_131 {
- address {
- 164.58.58.131/32;
- }
- }
- pool HP-VPN-POOL {
- address {
- 192.168.133.1/32 to 192.168.133.200/32;
- }
- }
- rule-set TRUST-TO-UNTRUST-NAT {
- from zone TRUST;
- to zone UNTRUST;
- rule NAT-TRUST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- pool {
- 164_58_58_131;
- }
- }
- }
- }
- }
- rule-set TRUST-TO-HP-VPN-NAT {
- from zone TRUST;
- to zone HP-VPN;
- rule NAT-TRUST-TO-HP-VPN {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- pool {
- HP-VPN-POOL;
- }
- }
- }
- }
- }
- }
- static {
- rule-set HP-VPN-NAT {
- from zone HP-VPN;
- rule 192_168_133_216 {
- match {
- destination-address 192.168.133.216/32;
- }
- then {
- static-nat {
- prefix {
- 10.2.0.20/32;
- }
- }
- }
- }
- rule 192_168_133_218 {
- match {
- destination-address 192.168.133.218/32;
- }
- then {
- static-nat {
- prefix {
- 10.2.11.23/32;
- }
- }
- }
- }
- rule 192_168_133_219 {
- match {
- destination-address 192.168.133.219/32;
- }
- then {
- static-nat {
- prefix {
- 10.17.0.12/32;
- }
- }
- }
- }
- rule 192_168_133_221 {
- match {
- destination-address 192.168.133.221/32;
- }
- then {
- static-nat {
- prefix {
- 10.17.0.2/32;
- }
- }
- }
- }
- rule 192_168_133_224 {
- match {
- destination-address 192.168.133.224/32;
- }
- then {
- static-nat {
- prefix {
- 10.16.0.9/32;
- }
- }
- }
- }
- rule 192_168_133_225 {
- match {
- destination-address 192.168.133.225/32;
- }
- then {
- static-nat {
- prefix {
- 10.16.0.3/32;
- }
- }
- }
- }
- rule 192_168_133_226 {
- match {
- destination-address 192.168.133.226/32;
- }
- then {
- static-nat {
- prefix {
- 10.16.3.92/32;
- }
- }
- }
- }
- rule 192_168_133_227 {
- match {
- destination-address 192.168.133.227/32;
- }
- then {
- static-nat {
- prefix {
- 10.1.255.4/32;
- }
- }
- }
- }
- rule 192_168_133_228 {
- match {
- destination-address 192.168.133.228/32;
- }
- then {
- static-nat {
- prefix {
- 10.6.0.11/32;
- }
- }
- }
- }
- rule 192_168_133_229 {
- match {
- destination-address 192.168.133.229/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.6.12/32;
- }
- }
- }
- }
- rule 192_168_133_230 {
- match {
- destination-address 192.168.133.230/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.5.11/32;
- }
- }
- }
- }
- rule 192_168_133_231 {
- match {
- destination-address 192.168.133.231/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.7.11/32;
- }
- }
- }
- }
- rule 192_168_133_232 {
- match {
- destination-address 192.168.133.232/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.2.11/32;
- }
- }
- }
- }
- rule 192_168_133_233 {
- match {
- destination-address 192.168.133.233/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.8.11/32;
- }
- }
- }
- }
- rule 192_168_133_234 {
- match {
- destination-address 192.168.133.234/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.6.11/32;
- }
- }
- }
- }
- rule 192_168_133_235 {
- match {
- destination-address 192.168.133.235/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.4.11/32;
- }
- }
- }
- }
- rule 192_168_133_236 {
- match {
- destination-address 192.168.133.236/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.3.11/32;
- }
- }
- }
- }
- rule 192_168_133_237 {
- match {
- destination-address 192.168.133.237/32;
- }
- then {
- static-nat {
- prefix {
- 10.21.1.11/32;
- }
- }
- }
- }
- rule 192_168_133_238 {
- match {
- destination-address 192.168.133.238/32;
- }
- then {
- static-nat {
- prefix {
- 10.7.0.10/32;
- }
- }
- }
- }
- rule 192_168_133_239 {
- match {
- destination-address 192.168.133.239/32;
- }
- then {
- static-nat {
- prefix {
- 10.7.0.8/32;
- }
- }
- }
- }
- rule 192_168_133_240 {
- match {
- destination-address 192.168.133.240/32;
- }
- then {
- static-nat {
- prefix {
- 10.1.255.1/32;
- }
- }
- }
- }
- rule 192_168_133_241 {
- match {
- destination-address 192.168.133.241/32;
- }
- then {
- static-nat {
- prefix {
- 10.2.5.17/32;
- }
- }
- }
- }
- rule 192_168_133_242 {
- match {
- destination-address 192.168.133.242/32;
- }
- then {
- static-nat {
- prefix {
- 10.2.5.53/32;
- }
- }
- }
- }
- rule 192_168_133_243 {
- match {
- destination-address 192.168.133.243/32;
- }
- then {
- static-nat {
- prefix {
- 10.7.0.9/32;
- }
- }
- }
- }
- rule 192_168_133_244 {
- match {
- destination-address 192.168.133.244/32;
- }
- then {
- static-nat {
- prefix {
- 10.3.2.5/32;
- }
- }
- }
- }
- rule 192_168_133_245 {
- match {
- destination-address 192.168.133.245/32;
- }
- then {
- static-nat {
- prefix {
- 10.3.1.1/32;
- }
- }
- }
- }
- rule 192_168_133_246 {
- match {
- destination-address 192.168.133.246/32;
- }
- then {
- static-nat {
- prefix {
- 10.5.0.18/32;
- }
- }
- }
- }
- rule 192_168_133_247 {
- match {
- destination-address 192.168.133.247/32;
- }
- then {
- static-nat {
- prefix {
- 10.5.0.21/32;
- }
- }
- }
- }
- rule 192_168_133_248 {
- match {
- destination-address 192.168.133.248/32;
- }
- then {
- static-nat {
- prefix {
- 10.5.0.8/32;
- }
- }
- }
- }
- rule 192_168_133_250 {
- match {
- destination-address 192.168.133.250/32;
- }
- then {
- static-nat {
- prefix {
- 10.23.1.2/32;
- }
- }
- }
- }
- rule 192_168_133_251 {
- match {
- destination-address 192.168.133.251/32;
- }
- then {
- static-nat {
- prefix {
- 10.23.1.3/32;
- }
- }
- }
- }
- rule 192_168_133_252 {
- match {
- destination-address 192.168.133.252/32;
- }
- then {
- static-nat {
- prefix {
- 10.2.5.1/32;
- }
- }
- }
- }
- rule 192_168_133_253 {
- match {
- destination-address 192.168.133.253/32;
- }
- then {
- static-nat {
- prefix {
- 10.2.5.2/32;
- }
- }
- }
- }
- rule 192_168_133_254 {
- match {
- destination-address 192.168.133.254/32;
- }
- then {
- static-nat {
- prefix {
- 10.2.5.23/32;
- }
- }
- }
- }
- }
- }
- }
- policies {
- from-zone TRUST to-zone UNTRUST {
- policy WEBSENSE-TRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application junos-http;
- }
- then {
- permit {
- application-services {
- utm-policy WEBSENSE-UTM-POLICY;
- }
- }
- }
- }
- policy TRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TRUST to-zone TRUST {
- policy TRUST-TO-TRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TRUST to-zone HP-VPN {
- policy TRUST-TO-HP-VPN {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone HP-VPN to-zone TRUST {
- policy HP-VPN-TO-TRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone TRUST {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- protocols {
- bgp;
- bfd;
- }
- }
- interfaces {
- vlan.4;
- st0.63;
- st0.35;
- st0.34;
- st0.12;
- st0.13;
- st0.14;
- st0.15;
- st0.25;
- st0.37;
- st0.38;
- st0.33;
- st0.16;
- st0.17;
- st0.18;
- st0.21;
- st0.22;
- st0.24;
- st0.27;
- st0.23;
- st0.19;
- st0.20;
- st0.31;
- st0.32;
- st0.36;
- st0.30;
- vlan.10;
- vlan.20;
- vlan.30;
- vlan.40;
- vlan.50;
- vlan.90;
- st0.26;
- }
- }
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- ike;
- }
- protocols {
- bgp;
- bfd;
- }
- }
- interfaces {
- vlan.3;
- }
- }
- security-zone HP-VPN-LINK {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- ike;
- }
- }
- interfaces {
- vlan.5;
- }
- }
- security-zone HP-VPN {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- interfaces {
- st0.0;
- }
- }
- }
-}
-firewall {
- family inet {
- filter PROTECT-RE {
- term SSH-ALLOW {
- from {
- source-prefix-list {
- PRE-MGMT-SOURCES;
- PRE-LOCALIPv4-SOURCES;
- }
- protocol tcp;
- destination-port ssh;
- }
- then accept;
- }
- term SNMP-ALLOW {
- from {
- source-prefix-list {
- PRE-MGMT-SOURCES;
- PRE-LOCALIPv4-SOURCES;
- }
- protocol udp;
- destination-port snmp;
- }
- then accept;
- }
- term SSH-DENY {
- from {
- protocol tcp;
- destination-port ssh;
- }
- then {
- discard;
- }
- }
- term SNMP-DENY {
- from {
- protocol udp;
- destination-port snmp;
- }
- then {
- discard;
- }
- }
- term ALL-TRAFFIC {
- then accept;
- }
- }
- }
-}
-routing-instances {
- HP-VPN-LINK {
- instance-type virtual-router;
- interface vlan.5;
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 128.212.228.89;
- }
- }
- }
-}
-vlans {
- VLAN-10 {
- vlan-id 10;
- l3-interface vlan.10;
- }
- VLAN-20 {
- vlan-id 20;
- l3-interface vlan.20;
- }
- VLAN-3 {
- vlan-id 3;
- l3-interface vlan.3;
- }
- VLAN-30 {
- vlan-id 30;
- l3-interface vlan.30;
- }
- VLAN-4 {
- vlan-id 4;
- l3-interface vlan.4;
- }
- VLAN-40 {
- vlan-id 40;
- l3-interface vlan.40;
- }
- VLAN-5 {
- vlan-id 5;
- l3-interface vlan.5;
- }
- VLAN-50 {
- vlan-id 50;
- l3-interface vlan.50;
- }
- VLAN-90 {
- vlan-id 90;
- l3-interface vlan.90;
- }
-}
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show ospf neighbor
-# OSPF instance is not running
-#
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show bfd session
- Detect Transmit
-Address State Interface Time Interval Multiplier
-10.119.20.100 Up vlan.4 6.000 2.000 3
-156.110.27.61 Up vlan.3 6.000 2.000 3
-
-2 sessions, 2 clients
-Cumulative transmit rate 1.0 pps, cumulative receive rate 1.0 pps
-
-# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system snapshot media internal
-# Information for snapshot on internal (/dev/ad0s1a) (backup)
-# Creation date: Apr 21 01:07:13 2015
-# JUNOS version on snapshot:
-# junos : 12.1X46-D20.5-domestic
-# Information for snapshot on internal (/dev/ad0s2a) (primary)
-# Creation date: May 23 14:42:38 2015
-# JUNOS version on snapshot:
-# junos : 12.1X46-D20.5-domestic
-#
More information about the Nocrancid
mailing list