[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Mar 1 23:02:35 CST 2016
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 140351)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -20,6 +20,7 @@
# Power Power Supply 0 OK
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis firmware
+# show chassis fpc detail
# Part Type Version
# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
@@ -44,7 +45,6 @@
# Serial ID ACDT6307
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis scb
-# show chassis sfm detail
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis sfm detail
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis ssb
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show system boot-messages
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 140328)
+++ configs/hub.dur.onenet.net (working copy)
@@ -369,7 +369,7 @@
#fe-2/1/1.0 up up
#fe-2/1/2 up up
#fe-2/1/2.0 up up
-#fe-2/1/3 down down
+#fe-2/1/3 down up
#ge-2/2/0 down down
#pc-2/2/0 up up
#pc-2/2/0.16383 up up
Index: configs/core1.okc-mx960.onenet.net
===================================================================
--- configs/core1.okc-mx960.onenet.net (revision 140351)
+++ configs/core1.okc-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE1-MX960-RE0> show system commit
+# 2016-03-01 22:47:11 CST by andrew via cli commit confirmed, rollback in 10mins synchronize
+# 2016-03-01 22:17:09 CST by andrew via cli commit synchronize
# 2016-03-01 21:56:28 CST by andrew via cli commit synchronize
# 2016-03-01 21:31:24 CST by andrew via cli commit synchronize
# 2016-02-28 21:44:17 CST by andrew via cli commit synchronize
# 2016-02-28 21:42:51 CST by andrew via cli commit synchronize
-# 2016-02-28 21:08:58 CST by andrew via cli commit synchronize
-# 2016-02-28 21:02:20 CST by andrew via cli commit confirmed, rollback in 3mins synchronize
# grnoc-mon at OKC-CORE1-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -555,7 +555,7 @@
# grnoc-mon at OKC-CORE1-MX960-RE0> show system uptime
# System booted: 2015-06-07 00:00 CDT
# Protocols started: 2015-06-07 00:03 CDT
-# Last configured: 2016-03-01 21:56 CST by andrew
+# Last configured: 2016-03-01 22:47 CST by andrew
#
# {master}
# grnoc-mon at OKC-CORE1-MX960-RE0> show interface terse
@@ -687,9 +687,6 @@
#ge-2/3/8 up up
#ge-2/3/8.2531 up up
#ge-2/3/8.2548 up up
-#ge-2/3/8.2569 up up
-#ge-2/3/8.2570 up up
-#ge-2/3/8.2574 up up
#ge-2/3/8.32767 up up
#ge-2/3/9 up up
#ge-2/3/9.0 up up
@@ -835,9 +832,6 @@
#lo0.16385 up up
#lsi up up
#lsi.512 up up
-#lsi.518 up up
-#lsi.521 up up
-#lsi.522 up up
#lsi.1059891 up up
#lsi.1059942 up up
#lsi.1060070 up up
@@ -853,7 +847,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE1-MX960-RE0> show configuration
-## Last commit: 2016-03-01 21:56:28 CST by andrew
+## Last commit: 2016-03-01 22:47:11 CST by andrew
version 13.3R6.5;
groups {
re0 {
@@ -1466,30 +1460,6 @@
address 10.119.24.10/31;
}
}
- unit 2569 {
- description "OTRD-DATA OKC-VPN-HEADEND [NO-MONITOR]";
- vlan-id 2569;
- family inet {
- mtu 1500;
- address 10.119.48.10/31;
- }
- }
- unit 2570 {
- description "DHS AGENCY DATA VPN CARTER COUNTY [NO-MONITOR]";
- vlan-id 2570;
- family inet {
- mtu 1500;
- address 10.119.52.8/31;
- }
- }
- unit 2574 {
- description "OTRD-GUEST OKC-VPN-HEADEND [NO-MONITOR]";
- vlan-id 2574;
- family inet {
- mtu 1500;
- address 10.119.48.138/31;
- }
- }
}
ge-2/3/9 {
description "OneNet State VPN Headend Untrust [NO-MONITOR] | CIR000XXXX";
@@ -13049,60 +13019,6 @@
then reject;
}
}
- policy-statement DHS-DATA-VRF-EXPORT {
- term 1 {
- from protocol static;
- then {
- community add DHS-DATA-VPN;
- accept;
- }
- }
- term 2 {
- from protocol direct;
- then {
- community add DHS-DATA-VPN;
- accept;
- }
- }
- term 3 {
- from protocol ospf;
- then {
- community add DHS-DATA-VPN;
- accept;
- }
- }
- term 4 {
- from protocol bgp;
- then {
- community add DHS-DATA-VPN;
- accept;
- }
- }
- }
- policy-statement DHS-DATA-VRF-IMPORT {
- term 1 {
- from {
- protocol bgp;
- community DHS-DATA-VPN;
- }
- then accept;
- }
- term 2 {
- then reject;
- }
- }
- policy-statement DHS-EXPORT-BGP-TO-OSPF {
- term DEFAULT-EXPORT {
- from {
- protocol bgp;
- route-filter 0.0.0.0/0 exact;
- }
- then accept;
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
policy-statement EBGP-REJECT-EXPORT {
term STEP-1 {
from {
@@ -13186,114 +13102,6 @@
then reject;
}
}
- policy-statement OTRD-DATA-EXPORT-BGP-TO-OSPF {
- term DEFAULT-EXPORT {
- from {
- protocol bgp;
- route-filter 0.0.0.0/0 exact;
- }
- then accept;
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
- policy-statement OTRD-DATA-VRF-EXPORT {
- term 1 {
- from protocol static;
- then {
- community add OTRD-DATA-VPN;
- accept;
- }
- }
- term 2 {
- from protocol direct;
- then {
- community add OTRD-DATA-VPN;
- accept;
- }
- }
- term 3 {
- from protocol ospf;
- then {
- community add OTRD-DATA-VPN;
- accept;
- }
- }
- term 4 {
- from protocol bgp;
- then {
- community add OTRD-DATA-VPN;
- accept;
- }
- }
- }
- policy-statement OTRD-DATA-VRF-IMPORT {
- term 1 {
- from {
- protocol bgp;
- community OTRD-DATA-VPN;
- }
- then accept;
- }
- term 2 {
- then reject;
- }
- }
- policy-statement OTRD-GUEST-EXPORT-BGP-TO-OSPF {
- term DEFAULT-EXPORT {
- from {
- protocol bgp;
- route-filter 0.0.0.0/0 exact;
- }
- then accept;
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
- policy-statement OTRD-GUEST-VRF-EXPORT {
- term 1 {
- from protocol static;
- then {
- community add OTRD-GUEST-VPN;
- accept;
- }
- }
- term 2 {
- from protocol direct;
- then {
- community add OTRD-GUEST-VPN;
- accept;
- }
- }
- term 3 {
- from protocol ospf;
- then {
- community add OTRD-GUEST-VPN;
- accept;
- }
- }
- term 4 {
- from protocol bgp;
- then {
- community add OTRD-GUEST-VPN;
- accept;
- }
- }
- }
- policy-statement OTRD-GUEST-VRF-IMPORT {
- term 1 {
- from {
- protocol bgp;
- community OTRD-GUEST-VPN;
- }
- then accept;
- }
- term 2 {
- then reject;
- }
- }
policy-statement REDISTRIBUTE-DIRECTS {
term 1 {
from protocol direct;
@@ -13325,12 +13133,9 @@
}
}
}
- community DHS-DATA-VPN members target:5078:2570;
community OKCCORE1 members 5078:211;
community OMES-AGENCY-DATA-VPN members target:5078:2548;
community ONENET_AGGREGATE members 5078:9601;
- community OTRD-DATA-VPN members target:5078:2569;
- community OTRD-GUEST-VPN members target:5078:2574;
}
class-of-service {
classifiers {
@@ -13806,24 +13611,6 @@
}
}
routing-instances {
- DHS-DATA-L3VPN {
- description DHS-DATA-L3VPN;
- instance-type vrf;
- interface ge-2/3/8.2570;
- route-distinguisher 164.58.199.211:2570;
- vrf-import DHS-DATA-VRF-IMPORT;
- vrf-export DHS-DATA-VRF-EXPORT;
- vrf-target target:5078:2570;
- vrf-table-label;
- protocols {
- ospf {
- export DHS-EXPORT-BGP-TO-OSPF;
- area 0.0.0.0 {
- interface ge-2/3/8.2570;
- }
- }
- }
- }
OMES-AGENCY-DATA-L3VPN {
description OMES-AGENCY-DATA-L3VPN;
instance-type vrf;
@@ -13842,42 +13629,6 @@
}
}
}
- OTRD-DATA-L3VPN {
- description OTRD-DATA-L3VPN;
- instance-type vrf;
- interface ge-2/3/8.2569;
- route-distinguisher 164.58.199.211:2569;
- vrf-import OTRD-DATA-VRF-IMPORT;
- vrf-export OTRD-DATA-VRF-EXPORT;
- vrf-target target:5078:2569;
- vrf-table-label;
- protocols {
- ospf {
- export OTRD-DATA-EXPORT-BGP-TO-OSPF;
- area 0.0.0.0 {
- interface ge-2/3/8.2569;
- }
- }
- }
- }
- OTRD-GUEST-L3VPN {
- description OTRD-GUEST-L3VPN;
- instance-type vrf;
- interface ge-2/3/8.2574;
- route-distinguisher 164.58.199.211:2574;
- vrf-import OTRD-GUEST-VRF-IMPORT;
- vrf-export OTRD-GUEST-VRF-EXPORT;
- vrf-target target:5078:2574;
- vrf-table-label;
- protocols {
- ospf {
- export OTRD-GUEST-EXPORT-BGP-TO-OSPF;
- area 0.0.0.0 {
- interface ge-2/3/8.2574;
- }
- }
- }
- }
VPLS-ONENET-DC {
description ONENET-SANS-VPLS-OKC-TULSA-LAWTON;
instance-type vpls;
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net (revision 140351)
+++ configs/core5.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE5-MX480-RE0> show system commit
+# 2016-03-01 22:47:13 CST by andrew via cli commit confirmed, rollback in 10mins synchronize
+# 2016-03-01 22:06:55 CST by andrew via cli commit synchronize
# 2016-03-01 21:47:44 CST by andrew via cli commit synchronize
# 2016-03-01 21:30:10 CST by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2016-03-01 20:33:10 CST by andrew via cli commit synchronize
# 2016-03-01 20:31:40 CST by andrew via cli commit synchronize
-# 2016-03-01 20:18:38 CST by andrew via cli commit synchronize
-# 2016-03-01 19:30:19 CST by andrew via cli commit confirmed, rollback in 5mins synchronize
# grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -476,7 +476,7 @@
# grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime
# System booted: 2014-09-16 23:50 CDT
# Protocols started: 2014-09-16 23:51 CDT
-# Last configured: 2016-03-01 21:47 CST by andrew
+# Last configured: 2016-03-01 22:47 CST by andrew
#
# {master}
# grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse
@@ -870,7 +870,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE5-MX480-RE0> show configuration
-## Last commit: 2016-03-01 21:47:44 CST by andrew
+## Last commit: 2016-03-01 22:47:13 CST by andrew
version 12.3R7.7;
groups {
re0 {
@@ -2986,7 +2986,10 @@
}
unit 602 {
description "OKC-VPN-CLUSTER-DHS-AGENCY-DATA [NO-MONITOR]";
- family inet;
+ family inet {
+ mtu 1500;
+ address 10.119.52.10/31;
+ }
}
unit 603 {
description "OKC-VPN-CLUSTER-DHS-GUEST [NO-MONITOR]";
@@ -2997,10 +3000,17 @@
}
unit 604 {
description "OKC-VPN-CLUSTER-OTRD-AGENCY-DATA [NO-MONITOR]";
- family inet;
+ family inet {
+ mtu 1500;
+ address 10.119.48.10/31;
+ }
}
unit 605 {
description "OKC-VPN-CLUSTER-OTRD-GUEST [NO-MONITOR]";
+ family inet {
+ mtu 1500;
+ address 10.119.48.138/31;
+ }
}
}
lo0 {
@@ -11679,6 +11689,7 @@
interface xe-2/0/1.1121;
interface xe-2/1/1.425;
interface xe-2/1/1.601;
+ interface irb.602;
route-distinguisher 164.58.199.215:2570;
vrf-import DHS-DATA-VRF-IMPORT;
vrf-export DHS-DATA-VRF-EXPORT;
@@ -11729,6 +11740,12 @@
}
}
}
+ ospf {
+ export OMES-EXPORT-BGP-TO-OSPF;
+ area 0.0.0.0 {
+ interface irb.602;
+ }
+ }
}
}
DHS-GUEST-L3VPN {
@@ -12214,6 +12231,7 @@
description OTRD-DATA-L3VPN;
instance-type vrf;
interface xe-2/0/1.1117;
+ interface irb.604;
route-distinguisher 164.58.199.215:2569;
vrf-import OTRD-DATA-VRF-IMPORT;
vrf-export OTRD-DATA-VRF-EXPORT;
@@ -12236,12 +12254,19 @@
}
}
}
+ ospf {
+ export OMES-EXPORT-BGP-TO-OSPF;
+ area 0.0.0.0 {
+ interface irb.604;
+ }
+ }
}
}
OTRD-GUEST-L3VPN {
description OTRD-GUEST-L3VPN;
instance-type vrf;
interface xe-2/0/1.1126;
+ interface irb.605;
route-distinguisher 164.58.199.215:2574;
vrf-import OTRD-GUEST-VRF-IMPORT;
vrf-export OTRD-GUEST-VRF-EXPORT;
@@ -12264,6 +12289,12 @@
}
}
}
+ ospf {
+ export OMES-EXPORT-BGP-TO-OSPF;
+ area 0.0.0.0 {
+ interface irb.605;
+ }
+ }
}
}
PS-NET-L3VPN {
Index: configs/swi.cai.dun.onenet.net
===================================================================
--- configs/swi.cai.dun.onenet.net (revision 140315)
+++ configs/swi.cai.dun.onenet.net (working copy)
@@ -1,6 +1,7 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SWI-DUNCAN-PUBLIC-LIBRARY-EX-3300> show system commit
+# show chassis environment
# 2014-04-28 14:03:42 CDT by joel via cli commit confirmed, rollback in 2mins
# 2014-02-12 14:39:48 CST by donnie via cli
# 2014-02-12 11:10:28 CST by donnie via cli
Index: configs/maysville-hs.client.onenet.net
===================================================================
--- configs/maysville-hs.client.onenet.net (revision 140351)
+++ configs/maysville-hs.client.onenet.net (working copy)
@@ -9,6 +9,7 @@
# 2015-05-14 17:55:25 CDT by root via other
# rescue 2015-10-26 17:25:18 CDT by root via recovery-mgmt
#
+# show chassis environment
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -46,10 +47,8 @@
# Serial ID ACLC7669
#
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show chassis scb
-# show chassis sfm detail
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show chassis sfm detail
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show chassis ssb
-# show system boot-messages
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2014, Juniper Networks, Inc.
@@ -114,7 +113,7 @@
# WARNING: / was not properly dismounted
#
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show version
-# file list /var/tmp detail # Hostname: MAYSVILLE-HS-LEASED-ASSET-TAG-004887 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# Hostname: MAYSVILLE-HS-LEASED-ASSET-TAG-004887 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show system uptime
Index: configs/antlers-public-library.client.onenet.net
===================================================================
--- configs/antlers-public-library.client.onenet.net (revision 140256)
+++ configs/antlers-public-library.client.onenet.net (working copy)
@@ -1,6 +1,7 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show system commit
+# show chassis environment
# 2015-12-04 14:47:16 CST by joel via cli commit confirmed, rollback in 5mins
# 2015-12-04 14:39:55 CST by joel via cli
# 2015-12-04 13:26:16 CST by joel via cli
Index: configs/okc-vpn-cluster.okc.onenet.net
===================================================================
--- configs/okc-vpn-cluster.okc.onenet.net (revision 140352)
+++ configs/okc-vpn-cluster.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show system commit
+# 2016-03-01 22:54:10 CST by andrew via cli commit confirmed, rollback in 10mins
+# 2016-03-01 22:48:17 CST by andrew via cli commit confirmed, rollback in 10mins
+# 2016-03-01 22:12:55 CST by andrew via cli
+# 2016-03-01 22:08:31 CST by andrew via cli
# 2016-03-01 22:00:51 CST by andrew via cli commit confirmed, rollback in 10mins
# 2016-03-01 21:55:33 CST by andrew via cli commit confirmed, rollback in 5mins
-# 2016-03-01 21:49:04 CST by andrew via cli
-# 2016-03-01 21:31:22 CST by andrew via cli commit confirmed, rollback in 3mins
-# 2016-03-01 21:15:37 CST by admin via cli commit confirmed, rollback in 3mins
-# 2016-03-01 21:12:24 CST by admin via cli
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show chassis environment
# node0:
# --------------------------------------------------------------------------
@@ -234,12 +234,12 @@
# --------------------------------------------------------------------------
# System booted: 2016-03-01 19:49 CST
# Protocols started: 2016-03-01 20:04 CST
-# Last configured: 2016-03-01 22:00 CST by andrew
+# Last configured: 2016-03-01 22:54 CST by andrew
#
# node1:
# --------------------------------------------------------------------------
# System booted: 2016-03-01 19:35 CST
-# Last configured: 2016-03-01 22:00 CST by root
+# Last configured: 2016-03-01 22:54 CST by root
#
# {primary:node0}
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show interface terse
@@ -335,13 +335,18 @@
#reth1.32767 up up
#st0 up up
#st0.0 up up
+#st0.4 up up
+#st0.5 up up
+#st0.7 up up
+#st0.8 up up
+#st0.10 up up
#st0.11 up up
#swfab0 up down
#swfab1 up down
#tap up up
#vlan up up
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show configuration
-## Last commit: 2016-03-01 22:00:51 CST by andrew
+## Last commit: 2016-03-01 22:54:10 CST by andrew
version 12.1X46-D40.2;
groups {
node0 {
@@ -614,6 +619,10 @@
unit 602 {
description "CORE5-OKC-DHS-DATA [NO-MONITOR]";
vlan-id 602;
+ family inet {
+ mtu 1500;
+ address 10.119.52.11/31;
+ }
}
unit 603 {
description "CORE5-OKC-DHS-GUEST [NO-MONITOR]";
@@ -626,10 +635,18 @@
unit 604 {
description "CORE5-OKC-OTRD-DATA [NO-MONITOR]";
vlan-id 604;
+ family inet {
+ mtu 1500;
+ address 10.119.48.11/31;
+ }
}
unit 605 {
description "CORE5-OKC-OTRD-GUESTA [NO-MONITOR]";
vlan-id 605;
+ family inet {
+ mtu 1500;
+ address 10.119.48.139/31;
+ }
}
}
st0 {
@@ -639,6 +656,41 @@
address 164.58.23.241/30;
}
}
+ unit 4 {
+ description "OTRD-ROMAN-NOSE-DATA [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.119.26.8/31;
+ }
+ }
+ unit 5 {
+ description "OTRD-ROMAN-NOSE-GUEST [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.119.26.12/31;
+ }
+ }
+ unit 7 {
+ description "OTRD-BEAVERS-BEND-DATA [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.119.48.108/31;
+ }
+ }
+ unit 8 {
+ description "OTRD-BEAVERS-BEND-GUEST [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.119.48.148/31;
+ }
+ }
+ unit 10 {
+ description "DHS-CARTER-COUNTY-DATA [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.119.52.14/31;
+ }
+ }
unit 11 {
description "DHS-CARTER-COUNTY-GUEST [NO-MONITOR]";
family inet {
@@ -777,6 +829,31 @@
proposals PRE-G2-AES128-SHA;
# pre-shared-#key <removed>;
}
+ policy IKE-DHS-CARTER {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-OTRD-GUEST-BEAV-BEND {
+ mode aggressive;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-OTRD-DATA-BEAV-BEND {
+ mode aggressive;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-OTRD-GUEST-ROMAN-NOSE {
+ mode aggressive;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-OTRD-DATA-ROMAN-NOSE {
+ mode aggressive;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
gateway IKE-GATE-COMANCHE-PS {
ike-policy IKE-COMANCHE-PS;
address 166.141.5.145;
@@ -790,6 +867,36 @@
external-interface lo0.0;
local-address 164.58.0.254;
}
+ gateway IKE-GATE-DHS-CARTER {
+ ike-policy IKE-DHS-CARTER;
+ address 166.130.131.48;
+ external-interface lo0.0;
+ local-address 164.58.0.253;
+ }
+ gateway IKE-GATE-OTRD-GUEST-BEAV-BEND {
+ ike-policy IKE-OTRD-GUEST-BEAV-BEND;
+ dynamic user-at-hostname "beaversbendguest at otrd.ok.gov";
+ external-interface lo0.0;
+ local-address 164.58.0.254;
+ }
+ gateway IKE-GATE-OTRD-DATA-BEAV-BEND {
+ ike-policy IKE-OTRD-DATA-BEAV-BEND;
+ dynamic user-at-hostname "beaversbenddata at otrd.ok.gov";
+ external-interface lo0.0;
+ local-address 164.58.0.253;
+ }
+ gateway IKE-GATE-OTRD-GUEST-ROMAN-NOSE {
+ ike-policy IKE-OTRD-GUEST-ROMAN-NOSE;
+ dynamic user-at-hostname "romannoseguest at otrd.ok.gov";
+ external-interface lo0.0;
+ local-address 164.58.0.254;
+ }
+ gateway IKE-GATE-OTRD-DATA-ROMAN-NOSE {
+ ike-policy IKE-OTRD-DATA-ROMAN-NOSE;
+ dynamic user-at-hostname "romannosedata at otrd.ok.gov";
+ external-interface lo0.0;
+ local-address 164.58.0.253;
+ }
}
ipsec {
proposal ESP-AES128-SHA {
@@ -804,6 +911,21 @@
policy VPN-POLICY-DHS-GUEST-CARTER {
proposals ESP-AES128-SHA;
}
+ policy VPN-POLICY-DHS-CARTER {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-OTRD-GUEST-BEAV-BEND {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-OTRD-DATA-BEAV-BEND {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-OTRD-GUEST-ROMAN-NOSE {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-OTRD-DATA-ROMAN-NOSE {
+ proposals ESP-AES128-SHA;
+ }
vpn IPSEC-VPN-COMANCHE-PS {
bind-interface st0.0;
ike {
@@ -825,6 +947,51 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-DHS-CARTER {
+ bind-interface st0.10;
+ vpn-monitor {
+ optimized;
+ source-interface st0.10;
+ destination-ip 10.119.52.15;
+ }
+ ike {
+ gateway IKE-GATE-DHS-CARTER;
+ ipsec-policy VPN-POLICY-DHS-CARTER;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-OTRD-GUEST-BEAV-BEND {
+ bind-interface st0.8;
+ ike {
+ gateway IKE-GATE-OTRD-GUEST-BEAV-BEND;
+ ipsec-policy VPN-POLICY-OTRD-GUEST-BEAV-BEND;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-OTRD-DATA-BEAV-BEND {
+ bind-interface st0.7;
+ ike {
+ gateway IKE-GATE-OTRD-DATA-BEAV-BEND;
+ ipsec-policy VPN-POLICY-OTRD-DATA-BEAV-BEND;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-OTRD-GUEST-ROMAN-NOSE {
+ bind-interface st0.5;
+ ike {
+ gateway IKE-GATE-OTRD-GUEST-ROMAN-NOSE;
+ ipsec-policy VPN-POLICY-OTRD-GUEST-ROMAN-NOSE;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-OTRD-DATA-ROMAN-NOSE {
+ bind-interface st0.4;
+ ike {
+ gateway IKE-GATE-OTRD-DATA-ROMAN-NOSE;
+ ipsec-policy VPN-POLICY-OTRD-DATA-ROMAN-NOSE;
+ }
+ establish-tunnels immediately;
+ }
}
forwarding-options {
family {
@@ -981,6 +1148,7 @@
snmp;
ssh;
traceroute;
+ ike;
}
protocols {
bgp;
@@ -1046,6 +1214,18 @@
}
}
}
+ st0.10 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ ospf;
+ }
+ }
+ }
}
}
security-zone DHS-GUEST {
@@ -1090,6 +1270,30 @@
}
}
}
+ st0.4 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ ospf;
+ }
+ }
+ }
+ st0.7 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ ospf;
+ }
+ }
+ }
}
}
security-zone OTRD-GUEST {
@@ -1106,6 +1310,30 @@
}
}
}
+ st0.5 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ ospf;
+ }
+ }
+ }
+ st0.8 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ ospf;
+ }
+ }
+ }
}
}
}
@@ -1163,6 +1391,15 @@
DHS-DATA {
instance-type virtual-router;
interface reth1.602;
+ interface st0.10;
+ protocols {
+ ospf {
+ area 0.0.0.0 {
+ interface reth1.602;
+ interface st0.10;
+ }
+ }
+ }
}
DHS-GUEST {
instance-type virtual-router;
@@ -1195,10 +1432,32 @@
OTRD-DATA {
instance-type virtual-router;
interface reth1.604;
+ interface st0.4;
+ interface st0.7;
+ protocols {
+ ospf {
+ area 0.0.0.0 {
+ interface reth1.604;
+ interface st0.4;
+ interface st0.7;
+ }
+ }
+ }
}
OTRD-GUEST {
instance-type virtual-router;
interface reth1.605;
+ interface st0.5;
+ interface st0.8;
+ protocols {
+ ospf {
+ area 0.0.0.0 {
+ interface reth1.605;
+ interface st0.5;
+ interface st0.8;
+ }
+ }
+ }
}
}
applications {
Index: configs/hub.tsb.onenet.net
===================================================================
--- configs/hub.tsb.onenet.net (revision 140351)
+++ configs/hub.tsb.onenet.net (working copy)
@@ -198,7 +198,7 @@
# -rw-rw---- 1 root field 51994624 Oct 24 2013 ifinfo.core.1
# -rw-rw---- 1 root field 51974144 Oct 24 2013 ifinfo.core.2
# -rw-rw---- 1 root field 52744192 Oct 24 2013 ifinfo.core.3
-# -rw-rw---- 1 root field 52727808 Mar 1 21:58 ifinfo.core.4
+# -rw-rw---- 1 root field 52727808 Mar 1 22:58 ifinfo.core.4
# drwxrwxrwx 2 root wheel 512 Oct 12 2012 install/
# -rw-rw---- 1 root field 33464320 Mar 3 2014 jdiameterd.core.0
# -rw-r--r-- 1 eng field 99542994 Apr 23 2013 jinstall-ppc-11.4R7.5-domestic-signed.tgz
More information about the Nocrancid
mailing list