[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sun May 22 18:03:31 CDT 2016
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 142943)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -44,8 +44,10 @@
# Serial ID ACDT6307
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis scb
+# show chassis sfm detail
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis sfm detail
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis ssb
+# show system boot-messages
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2014, Juniper Networks, Inc.
@@ -110,10 +112,11 @@
# WARNING: / was not properly dismounted
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show version
-# Hostname: MAYSVILLE-ES-LEASED-ASSET-TAG-004945 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# Hostname: MAYSVILLE-ES-LEASED-ASSET-TAG-004945 # Model: srx240h2 # file list /var/tmp detail # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show system uptime
+# show interface terse
# System booted: 2016-03-25 14:07 CDT
# Protocols started: 2016-03-25 14:10 CDT
# Last configured: 2016-03-25 14:17 CDT by joel
@@ -169,6 +172,7 @@
#vlan up up
#vlan.999 up down
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show configuration
+show ospf neighbor
## Last commit: 2016-03-25 14:17:43 CDT by joel
version 12.1X44-D35.5;
system {
Index: configs/faye.okcdc.onenet.net
===================================================================
--- configs/faye.okcdc.onenet.net (revision 142920)
+++ configs/faye.okcdc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at FAYE-MX104-RE0> show system commit
+# 2016-05-22 17:07:21 CDT by andrew via cli commit synchronize
# 2016-05-15 15:08:37 CDT by andrew via cli commit synchronize
# 2016-05-15 15:07:21 CDT by andrew via cli commit synchronize
# 2016-05-15 10:32:25 CDT by andrew via cli commit synchronize
# 2016-05-11 23:36:29 CDT by andrew via cli commit synchronize
# 2016-05-11 23:07:23 CDT by andrew via cli commit synchronize
-# 2016-05-09 22:51:56 CDT by andrew via cli commit synchronize
# grnoc-mon at FAYE-MX104-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -241,7 +241,7 @@
# grnoc-mon at FAYE-MX104-RE0> show system uptime
# System booted: 2016-03-29 19:14 CDT
# Protocols started: 2016-03-29 19:18 CDT
-# Last configured: 2016-05-15 15:08 CDT by andrew
+# Last configured: 2016-05-22 17:07 CDT by andrew
#
# {master}
# grnoc-mon at FAYE-MX104-RE0> show interface terse
@@ -289,10 +289,8 @@
#ge-1/1/5 up down
#ge-1/1/6 up down
#ge-1/1/7 up down
-#ge-1/1/8 up up
-#ge-1/1/8.0 up up
-#ge-1/1/9 up up
-#ge-1/1/9.32767 up up
+#ge-1/1/8 down down
+#ge-1/1/9 down down
#xe-2/0/0 up up
#xe-2/0/0.42 up up
#xe-2/0/0.32767 up up
@@ -328,7 +326,7 @@
#pp0 up up
#tap up up
# grnoc-mon at FAYE-MX104-RE0> show configuration
-## Last commit: 2016-05-15 15:08:37 CDT by andrew
+## Last commit: 2016-05-22 17:07:21 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -701,21 +699,10 @@
}
}
ge-1/1/8 {
- mtu 9014;
- unit 0 {
- description "TULSA VPN HEADEND [NO-MONITOR]";
- family inet {
- mtu 9000;
- address 164.58.22.69/30;
- }
- family iso;
- family mpls;
- }
+ disable;
}
ge-1/1/9 {
- description "TULSA VPN HEADEND TRUST [NO-MONITOR]";
- vlan-tagging;
- mtu 9014;
+ disable;
}
xe-2/0/0 {
description "CORE 10GE to core1.okc xe-3/0/0 | OneNet-OKC-RP3-XE-XXXX [NO-MONITOR]";
@@ -911,7 +898,6 @@
ipv6-tunneling;
interface lo0.0;
interface xe-2/0/0.42;
- interface ge-1/1/8.0;
interface ge-1/0/0.42;
}
bgp {
@@ -1047,7 +1033,6 @@
apply-groups ISIS-LEVEL2;
reference-bandwidth 1000g;
level 1 disable;
- interface ge-1/1/8.0;
interface xe-2/0/0.42;
interface fxp0.0 {
apply-groups-except ISIS-LEVEL2;
@@ -1076,11 +1061,6 @@
apply-groups-except OSPF;
disable;
}
- interface ge-1/1/8.0 {
- authentication {
- md5 7# key <removed>;
- }
- }
interface ge-1/0/0.42 {
link-protection;
authentication {
@@ -1121,7 +1101,6 @@
preference 255;
track-igp-metric;
interface ge-1/0/0.42;
- interface ge-1/1/8.0;
interface xe-2/0/0.42;
interface lo0.0;
}
@@ -2188,20 +2167,18 @@
# grnoc-mon at FAYE-MX104-RE0> show ospf neighbor
# Address Interface State ID Pri Dead
# 164.58.244.253 ge-1/0/0.42 Full 164.58.199.68
-# 164.58.22.70 ge-1/1/8.0 Full 164.58.199.75
# 164.58.244.20 xe-2/0/0.42 Full 164.58.199.211
#
# {master}
# grnoc-mon at FAYE-MX104-RE0> show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
-164.58.22.70 Up ge-1/1/8.0 1.200 0.400 3
164.58.244.20 Up xe-2/0/0.42 1.200 0.400 3
164.58.244.253 Down ge-1/0/0.42 0.000 2.000 3
fe80::5e5e:ab00:2ad8:4469 Up ge-1/0/0.42 1.200 0.400 3
fe80::8618:8800:2a28:39ef Down xe-2/0/0.42 0.000 2.000 3
-5 sessions, 7 clients
-Cumulative transmit rate 8.5 pps, cumulative receive rate 7.5 pps
+4 sessions, 5 clients
+Cumulative transmit rate 6.0 pps, cumulative receive rate 5.0 pps
{master}
Index: configs/oeta-beaver-tower.nid.onenet.net
===================================================================
--- configs/oeta-beaver-tower.nid.onenet.net (revision 142944)
+++ configs/oeta-beaver-tower.nid.onenet.net (working copy)
@@ -1467,8 +1467,8 @@
configure system
ecpa-streams 1
stream-name "stream-1"
- framesize 768
- rate 19904000
+ framesize 1530
+ rate 19008000
payload-type fixed
dest-mac 00:0b:09:00:00:01
outer-vlan-control disabled
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 142944)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -46,7 +46,6 @@
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show chassis scb
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show chassis sfm detail
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show chassis ssb
-# show system boot-messages
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2014, Juniper Networks, Inc.
@@ -110,7 +109,7 @@
# Trying to mount root from ufs:/dev/da0s1a
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show version
-# file list /var/tmp detail # Hostname: STRINGTOWN-HIGH-SCHOOL-TAG-004909 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# Hostname: STRINGTOWN-HIGH-SCHOOL-TAG-004909 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show system uptime
Index: configs/core1.okc-mx960.onenet.net
===================================================================
--- configs/core1.okc-mx960.onenet.net (revision 142772)
+++ configs/core1.okc-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE1-MX960-RE0> show system commit
+# 2016-05-22 17:07:03 CDT by andrew via cli commit synchronize
# 2016-05-16 20:38:29 CDT by andrew via cli commit synchronize
# 2016-05-16 17:49:18 CDT by andrew via cli commit synchronize
# 2016-05-10 22:17:50 CDT by andrew via cli commit synchronize
# 2016-05-10 18:04:36 CDT by andrew via cli commit synchronize
# 2016-05-10 18:02:47 CDT by andrew via cli commit synchronize
-# 2016-04-12 10:07:43 CDT by andrew via cli commit synchronize
# grnoc-mon at OKC-CORE1-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -580,7 +580,7 @@
# grnoc-mon at OKC-CORE1-MX960-RE0> show system uptime
# System booted: 2016-03-20 01:18 CDT
# Protocols started: 2016-03-20 01:20 CDT
-# Last configured: 2016-05-16 20:38 CDT by andrew
+# Last configured: 2016-05-22 17:07 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE1-MX960-RE0> show interface terse
@@ -707,10 +707,8 @@
#ge-2/3/5 up down
#ge-2/3/6 up down
#ge-2/3/7 up down
-#ge-2/3/8 up up
-#ge-2/3/8.32767 up up
-#ge-2/3/9 up up
-#ge-2/3/9.0 up up
+#ge-2/3/8 down down
+#ge-2/3/9 down down
#lc-3/0/0 up up
#lc-3/0/0.32769 up up
#pfe-3/0/0 up up
@@ -862,7 +860,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE1-MX960-RE0> show configuration
-## Last commit: 2016-05-16 20:38:29 CDT by andrew
+## Last commit: 2016-05-22 17:07:03 CDT by andrew
version 13.3R8.7;
groups {
re0 {
@@ -1464,21 +1462,10 @@
disable;
}
ge-2/3/8 {
- description "OneNet State VPN Headend Trust [NO-MONITOR] | CIR000XXXX";
- flexible-vlan-tagging;
- mtu 9014;
- encapsulation flexible-ethernet-services;
+ disable;
}
ge-2/3/9 {
- description "OneNet State VPN Headend Untrust [NO-MONITOR] | CIR000XXXX";
- mtu 9014;
- unit 0 {
- family inet {
- mtu 9000;
- address 164.58.22.65/30;
- }
- family mpls;
- }
+ disable;
}
xe-3/0/0 {
description "CORE 10GE to faye xe-2/0/0 | OneNet-OKC-RP3-XE-XXXX [NO-MONITOR]";
@@ -2082,7 +2069,6 @@
interface xe-3/2/1.40;
interface xe-3/0/0.42;
interface xe-4/1/1.42;
- interface ge-2/3/9.0;
interface ge-0/2/1.42;
interface xe-3/1/0.42;
interface xe-4/0/0.42;
@@ -2357,16 +2343,6 @@
multiplier 3;
}
}
- interface ge-2/3/9.0 {
- link-protection;
- authentication {
- md5 7# key <removed>;
- }
- bfd-liveness-detection {
- minimum-interval 400;
- multiplier 3;
- }
- }
interface xe-4/1/0.42 {
link-protection;
authentication {
@@ -2670,7 +2646,6 @@
interface xe-2/0/0.69;
interface xe-2/1/0.69;
interface xe-2/1/1.69;
- interface ge-2/3/9.0;
interface xe-3/0/0.42;
interface xe-3/0/1.40;
interface xe-3/1/0.42;
@@ -2732,7 +2707,6 @@
interface xe-3/1/0;
interface xe-4/0/0;
interface xe-3/1/1;
- interface ge-2/3/9;
interface xe-4/1/0;
interface xe-4/1/1;
interface ge-0/2/1;
@@ -13710,7 +13684,6 @@
# 164.58.15.50 ge-0/2/0.48 Full 164.58.199.216
# 164.58.244.89 ge-0/2/1.42 Full 164.58.199.218
# 164.58.244.141 ge-0/3/0.42 Full 164.58.199.219
-# 164.58.22.66 ge-2/3/9.0 Full 164.58.199.73
# 164.58.15.38 xe-0/0/1.36 Full 164.58.199.213
# 164.58.246.138 xe-1/1/0.69 Full 164.58.199.194
# 164.58.15.202 xe-1/1/1.200 Full 164.58.199.230
@@ -13739,7 +13712,6 @@
164.58.15.50 Up ge-0/2/0.48 1.200 0.400 3
164.58.15.198 Up xe-1/2/0.196 1.200 0.400 3
164.58.15.202 Up xe-1/1/1.200 1.200 0.400 3
-164.58.22.66 Up ge-2/3/9.0 1.200 0.400 3
164.58.244.7 Up xe-3/1/0.42 1.200 0.400 3
164.58.244.14 Up et-7/1/0.42 1.200 0.400 3
164.58.244.21 Up xe-3/0/0.42 1.200 0.400 3
@@ -13772,7 +13744,7 @@
fe80::8618:8800:2aee:dfc2 Up ae0.42 1.200 0.400 3
fe80::aad0:e500:2ae4:3000 Up xe-3/1/0.42 1.200 0.400 3
-36 sessions, 47 clients
-Cumulative transmit rate 90.0 pps, cumulative receive rate 90.0 pps
+35 sessions, 46 clients
+Cumulative transmit rate 87.5 pps, cumulative receive rate 87.5 pps
{master}
Index: configs/meeker-ps.client.onenet.net
===================================================================
--- configs/meeker-ps.client.onenet.net (revision 142939)
+++ configs/meeker-ps.client.onenet.net (working copy)
@@ -110,7 +110,7 @@
# WARNING: / was not properly dismounted
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show version
-# file list /var/tmp detail # Hostname: MEEKER-PS-LEASED-ASSET-TAG-004947 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# Hostname: MEEKER-PS-LEASED-ASSET-TAG-004947 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show system uptime
Index: configs/okc-vpn-cluster.okc.onenet.net
===================================================================
--- configs/okc-vpn-cluster.okc.onenet.net (revision 142899)
+++ configs/okc-vpn-cluster.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show system commit
+# 2016-05-22 17:14:32 CDT by admin via cli
+# 2016-05-22 17:10:31 CDT by andrew via cli
+# 2016-05-22 17:07:40 CDT by andrew via cli commit confirmed, rollback in 10mins
# 2016-05-21 00:44:04 CDT by andrew via cli
# 2016-05-21 00:37:40 CDT by andrew via cli
# 2016-05-21 00:33:22 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2016-05-10 13:04:56 CDT by sean via cli
-# 2016-05-10 13:03:32 CDT by sean via cli
-# 2016-05-09 16:21:39 CDT by sean via cli
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show chassis environment
# node0:
# --------------------------------------------------------------------------
@@ -234,12 +234,12 @@
# --------------------------------------------------------------------------
# System booted: 2016-03-01 19:49 CST
# Protocols started: 2016-03-01 20:04 CST
-# Last configured: 2016-05-21 00:44 CDT by andrew
+# Last configured: 2016-05-22 17:14 CDT by admin
#
# node1:
# --------------------------------------------------------------------------
# System booted: 2016-03-01 19:35 CST
-# Last configured: 2016-05-21 00:44 CDT by root
+# Last configured: 2016-05-22 17:14 CDT by root
#
# {primary:node0}
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show interface terse
@@ -358,12 +358,14 @@
#st0.18 up down
#st0.19 up up
#st0.20 up down
+#st0.21 up up
+#st0.22 up up
#swfab0 up down
#swfab1 up down
#tap up up
#vlan up up
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show configuration
-## Last commit: 2016-05-21 00:44:04 CDT by andrew
+## Last commit: 2016-05-22 17:14:32 CDT by admin
version 12.1X46-D40.2;
groups {
node0 {
@@ -598,6 +600,8 @@
primary;
preferred;
}
+ address 164.58.22.70/32;
+ address 164.58.22.66/32;
}
}
}
@@ -824,6 +828,20 @@
address 156.110.25.84/31;
}
}
+ unit 21 {
+ description "VERIZON-AURORA [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.14.2/30;
+ }
+ }
+ unit 22 {
+ description "VERIZON-WEST-JORDAN [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.14.6/30;
+ }
+ }
}
}
snmp {
@@ -883,6 +901,21 @@
peer-as 64516;
}
}
+ group EBGP-VERIZON-VPN-V4 {
+ type external;
+ import EBGP-VERIZON-VPN-V4-IMPORT;
+ family inet {
+ unicast;
+ }
+ export EBGP-VERIZON-VPN-V4-EXPORT;
+ peer-as 6167;
+ neighbor 10.199.14.1 {
+ description "EBGP-VERIZON-AURORA [NO-MONITOR]";
+ }
+ neighbor 10.199.14.5 {
+ description "EBGP-VERIZON-WEST-JORDAN [NO-MONITOR]";
+ }
+ }
}
lldp {
interface all;
@@ -1006,6 +1039,29 @@
then accept;
}
}
+ policy-statement EBGP-VERIZON-VPN-V4-EXPORT {
+ term EXPORT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-VERIZON-VPN-V4-IMPORT {
+ term PREFIXES {
+ from {
+ route-filter 10.199.15.0/24 exact;
+ route-filter 10.199.16.0/24 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
}
security {
ike {
@@ -1016,6 +1072,13 @@
encryption-algorithm aes-128-cbc;
lifetime-seconds 28800;
}
+ proposal PRE-G2-VERIZON-MD5 {
+ authentication-method pre-shared-keys;
+ dh-group group2;
+ authentication-algorithm md5;
+ encryption-algorithm aes-256-cbc;
+ lifetime-seconds 86400;
+ }
policy IKE-COMANCHE-PS {
mode main;
proposals PRE-G2-AES128-SHA;
@@ -1121,6 +1184,16 @@
proposals PRE-G2-AES128-SHA;
# pre-shared-#key <removed>;
}
+ policy IKE-VERIZON-AURORA-VPN {
+ mode main;
+ proposals PRE-G2-VERIZON-MD5;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-VERIZON-W-JORDAN-VPN {
+ mode main;
+ proposals PRE-G2-VERIZON-MD5;
+# pre-shared-#key <removed>;
+ }
gateway IKE-GATE-COMANCHE-PS {
ike-policy IKE-COMANCHE-PS;
address 166.141.5.145;
@@ -1248,6 +1321,18 @@
external-interface lo0.0;
local-address 164.58.0.252;
}
+ gateway IKE-GATE-VERIZON-AURORA-VPN {
+ ike-policy IKE-VERIZON-AURORA-VPN;
+ address 66.174.192.199;
+ external-interface lo0.0;
+ local-address 164.58.22.66;
+ }
+ gateway IKE-GATE-VERIZON-W-JORDAN-VPN {
+ ike-policy IKE-VERIZON-W-JORDAN-VPN;
+ address 66.174.200.12;
+ external-interface lo0.0;
+ local-address 164.58.22.70;
+ }
}
ipsec {
proposal ESP-AES128-SHA {
@@ -1256,6 +1341,12 @@
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;
}
+ proposal G2-ESP-VERIZON-SHA {
+ protocol esp;
+ authentication-algorithm hmac-sha1-96;
+ encryption-algorithm aes-256-cbc;
+ lifetime-seconds 3600;
+ }
policy VPN-POLICY-COMANCHE-PS {
proposals ESP-AES128-SHA;
}
@@ -1319,6 +1410,12 @@
policy VPN-POLICY-INTERNETUSER1-PS {
proposals ESP-AES128-SHA;
}
+ policy VPN-POLICY-VERIZON-AURORA-VPN {
+ proposals G2-ESP-VERIZON-SHA;
+ }
+ policy VPN-POLICY-VERIZON-W-JORDAN-VPN {
+ proposals G2-ESP-VERIZON-SHA;
+ }
vpn IPSEC-VPN-COMANCHE-PS {
bind-interface st0.0;
ike {
@@ -1512,6 +1609,22 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-VERIZON-AURORA-VPN {
+ bind-interface st0.21;
+ ike {
+ gateway IKE-GATE-VERIZON-AURORA-VPN;
+ ipsec-policy VPN-POLICY-VERIZON-AURORA-VPN;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-VERIZON-VPN {
+ bind-interface st0.22;
+ ike {
+ gateway IKE-GATE-VERIZON-W-JORDAN-VPN;
+ ipsec-policy VPN-POLICY-VERIZON-W-JORDAN-VPN;
+ }
+ establish-tunnels immediately;
+ }
}
alg {
msrpc disable;
@@ -1735,6 +1848,28 @@
}
}
}
+ st0.21 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ }
+ }
+ }
+ st0.22 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ }
+ }
+ }
}
}
security-zone OMES-MGMT {
More information about the Nocrancid
mailing list