[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Fri Oct 7 10:04:00 CDT 2016
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 147079)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -614,6 +614,7 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show bfd session
+quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/vici-public-schools.client.onenet.net
===================================================================
--- configs/vici-public-schools.client.onenet.net (revision 147058)
+++ configs/vici-public-schools.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at VICI-PUBLIC-SCHOOLS-TAG-004342> show system uptime
-# System booted: 2016-04-26 19:47 CDT
-# Protocols started: 2016-04-26 19:49 CDT
+# System booted: 2016-10-07 09:53 CDT
+# Protocols started: 2016-10-07 09:56 CDT
# Last configured: 2016-06-23 14:15 CDT by andrew
#
# grnoc-mon at VICI-PUBLIC-SCHOOLS-TAG-004342> show interface terse
Index: configs/haynie-public-library.client.onenet.net
===================================================================
--- configs/haynie-public-library.client.onenet.net (revision 146852)
+++ configs/haynie-public-library.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at HAYNIE-PUBLIC-LIBRARY-004352> show system uptime
-# System booted: 2016-09-28 14:45 CDT
-# Protocols started: 2016-09-28 14:47 CDT
+# System booted: 2016-10-07 09:34 CDT
+# Protocols started: 2016-10-07 09:36 CDT
# Last configured: 2016-09-22 17:00 CDT by joel
#
# grnoc-mon at HAYNIE-PUBLIC-LIBRARY-004352> show interface terse
Index: configs/leflore-ps.client.onenet.net
===================================================================
--- configs/leflore-ps.client.onenet.net (revision 147061)
+++ configs/leflore-ps.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at LEFLORE-PS-LR-004337> show system uptime
-# System booted: 2016-10-06 13:10 CDT
-# Protocols started: 2016-10-06 13:12 CDT
+# System booted: 2016-10-07 09:01 CDT
+# Protocols started: 2016-10-07 09:03 CDT
# Last configured: 2016-09-13 11:01 CDT by andrew
#
# grnoc-mon at LEFLORE-PS-LR-004337> show interface terse
Index: configs/core.sal.onenet.net
===================================================================
--- configs/core.sal.onenet.net (revision 147080)
+++ configs/core.sal.onenet.net (working copy)
@@ -294,8 +294,8 @@
#ge-0/2/6 up down
#ge-0/2/7 up down
#ge-0/2/8 up down
-#ge-0/2/9 up down
-#ge-0/2/9.0 up down
+#ge-0/2/9 up up
+#ge-0/2/9.0 up up
#ge-0/3/0 down down
#ge-0/3/1 up down
#ge-0/3/2 up down
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 147079)
+++ configs/hub.dur.onenet.net (working copy)
@@ -329,7 +329,7 @@
#fe-2/1/1.0 up up
#fe-2/1/2 up up
#fe-2/1/2.0 up up
-#fe-2/1/3 down up
+#fe-2/1/3 down down
#ge-2/2/0 down down
#pc-2/2/0 up up
#pc-2/2/0.16383 up up
Index: configs/core5.tul.onenet.net
===================================================================
--- configs/core5.tul.onenet.net (revision 147060)
+++ configs/core5.tul.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system commit
+# 2016-10-07 09:30:42 CDT by aberrios via cli commit synchronize
# 2016-10-06 12:17:06 CDT by aberrios via cli commit synchronize
# 2016-10-06 12:13:29 CDT by aberrios via cli commit synchronize
# 2016-10-06 10:03:00 CDT by aberrios via cli commit synchronize
# 2016-10-06 09:03:08 CDT by andrew via cli commit synchronize
# 2016-10-05 11:20:26 CDT by sean via cli commit synchronize
-# 2016-10-04 14:42:30 CDT by sean via cli commit synchronize
# grnoc-mon at TULSA-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -391,7 +391,7 @@
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system uptime
# System booted: 2016-08-15 04:47 CDT
# Protocols started: 2016-08-15 04:53 CDT
-# Last configured: 2016-10-06 12:17 CDT by aberrios
+# Last configured: 2016-10-07 09:30 CDT by aberrios
#
# {master}
# grnoc-mon at TULSA-CORE5-MX480-RE0> show interface terse
@@ -764,7 +764,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE5-MX480-RE0> show configuration
-## Last commit: 2016-10-06 12:17:06 CDT by aberrios
+## Last commit: 2016-10-07 09:30:42 CDT by aberrios
version 13.3R9.13;
groups {
re0 {
@@ -3948,9 +3948,6 @@
vlan-id 178;
family inet {
rpf-check;
- filter {
- output OILTON-ISD-OUTBOUND;
- }
policer {
input 200M-POL;
output 200M-POL;
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net (revision 147064)
+++ configs/core5.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE5-MX480-RE0> show system commit
+# 2016-10-07 09:17:43 CDT by andrew via cli commit synchronize
# 2016-10-06 16:36:49 CDT by sean via cli commit synchronize
# 2016-10-06 16:36:09 CDT by sean via cli commit synchronize
# 2016-10-06 16:22:36 CDT by sean via cli commit synchronize
# 2016-10-06 16:15:19 CDT by sean via cli commit synchronize
# 2016-10-06 16:09:36 CDT by sean via cli commit synchronize
-# 2016-10-05 01:40:13 CDT by andrew via cli commit synchronize
# grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -444,7 +444,7 @@
# grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime
# System booted: 2016-08-15 03:57 CDT
# Protocols started: 2016-08-15 04:06 CDT
-# Last configured: 2016-10-06 16:36 CDT by sean
+# Last configured: 2016-10-07 09:17 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse
@@ -926,7 +926,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE5-MX480-RE0> show configuration
-## Last commit: 2016-10-06 16:36:49 CDT by sean
+## Last commit: 2016-10-07 09:17:43 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -13449,6 +13449,11 @@
vrf-export DHS-GUEST-VRF-EXPORT;
vrf-target target:5078:2571;
vrf-table-label;
+ routing-options {
+ static {
+ route 172.16.218.184/29 next-hop 10.119.56.27;
+ }
+ }
protocols {
bgp {
group EBGP-OMES-DHS-GUEST {
Index: configs/pushmataha-fmc-clayton.client.onenet.net
===================================================================
--- configs/pushmataha-fmc-clayton.client.onenet.net (revision 146804)
+++ configs/pushmataha-fmc-clayton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show system commit
-# 2016-09-26 16:21:41 CDT by aberrios via cli
-# 2016-09-06 10:43:43 CDT by sky via cli
-# 2016-09-06 10:43:15 CDT by sky via cli
-# 2016-09-01 13:38:06 CDT by sky via cli
-# 2016-09-01 13:37:39 CDT by sky via cli
-# 2016-09-01 13:36:11 CDT by sky via cli commit confirmed, rollback in 3mins
+# 2016-10-07 09:59:34 CDT by sky via cli
+# 2016-10-07 09:56:09 CDT by sky via cli
+# 2016-10-07 09:55:26 CDT by sky via cli
+# 2016-10-07 09:50:55 CDT by sky via cli
+# 2016-10-07 09:47:09 CDT by sky via cli
+# 2016-10-07 09:45:05 CDT by sky via cli
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -115,7 +115,7 @@
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show system uptime
# System booted: 2016-08-18 10:28 CDT
# Protocols started: 2016-08-18 10:31 CDT
-# Last configured: 2016-09-26 16:21 CDT by aberrios
+# Last configured: 2016-10-07 09:59 CDT by sky
#
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show interface terse
#Interface Admin Link
@@ -166,11 +166,12 @@
#st0 up up
#st0.0 up up
#st0.1 up up
+#st0.2 up up
#tap up up
#vlan up up
#vlan.999 up down
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show configuration
-## Last commit: 2016-09-26 16:21:41 CDT by aberrios
+## Last commit: 2016-10-07 09:59:34 CDT by sky
version 12.1X46-D40.2;
system {
host-name PUSHMATAHA-FMC-CLAYTON-LR-004932;
@@ -392,6 +393,12 @@
mtu 1440;
}
}
+ unit 2 {
+ description "TUNNEL TO ECW VPN";
+ family inet {
+ mtu 1440;
+ }
+ }
}
vlan {
unit 999 {
@@ -449,6 +456,13 @@
encryption-algorithm 3des-cbc;
lifetime-seconds 28800;
}
+ proposal PRE-G2-AES256-SHA {
+ authentication-method pre-shared-keys;
+ dh-group group2;
+ authentication-algorithm sha1;
+ encryption-algorithm aes-256-cbc;
+ lifetime-seconds 28800;
+ }
policy IKE-DIA {
mode main;
proposals PRE-G2-3DES-SHA;
@@ -459,6 +473,11 @@
proposals PRE-G2-3DES-SHA;
# pre-shared-#key <removed>;
}
+ policy IKE-ECW {
+ mode main;
+ proposals PRE-G2-AES256-SHA;
+# pre-shared-#key <removed>;
+ }
gateway IKE-GATE-DIA {
ike-policy IKE-DIA;
address 156.110.207.226;
@@ -474,6 +493,16 @@
address 40.135.80.170;
external-interface ge-0/0/0.0;
}
+ gateway IKE-GATE-ECW {
+ ike-policy IKE-ECW;
+ address 66.151.252.106;
+ dead-peer-detection {
+ always-send;
+ interval 10;
+ threshold 3;
+ }
+ external-interface ge-0/0/0.0;
+ }
}
ipsec {
proposal ESP-3DES-SHA {
@@ -483,12 +512,22 @@
encryption-algorithm 3des-cbc;
lifetime-seconds 28800;
}
+ proposal ESP-AES-SHA {
+ description group2;
+ protocol esp;
+ authentication-algorithm hmac-sha1-96;
+ encryption-algorithm aes-256-cbc;
+ lifetime-seconds 28800;
+ }
policy VPN-POLICY-DIA {
proposals ESP-3DES-SHA;
}
policy VPN-POLICY-BOSWELL {
proposals ESP-3DES-SHA;
}
+ policy VPN-POLICY-ECW {
+ proposals ESP-AES-SHA;
+ }
vpn IPSEC-VPN-DIA {
bind-interface st0.0;
ike {
@@ -517,6 +556,22 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-ECW {
+ bind-interface st0.2;
+ ike {
+ gateway IKE-GATE-ECW;
+ ipsec-policy VPN-POLICY-ECW;
+ }
+ traffic-selector ECW-VPN {
+ local-ip 172.27.55.15/32;
+ remote-ip 162.217.14.251/32;
+ }
+ traffic-selector ECW-VPN-2 {
+ local-ip 172.27.55.15/32;
+ remote-ip 162.217.14.252/32;
+ }
+ establish-tunnels immediately;
+ }
}
screen {
ids-option UNTRUST-SCREEN {
@@ -570,6 +625,23 @@
}
}
}
+ static {
+ rule-set VPN-TO-TRUST-NAT {
+ from zone VPN;
+ rule ECW-NAT {
+ match {
+ destination-address 192.168.0.15/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 172.27.55.15/32;
+ }
+ }
+ }
+ }
+ }
+ }
}
policies {
from-zone TRUST to-zone UNTRUST {
@@ -608,6 +680,30 @@
}
}
}
+ from-zone VPN to-zone TRUST {
+ policy VPN-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TRUST to-zone VPN {
+ policy VPN-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
security-zone TRUST {
@@ -671,6 +767,20 @@
}
}
}
+ security-zone VPN {
+ interfaces {
+ st0.2 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
}
}
firewall {
Index: configs/core.odmhsas-okc.onenet.net
===================================================================
--- configs/core.odmhsas-okc.onenet.net (revision 146433)
+++ configs/core.odmhsas-okc.onenet.net (working copy)
@@ -247,8 +247,8 @@
#ge-0/1/4 up down
#ge-0/1/5 up down
#ge-0/1/6 up down
-#ge-0/1/7 up up
-#ge-0/1/7.0 up up
+#ge-0/1/7 up down
+#ge-0/1/7.0 up down
#ge-0/1/8 up up
#ge-0/1/8.0 up up
#ge-0/1/8.6 up up
Index: configs/doh-holdenville.client.onenet.net
===================================================================
--- configs/doh-holdenville.client.onenet.net (revision 146547)
+++ configs/doh-holdenville.client.onenet.net (working copy)
@@ -102,8 +102,8 @@
# total files: 1
#
# grnoc-mon at DOH-HOLDENVILLE-SRX220> show system uptime
-# System booted: 2016-09-17 18:28 CDT
-# Protocols started: 2016-09-17 18:30 CDT
+# System booted: 2016-10-07 09:11 CDT
+# Protocols started: 2016-10-07 09:13 CDT
# Last configured: 2016-07-26 19:06 CDT by andrew
#
# grnoc-mon at DOH-HOLDENVILLE-SRX220> show interface terse
More information about the Nocrancid
mailing list