## Last changed: 2011-09-13 04:35:47 UTC version 10.4R6.5; system { host-name srx2; no-redirects; root-authentication { encrypted-password "$1$p24YdscxYh/dxssl$9Uvn8KzyU6lTauRxlENGx."; ## SECRET-DATA } name-server { 8.8.8.8; } services { ssh; telnet; } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { unit 0 { family inet { address 10.2.2.2/24; } } } ge-0/0/1 { unit 0; } fe-0/0/2 { unit 0; } fe-0/0/3 { unit 0; } fe-0/0/4 { unit 0; } fe-0/0/5 { unit 0; } fe-0/0/6 { unit 0; } fe-0/0/7 { unit 0; } st0 { unit 0 { family inet { mtu 1490; address 10.11.11.2/30; } } } } routing-options { static { route 172.16.100.0/24 next-hop st0.0; route 10.1.1.0/24 next-hop 10.2.2.1; } } protocols { stp; } security { ike { proposal prop-basic { authentication-method pre-shared-keys; dh-group group2; encryption-algorithm 3des-cbc; lifetime-seconds 3600; } policy pol-basic { mode main; proposals prop-basic; pre-shared-key ascii-text "$9$RGQcrvxNboJDWLJDikTQEcylWL7-VY4a"; ## SECRET-DATA } gateway srx1 { ike-policy pol-basic; address 10.1.1.2; dead-peer-detection { interval 10; threshold 5; } external-interface ge-0/0/0.0; } } ipsec { proposal prop-basic { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3600; } policy pol-basic { proposals prop-basic; } vpn p2p-srx1 { bind-interface st0.0; ike { gateway srx1; ipsec-policy pol-basic; } establish-tunnels immediately; } } zones { security-zone untrust { interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { ping; traceroute; ike; } } } } } security-zone vpn { interfaces { st0.0; } } } }