Second active NS-208

ns208(M)-> get conf
Total Config size 3518:
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set clock "timezone" 0
set admin format dos
set admin name "netscreen"
set admin password nKVUM2rwMUzPcrkG5sWIHdCtqkAibn
set admin auth timeout 120
set admin auth server "Local"
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "DMZ" tcp-rst
set zone "MGT" block
set zone "MGT" tcp-rst
set zone Untrust screen tear-drop
set zone Untrust screen syn-flood
set zone Untrust screen ping-death
set zone Untrust screen ip-filter-src
set zone Untrust screen land
set zone V1-Untrust screen tear-drop
set zone V1-Untrust screen syn-flood
set zone V1-Untrust screen ping-death
set zone V1-Untrust screen ip-filter-src
set zone V1-Untrust screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Untrust"
set interface vlan1 ip 192.168.1.1/24
set interface ethernet1 ip 192.168.12.1/24
set interface ethernet1 route
set interface ethernet1:1 ip 192.168.12.4/24
set interface ethernet1:1 route
set interface ethernet3 ip 10.100.31.204/24
set interface ethernet3 route
set interface ethernet3:1 ip 10.100.31.205/24
set interface ethernet3:1 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface vlan1 ip manageable
set interface ethernet1 ip manageable
set interface ethernet2 ip manageable
set interface ethernet3 ip manageable
unset interface ethernet1:1 manage scs
unset interface ethernet1:1 manage telnet
unset interface ethernet1:1 manage snmp
unset interface ethernet1:1 manage global-pro
unset interface ethernet1:1 manage ssl
set interface ethernet3 manage ping
set interface ethernet3 manage web
set interface ethernet3:1 manage ping
set interface ethernet3:1 manage web
set console timeout 0
set console page 0
set address "Trust" "192.168.12.0/24" 192.168.12.0 255.255.255.0
set snmp name "ns208"
set user "zed" uid 1
set user "zed" ike-id fqdn "zed" share-limit 1
set user "zed" type ike
set user "zed" "enable"
set ike gateway "p1" dialup "zed" Aggr outgoing-interface "ethernet3" preshare "cisco123" sec-level compatible
unset ike gateway "p1" nat-traversal
set ike policy-checking
set ike respond-bad-spi 1
set vpn "p2" id 1 gateway "p1" replay tunnel idletime 0 proposal "g2-esp-3des-md5"
set ike id-mode subnet
set xauth lifetime 480
set xauth default auth server Local
set policy id 1 from "Untrust" to "Trust" "Dial-Up VPN" "192.168.12.0/24" "ANY" Tunnel vpn "p2" id 2 log
set policy id 0 from "Trust" to "Untrust" "Any" "Any" "ANY" Permit log
set policy id 2 from "Untrust" to "Trust" "Any" "Any" "ANY" Permit
unset global-pro policy-manager primary outgoing-interface
unset global-pro policy-manager secondary outgoing-interface
set nsrp cluster id 1
set nsrp vsd-group id 0 priority 150
set nsrp vsd-group id 0 preempt
set nsrp vsd-group id 1 priority 100
set nsrp vsd-group id 1 preempt
set nsrp monitor interface ethernet1
set nsrp monitor interface ethernet3
set nsrp secondary-path "ethernet1"
set pki authority default scep mode "auto
" set pki x509 default cert-path "partial"
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
Return to nskb6606