#14 1 40 0 login password x4dnTr3maLkj administrator password uskRh6i6sNspobt_ user attribute connection=serial,telnet,remote,ssh,sftp,http ip route default gateway 39.110.199.225 filter 1 2 3 gateway dhcp lan3 ip keepalive 1 icmp-echo 10 5 39.110.199.225 ip lan1 address 192.168.0.1/24 ip lan1 proxyarp on vlan lan1/1 802.1q vid=101 name=VLAN101 ip lan1/1 address 192.168.1.1/24 vlan lan1/2 802.1q vid=102 name=VLAN102 ip lan1/2 address 192.168.102.1/24 ip lan1/2 secure filter in 9021 9023 9999 ip lan1/2 secure filter out 9020 9022 9999 ip lan2 address 39.110.199.253/27 ip lan2 secure filter in 101003 101020 101021 101022 101023 101024 101025 101030 101032 101100 101101 101102 101103 111003 111030 111032 111100 111101 111102 111103 ip lan2 secure filter out 101013 101020 101021 101022 101023 101024 101025 101026 101027 101099 dynamic 101080 101081 101082 101083 101084 101085 101098 101099 ip lan2 nat descriptor 200 ip lan3 address dhcp ip lan3 secure filter in 102099 102100 102101 102102 202003 202020 202021 202022 202023 202024 202025 202030 202032 ip lan3 secure filter out 202013 202020 202021 202022 202023 202024 202025 202026 202027 202099 dynamic 202080 202081 202082 202083 202084 202085 202098 202099 ip lan3 nat descriptor 300 pp disable all pp select anonymous pp bind tunnel1-tunnel32 pp auth request chap-pap pp auth username hal x9ekrjlbv2 pp auth username stud tzxLrEFJtnhruQbwL7unJNhK pp auth username louis "ZDxHCQkOu5dqK8vAb-wBfLk\"azXne4Yf" pp auth username zeale jfXo!n3hJcxgGDKjzAwYujA6 ppp ipcp ipaddress on ppp ipcp msext on ppp ccp type none ip pp remote address pool dhcp ip pp mtu 1258 pp enable anonymous no tunnel enable all tunnel select 1 tunnel encapsulation l2tp ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive use 1 off ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text Rt8pTKGt ipsec ike remote address 1 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 1 tunnel select 2 tunnel encapsulation l2tp ipsec tunnel 2 ipsec sa policy 2 2 esp aes-cbc sha-hmac ipsec ike keepalive use 2 off ipsec ike nat-traversal 2 on ipsec ike pre-shared-key 2 text Rt8pTKGt ipsec ike remote address 2 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 2 tunnel select 3 tunnel encapsulation l2tp ipsec tunnel 3 ipsec sa policy 3 3 esp aes-cbc sha-hmac ipsec ike keepalive use 3 off ipsec ike nat-traversal 3 on ipsec ike pre-shared-key 3 text Rt8pTKGt ipsec ike remote address 3 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 3 tunnel select 4 tunnel encapsulation l2tp ipsec tunnel 4 ipsec sa policy 4 4 esp aes-cbc sha-hmac ipsec ike keepalive use 4 off ipsec ike nat-traversal 4 on ipsec ike pre-shared-key 4 text Rt8pTKGt ipsec ike remote address 4 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 4 tunnel select 5 tunnel encapsulation l2tp ipsec tunnel 5 ipsec sa policy 5 5 esp aes-cbc sha-hmac ipsec ike keepalive use 5 off ipsec ike nat-traversal 5 on ipsec ike pre-shared-key 5 text Rt8pTKGt ipsec ike remote address 5 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 5 tunnel select 6 tunnel encapsulation l2tp ipsec tunnel 6 ipsec sa policy 6 6 esp aes-cbc sha-hmac ipsec ike keepalive use 6 off ipsec ike nat-traversal 6 on ipsec ike pre-shared-key 6 text Rt8pTKGt ipsec ike remote address 6 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 6 tunnel select 7 tunnel encapsulation l2tp ipsec tunnel 7 ipsec sa policy 7 7 esp aes-cbc sha-hmac ipsec ike keepalive use 7 off ipsec ike nat-traversal 7 on ipsec ike pre-shared-key 7 text Rt8pTKGt ipsec ike remote address 7 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 7 tunnel select 8 tunnel encapsulation l2tp ipsec tunnel 8 ipsec sa policy 8 8 esp aes-cbc sha-hmac ipsec ike keepalive use 8 off ipsec ike nat-traversal 8 on ipsec ike pre-shared-key 8 text Rt8pTKGt ipsec ike remote address 8 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 8 tunnel select 9 tunnel encapsulation l2tp ipsec tunnel 9 ipsec sa policy 9 9 esp aes-cbc sha-hmac ipsec ike keepalive use 9 off ipsec ike nat-traversal 9 on ipsec ike pre-shared-key 9 text Rt8pTKGt ipsec ike remote address 9 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 9 tunnel select 10 tunnel encapsulation l2tp ipsec tunnel 10 ipsec sa policy 10 10 esp aes-cbc sha-hmac ipsec ike keepalive use 10 off ipsec ike nat-traversal 10 on ipsec ike pre-shared-key 10 text Rt8pTKGt ipsec ike remote address 10 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 10 tunnel select 11 tunnel encapsulation l2tp ipsec tunnel 11 ipsec sa policy 11 11 esp aes-cbc sha-hmac ipsec ike keepalive use 11 off ipsec ike nat-traversal 11 on ipsec ike pre-shared-key 11 text Rt8pTKGt ipsec ike remote address 11 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 11 tunnel select 12 tunnel encapsulation l2tp ipsec tunnel 12 ipsec sa policy 12 12 esp aes-cbc sha-hmac ipsec ike keepalive use 12 off ipsec ike nat-traversal 12 on ipsec ike pre-shared-key 12 text Rt8pTKGt ipsec ike remote address 12 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 12 tunnel select 13 tunnel encapsulation l2tp ipsec tunnel 13 ipsec sa policy 13 13 esp aes-cbc sha-hmac ipsec ike keepalive use 13 off ipsec ike nat-traversal 13 on ipsec ike pre-shared-key 13 text Rt8pTKGt ipsec ike remote address 13 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 13 tunnel select 14 tunnel encapsulation l2tp ipsec tunnel 14 ipsec sa policy 14 14 esp aes-cbc sha-hmac ipsec ike keepalive use 14 off ipsec ike nat-traversal 14 on ipsec ike pre-shared-key 14 text Rt8pTKGt ipsec ike remote address 14 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 14 tunnel select 15 tunnel encapsulation l2tp ipsec tunnel 15 ipsec sa policy 15 15 esp aes-cbc sha-hmac ipsec ike keepalive use 15 off ipsec ike nat-traversal 15 on ipsec ike pre-shared-key 15 text Rt8pTKGt ipsec ike remote address 15 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 15 tunnel select 16 tunnel encapsulation l2tp ipsec tunnel 16 ipsec sa policy 16 16 esp aes-cbc sha-hmac ipsec ike keepalive use 16 off ipsec ike nat-traversal 16 on ipsec ike pre-shared-key 16 text Rt8pTKGt ipsec ike remote address 16 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 16 tunnel select 17 tunnel encapsulation l2tp ipsec tunnel 17 ipsec sa policy 17 17 esp aes-cbc sha-hmac ipsec ike keepalive use 17 off ipsec ike nat-traversal 17 on ipsec ike pre-shared-key 17 text Rt8pTKGt ipsec ike remote address 17 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 17 tunnel select 18 tunnel encapsulation l2tp ipsec tunnel 18 ipsec sa policy 18 18 esp aes-cbc sha-hmac ipsec ike keepalive use 18 off ipsec ike nat-traversal 18 on ipsec ike pre-shared-key 18 text Rt8pTKGt ipsec ike remote address 18 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 18 tunnel select 19 tunnel encapsulation l2tp ipsec tunnel 19 ipsec sa policy 19 19 esp aes-cbc sha-hmac ipsec ike keepalive use 19 off ipsec ike nat-traversal 19 on ipsec ike pre-shared-key 19 text Rt8pTKGt ipsec ike remote address 19 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 19 tunnel select 20 tunnel encapsulation l2tp ipsec tunnel 20 ipsec sa policy 20 20 esp aes-cbc sha-hmac ipsec ike keepalive use 20 off ipsec ike nat-traversal 20 on ipsec ike pre-shared-key 20 text Rt8pTKGt ipsec ike remote address 20 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 20 tunnel select 21 tunnel encapsulation l2tp ipsec tunnel 21 ipsec sa policy 21 21 esp aes-cbc sha-hmac ipsec ike keepalive use 21 off ipsec ike nat-traversal 21 on ipsec ike pre-shared-key 21 text Rt8pTKGt ipsec ike remote address 21 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 21 tunnel select 22 tunnel encapsulation l2tp ipsec tunnel 22 ipsec sa policy 22 22 esp aes-cbc sha-hmac ipsec ike keepalive use 22 off ipsec ike nat-traversal 22 on ipsec ike pre-shared-key 22 text Rt8pTKGt ipsec ike remote address 22 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 22 tunnel select 23 tunnel encapsulation l2tp ipsec tunnel 23 ipsec sa policy 23 23 esp aes-cbc sha-hmac ipsec ike keepalive use 23 off ipsec ike nat-traversal 23 on ipsec ike pre-shared-key 23 text Rt8pTKGt ipsec ike remote address 23 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 23 tunnel select 24 tunnel encapsulation l2tp ipsec tunnel 24 ipsec sa policy 24 24 esp aes-cbc sha-hmac ipsec ike keepalive use 24 off ipsec ike nat-traversal 24 on ipsec ike pre-shared-key 24 text Rt8pTKGt ipsec ike remote address 24 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 24 tunnel select 25 tunnel encapsulation l2tp ipsec tunnel 25 ipsec sa policy 25 25 esp aes-cbc sha-hmac ipsec ike keepalive use 25 off ipsec ike nat-traversal 25 on ipsec ike pre-shared-key 25 text Rt8pTKGt ipsec ike remote address 25 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 25 tunnel select 26 tunnel encapsulation l2tp ipsec tunnel 26 ipsec sa policy 26 26 esp aes-cbc sha-hmac ipsec ike keepalive use 26 off ipsec ike nat-traversal 26 on ipsec ike pre-shared-key 26 text Rt8pTKGt ipsec ike remote address 26 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 26 tunnel select 27 tunnel encapsulation l2tp ipsec tunnel 27 ipsec sa policy 27 27 esp aes-cbc sha-hmac ipsec ike keepalive use 27 off ipsec ike nat-traversal 27 on ipsec ike pre-shared-key 27 text Rt8pTKGt ipsec ike remote address 27 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 27 tunnel select 28 tunnel encapsulation l2tp ipsec tunnel 28 ipsec sa policy 28 28 esp aes-cbc sha-hmac ipsec ike keepalive use 28 off ipsec ike nat-traversal 28 on ipsec ike pre-shared-key 28 text Rt8pTKGt ipsec ike remote address 28 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 28 tunnel select 29 tunnel encapsulation l2tp ipsec tunnel 29 ipsec sa policy 29 29 esp aes-cbc sha-hmac ipsec ike keepalive use 29 off ipsec ike nat-traversal 29 on ipsec ike pre-shared-key 29 text Rt8pTKGt ipsec ike remote address 29 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 29 tunnel select 30 tunnel encapsulation l2tp ipsec tunnel 30 ipsec sa policy 30 30 esp aes-cbc sha-hmac ipsec ike keepalive use 30 off ipsec ike nat-traversal 30 on ipsec ike pre-shared-key 30 text Rt8pTKGt ipsec ike remote address 30 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 30 tunnel select 31 tunnel encapsulation l2tp ipsec tunnel 31 ipsec sa policy 31 31 esp aes-cbc sha-hmac ipsec ike keepalive use 31 off ipsec ike nat-traversal 31 on ipsec ike pre-shared-key 31 text Rt8pTKGt ipsec ike remote address 31 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 31 tunnel select 32 tunnel encapsulation l2tp ipsec tunnel 32 ipsec sa policy 32 32 esp aes-cbc sha-hmac ipsec ike keepalive use 32 off ipsec ike nat-traversal 32 on ipsec ike pre-shared-key 32 text Rt8pTKGt ipsec ike remote address 32 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 32 ip filter 1 pass 192.168.1.0/24 * * * * ip filter 2 pass 192.168.0.0/24 * * * * ip filter 3 pass 39.110.199.253 * * * * ip filter 9020 reject 192.168.0.0/24 192.168.102.0/24 ip filter 9021 reject 192.168.102.0/24 192.168.0.0/24 ip filter 9022 reject 192.168.1.0/24 192.168.102.0/24 ip filter 9023 reject 192.168.102.0/24 192.168.1.0/24 ip filter 9999 pass * * ip filter 101000 reject 10.0.0.0/8 * * * * ip filter 101001 reject 172.16.0.0/12 * * * * ip filter 101002 reject 192.168.0.0/16 * * * * ip filter 101003 reject 192.168.0.0/24 * * * * ip filter 101010 reject * 10.0.0.0/8 * * * ip filter 101011 reject * 172.16.0.0/12 * * * ip filter 101012 reject * 192.168.0.0/16 * * * ip filter 101013 reject * 192.168.100.0/24 * * * ip filter 101020 reject * * udp,tcp 135 * ip filter 101021 reject * * udp,tcp * 135 ip filter 101022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 101023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 101024 reject * * udp,tcp 445 * ip filter 101025 reject * * udp,tcp * 445 ip filter 101026 restrict * * tcpfin * www,21,nntp ip filter 101027 restrict * * tcprst * www,21,nntp ip filter 101030 pass * 192.168.0.0/24 icmp * * ip filter 101031 pass * 192.168.0.0/24 established * * ip filter 101032 pass * 192.168.0.0/24 tcp * ident ip filter 101033 pass * 192.168.0.0/24 tcp ftpdata * ip filter 101034 pass * 192.168.0.0/24 tcp,udp * domain ip filter 101035 pass * 192.168.0.0/24 udp domain * ip filter 101036 pass * 192.168.0.0/24 udp * ntp ip filter 101037 pass * 192.168.0.0/24 udp ntp * ip filter 101099 pass * * * * * ip filter 101100 pass * 192.168.0.1 udp * 500 ip filter 101101 pass * 192.168.0.1 esp ip filter 101102 pass * 192.168.0.1 udp * 4500 ip filter 101103 pass * 192.168.0.1 udp * 1701 ip filter 102099 pass * 192.168.0.1 udp * 500 ip filter 102100 pass * 192.168.0.1 esp ip filter 102101 pass * 192.168.0.1 udp * 4500 ip filter 102102 pass * 192.168.0.1 udp * 1701 ip filter 111003 reject 192.168.1.0/24 * * * * ip filter 111030 pass * 192.168.1.0/24 icmp * * ip filter 111031 pass * 192.168.1.0/24 established * * ip filter 111032 pass * 192.168.1.0/24 tcp * ident ip filter 111033 pass * 192.168.1.0/24 tcp ftpdata * ip filter 111034 pass * 192.168.1.0/24 tcp,udp * domain ip filter 111035 pass * 192.168.1.0/24 udp domain * ip filter 111036 pass * 192.168.1.0/24 udp * ntp ip filter 111037 pass * 192.168.1.0/24 udp ntp * ip filter 111099 pass * * * * * ip filter 111100 pass * 192.168.1.1 udp * 500 ip filter 111101 pass * 192.168.1.1 esp ip filter 111102 pass * 192.168.1.1 udp * 4500 ip filter 111103 pass * 192.168.1.1 udp * 1701 ip filter 202000 reject 10.0.0.0/8 * * * * ip filter 202001 reject 172.16.0.0/12 * * * * ip filter 202002 reject 192.168.0.0/16 * * * * ip filter 202003 reject 192.168.102.0/24 * * * * ip filter 202010 reject * 10.0.0.0/8 * * * ip filter 202011 reject * 172.16.0.0/12 * * * ip filter 202012 reject * 192.168.0.0/16 * * * ip filter 202013 reject * 192.168.102.0/24 * * * ip filter 202020 reject * * udp,tcp 135 * ip filter 202021 reject * * udp,tcp * 135 ip filter 202022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 202023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 202024 reject * * udp,tcp 445 * ip filter 202025 reject * * udp,tcp * 445 ip filter 202026 restrict * * tcpfin * www,21,nntp ip filter 202027 restrict * * tcprst * www,21,nntp ip filter 202030 pass * 192.168.102.0/24 icmp * * ip filter 202031 pass * 192.168.102.0/24 established * * ip filter 202032 pass * 192.168.102.0/24 tcp * ident ip filter 202033 pass * 192.168.102.0/24 tcp ftpdata * ip filter 202034 pass * 192.168.102.0/24 tcp,udp * domain ip filter 202035 pass * 192.168.102.0/24 udp domain * ip filter 202036 pass * 192.168.102.0/24 udp * ntp ip filter 202037 pass * 192.168.102.0/24 udp ntp * ip filter 202099 pass * * * * * ip filter 500000 restrict * * * * * ip filter dynamic 101080 * * ftp ip filter dynamic 101081 * * domain ip filter dynamic 101082 * * www ip filter dynamic 101083 * * smtp ip filter dynamic 101084 * * pop3 ip filter dynamic 101085 * * submission ip filter dynamic 101098 * * tcp ip filter dynamic 101099 * * udp ip filter dynamic 202080 * * ftp ip filter dynamic 202081 * * domain ip filter dynamic 202082 * * www ip filter dynamic 202083 * * smtp ip filter dynamic 202084 * * pop3 ip filter dynamic 202085 * * submission ip filter dynamic 202098 * * tcp ip filter dynamic 202099 * * udp nat descriptor type 200 masquerade nat descriptor address outer 200 39.110.199.253 nat descriptor address inner 200 192.168.1.1-192.168.1.254 192.168.0.1-192.168.0.254 39.110.199.253 nat descriptor masquerade static 200 1 192.168.0.1 udp 500 nat descriptor masquerade static 200 2 192.168.0.1 esp nat descriptor masquerade static 200 3 192.168.0.1 udp 4500 nat descriptor masquerade static 200 4 192.168.0.1 udp 1701 nat descriptor type 300 masquerade nat descriptor address outer 300 primary nat descriptor address inner 300 192.168.102.1-192.168.102.254 192.168.0.1 nat descriptor masquerade static 300 1 192.168.0.1 udp 500 nat descriptor masquerade static 300 2 192.168.0.1 esp nat descriptor masquerade static 300 3 192.168.0.1 udp 4500 nat descriptor masquerade static 300 4 192.168.0.1 udp 1701 ipsec auto refresh on ipsec transport 1 1 udp 1701 ipsec transport 2 2 udp 1701 ipsec transport 3 3 udp 1701 ipsec transport 4 4 udp 1701 ipsec transport 5 5 udp 1701 ipsec transport 6 6 udp 1701 ipsec transport 7 7 udp 1701 ipsec transport 8 8 udp 1701 ipsec transport 9 9 udp 1701 ipsec transport 10 10 udp 1701 ipsec transport 11 11 udp 1701 ipsec transport 12 12 udp 1701 ipsec transport 13 13 udp 1701 ipsec transport 14 14 udp 1701 ipsec transport 15 15 udp 1701 ipsec transport 16 16 udp 1701 ipsec transport 17 17 udp 1701 ipsec transport 18 18 udp 1701 ipsec transport 19 19 udp 1701 ipsec transport 20 20 udp 1701 ipsec transport 21 21 udp 1701 ipsec transport 22 22 udp 1701 ipsec transport 23 23 udp 1701 ipsec transport 24 24 udp 1701 ipsec transport 25 25 udp 1701 ipsec transport 26 26 udp 1701 ipsec transport 27 27 udp 1701 ipsec transport 28 28 udp 1701 ipsec transport 29 29 udp 1701 ipsec transport 30 30 udp 1701 ipsec transport 31 31 udp 1701 ipsec transport 32 32 udp 1701 syslog notice on syslog debug off tftp host any dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 192.168.0.2-192.168.0.191/24 gateway 192.168.0.1 dhcp scope 2 192.168.1.2-192.168.1.191/24 gateway 192.168.1.1 dhcp scope 3 192.168.102.1-192.168.102.191/24 gateway 192.168.102.1 dhcp scope option 1 dns=8.8.8.8,8.8.4.4 dhcp scope option 2 dns=192.168.1.1,8.8.8.8,8.8.4.4 dhcp scope option 3 dns=8.8.8.8,8.8.4.4 dns host lan1 lan1/1 lan1/2 dns service recursive dns server 1.1.1.1 8.8.8.8 8.8.4.4 dns private address spoof on dns notice order dhcp server dns notice order msext server dns static a shared-event-develop.timetreeapp.com 192.168.1.204 dns static a shared-event-develop-admin.timetreeapp.com 192.168.1.204 dns static a shared-event-develop-api.timetreeapp.com 192.168.1.204 dns static a shared-event-develop.timetr.ee 192.168.1.204 dns static a bluemountain.corp.jubilee.works 192.168.1.204 dns static a frontend-ref.corp.jubilee.works 192.168.1.200 dns static a jenkins.corp.jubilee.works 192.168.1.204 dns static a stats.corp.jubilee.works 192.168.1.204 dns static a tools.corp.jubilee.works 192.168.1.204 schedule at 2 */* 00:00:00 * ntpdate ntp.nict.jp syslog l2tp service on httpd host 192.168.0.1-192.168.0.254 192.168.1.1-192.168.1.254 statistics traffic on statistics nat on ap select lan1:1 ap config filename lan1_1.conf set LUA_PATH="./\?.lua;" set PP4=stud:TF5A66TPMQTW6GZD