Created
January 21, 2018 12:09
-
-
Save 328/bfde0276ebe19e7389ecc65105b01698 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config vpn ipsec phase1-interface | |
| edit <<ID>>-0 | |
| set interface "wan1" | |
| set dpd on-idle | |
| set local-gw 192.168.179.2 | |
| set dhgrp 2 | |
| set proposal aes128-sha1 | |
| set keylife 28800 | |
| set remote-gw <<Remote-Global-IP-0>> | |
| set psksecret <<Secret-Key-0>> | |
| set dpd-retryinterval 10 | |
| next | |
| end | |
| config vpn ipsec phase2-interface | |
| edit "<<ID>>-0" | |
| set phase1name "<<ID>>-0" | |
| set proposal aes128-sha1 | |
| set dhgrp 2 | |
| set pfs enable | |
| set keylifeseconds 3600 | |
| next | |
| end | |
| config system interface | |
| edit "<<ID>>-0" | |
| set ip <<Tunnel-Local-IP-0>> 255.255.255.255 | |
| set allowaccess ping | |
| set type tunnel | |
| set tcp-mss 1379 | |
| set remote-ip <<Tunnel-Remote-IP-0>> | |
| set interface "wan1" | |
| next | |
| end | |
| config router bgp | |
| set as 65000 | |
| config neighbor | |
| edit <<BGP-Neighbor-IP-0>> | |
| set remote-as <<BGP-Remote-AS>> | |
| set capability-default-originate enable | |
| next | |
| end | |
| config network | |
| edit 1 | |
| set prefix 192.168.0.0 255.255.0.0 | |
| next | |
| end | |
| set router-id 192.168.179.2 | |
| end | |
| config firewall policy | |
| edit 5 | |
| set srcintf "<<ID>>-0" | |
| set dstintf internal | |
| set srcaddr all | |
| set dstaddr all | |
| set action accept | |
| set schedule always | |
| set service ALL | |
| next | |
| end | |
| config firewall policy | |
| edit 6 | |
| set srcintf internal | |
| set dstintf "<<ID>>-0" | |
| set srcaddr all | |
| set dstaddr all | |
| set action accept | |
| set schedule always | |
| set service ALL | |
| next | |
| end | |
| config vpn ipsec phase1-interface | |
| edit <<ID>>-1 | |
| set interface "wan1" | |
| set dpd on-idle | |
| set local-gw 192.168.179.2 | |
| set dhgrp 2 | |
| set proposal aes128-sha1 | |
| set keylife 28800 | |
| set remote-gw <<Remote-Global-IP-1>> | |
| set psksecret <<Secret-Key-1>> | |
| set dpd-retryinterval 10 | |
| next | |
| end | |
| config vpn ipsec phase2-interface | |
| edit "<<ID>>-1" | |
| set phase1name "<<ID>>-1" | |
| set proposal aes128-sha1 | |
| set dhgrp 2 | |
| set pfs enable | |
| set keylifeseconds 3600 | |
| next | |
| end | |
| config system interface | |
| edit "<<ID>>-1" | |
| set ip <<Tunnel-Local-IP-1>> 255.255.255.255 | |
| set allowaccess ping | |
| set type tunnel | |
| set tcp-mss 1379 | |
| set remote-ip <<Tunnel-Remote-IP-1>> | |
| set interface "wan1" | |
| next | |
| end | |
| config router bgp | |
| set as 65000 | |
| config neighbor | |
| edit <<BGP-Neighbor-IP-1>> | |
| set remote-as <<BGP-Remote-AS>> | |
| set capability-default-originate enable | |
| next | |
| end | |
| config network | |
| edit 1 | |
| set prefix 192.168.0.0 255.255.0.0 | |
| next | |
| end | |
| set router-id 192.168.179.2 | |
| end | |
| config firewall policy | |
| edit 7 | |
| set srcintf "<<ID>>-1" | |
| set dstintf internal | |
| set srcaddr all | |
| set dstaddr all | |
| set action accept | |
| set schedule always | |
| set service ALL | |
| next | |
| end | |
| config firewall policy | |
| edit 8 | |
| set srcintf internal | |
| set dstintf "<<ID>>-1" | |
| set srcaddr all | |
| set dstaddr all | |
| set action accept | |
| set schedule always | |
| set service ALL | |
| next | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment