Juniper Netscreen Dialup VPN+Firewall configuration

set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set clock "timezone" 0 set admin format dos set admin name "netscreen" set admin password nKVUM2rwMUzPcrkG5sWIHdCtqkAibn set admin auth timeout 120 set admin auth server "Local" set vrouter trust-vr sharable unset vrouter "trust-vr" auto-route-export set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "DMZ" tcp-rst set zone "MGT" block set zone "MGT" tcp-rst set zone Untrust screen tear-drop set zone Untrust screen syn-flood set zone Untrust screen ping-death set zone Untrust screen ip-filter-src set zone Untrust screen land set zone V1-Untrust screen tear-drop set zone V1-Untrust screen syn-flood set zone V1-Untrust screen ping-death set zone V1-Untrust screen ip-filter-src set zone V1-Untrust screen land set interface "trust" zone "Trust" set interface "DMZ" zone "DMZ" set interface "untrust" zone "Untrust" set interface vlan1 ip 192.168.1.1/24 set interface trust ip 192.168.1.1/24 set interface trust nat set interface DMZ ip 192.168.4.1/24 set interface DMZ route set interface untrust ip 192.168.16.195/24 set interface untrust route unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface vlan1 ip manageable set interface trust ip manageable set interface DMZ ip manageable set interface untrust ip manageable set interface DMZ manage telnet set interface DMZ manage snmp set interface DMZ manage ssl set interface DMZ manage web set interface untrust manage ping set interface untrust manage telnet set interface untrust manage web set interface "DMZ" webauth set address "Trust" "sony" 192.168.1.0 255.255.255.0 set address "Untrust" "192.168.3.0/24" 192.168.3.0 255.255.255.0 set address "Untrust" "sony1" 192.168.2.5 255.255.255.0 set address "DMZ" "192.168.4.0/24" 192.168.4.0 255.255.255.0 set snmp name "ns100" set user "user01" uid 1 set user "user01" ike-id u-fqdn "user01@test.com" share-limit 1 set user "user01" type ike set user "user01" "enable" set user "user02" uid 2 set user "user02" ike-id u-fqdn "user02@test.com" share-limit 1 set user "user02" type ike set user "user02" "enable" set user "user03" uid 3 set user "user03" ike-id u-fqdn "user03@test.com" share-limit 1 set user "user03" type ike set user "user03" "enable" set user "user04" uid 4 set user "user04" ike-id u-fqdn "user04@test.com" share-limit 1 set user "user04" type ike set user "user04" "enable" set user-group "dialup-user" id 1 set user-group "dialup-user" user "user01" set user-group "dialup-user" user "user02" set user-group "dialup-user" user "user03" set user-group "dialup-user" user "user04" set ike gateway "DLVPNgateway" ip 0.0.0.0 id "test" Aggr outgoing-interface "untrust" preshare "netscreen" proposal "pre-g2-des-md5" unset ike gateway "DLVPNgateway" nat-traversal set ike gateway "sz-1" ip 0.0.0.0 id "test1" Aggr outgoing-interface "untrust" preshare "netscreen" proposal "pre-g2-des-md5" unset ike gateway "sz-1" nat-traversal set ike gateway "dialup-gateway" dialup "dialup-user" Aggr outgoing-interface "untrust" preshare "netscreen" proposal "pre-g2-des-md5" unset ike gateway "dialup-gateway" nat-traversal set ike policy-checking set ike respond-bad-spi 1 set vpn "sony-192.168.2.5" id 1 manual 3001 3001 gateway 1.1.1.2 outgoing-interface "untrust" esp des password netscreen auth sha-1 password netscreen set vpn "antaivpn" id 2 manual 3002 3002 gateway 1.1.1.3 outgoing-interface "untrust" esp des password netscreen auth sha-1 password netscreen set vpn "DaLian-BeiJing" id 3 gateway "DLVPNgateway" no-replay tunnel idletime 0 proposal "g2-esp-des-md5" set vpn "DaLian-BeiJing" monitor set vpn "sz-2" id 5 gateway "sz-1" replay tunnel idletime 0 proposal "g2-esp-des-md5" set vpn "sz-2" monitor set vpn "dialup-ike" id 7 gateway "dialup-gateway" no-replay tunnel idletime 0 proposal "g2-esp-des-md5" set ike id-mode subnet set xauth lifetime 480 set xauth default auth server Local set policy id 13 from "Untrust" to "Trust" "Dial-Up VPN" "sony" "ANY" Tunnel vpn "dialup-ike" id 8 set policy id 12 from "Untrust" to "Trust" "sony1" "sony" "ANY" Tunnel vpn "sz-2" id 6 pair-policy 11 set policy id 11 from "Trust" to "Untrust" "sony" "sony1" "ANY" Tunnel vpn "sz-2" id 6 pair-policy 12 set policy id 10 name "Created by policy wizard" from "Trust" to "Untrust" "Any" "Any" "ANY" Permit set policy id 9 name "Created by policy wizard" from "Trust" to "Untrust" "Any" "Any" "SSH" Permit set policy id 8 name "Created by policy wizard" from "Trust" to "Untrust" "Any" "Any" "FTP" Permit set policy id 7 name "Created by policy wizard" from "Trust" to "Untrust" "Any" "Any" "HTTPS" Permit set policy id 6 name "Created by policy wizard" from "Trust" to "Untrust" "Any" "Any" "HTTP" Permit set policy id 5 name "Created by policy wizard" from "Trust" to "Untrust" "Any" "Any" "DNS" Permit set policy id 0 from "DMZ" to "Untrust" "192.168.4.0/24" "192.168.3.0/24" "ANY" Tunnel vpn "DaLian-BeiJing" id 4 pair-policy 1 set policy id 1 from "Untrust" to "DMZ" "192.168.3.0/24" "192.168.4.0/24" "ANY" Tunnel vpn "DaLian-BeiJing" id 4 pair-policy 0 set policy id 4 from "DMZ" to "Untrust" "Any" "Any" "ANY" Permit set global-pro policy-manager primary outgoing-interface untrust set global-pro policy-manager secondary outgoing-interface untrust set nsrp interface DMZ set pki authority default scep mode "auto" set pki x509 default cert-path partial set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 192.168.3.0/24 interface untrust gateway 192.168.16.181 set route 0.0.0.0/0 interface untrust gateway 192.168.16.1 exit