set clock ntp
set clock timezone 1
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set service "port 5900" protocol tcp src-port 0-65535 dst-port 5900-5900 
set service "port 79" protocol tcp src-port 0-65535 dst-port 79-79 
set service "port 81" protocol tcp src-port 0-65535 dst-port 81-81 
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "nDWLK8rvHxjBc/GKLs1I57EtAuPiQn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "MGT" block 
set zone "DMZ" tcp-rst 
set zone "VLAN" block 
set zone "VLAN" tcp-rst 
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Untrust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Trust"
set interface "ethernet4" zone "Trust"
unset interface vlan1 ip
set interface ethernet1 ip 212.43.216.23/24
set interface ethernet1 route
set interface ethernet2 ip 212.43.244.150/28
set interface ethernet2 route
set interface ethernet3 ip 192.42.42.201/24
set interface ethernet3 nat
set interface ethernet4 ip 192.168.2.2/24
set interface ethernet4 nat
set interface ethernet1 gateway 212.43.216.1
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set interface ethernet2 ip manageable
set interface ethernet3 ip manageable
set interface ethernet4 ip manageable
set interface ethernet1 manage ping
set interface ethernet1 manage ssh
set interface ethernet1 manage telnet
set interface ethernet1 manage web
set hostname ns25
set address "Trust" "trust1" 192.42.42.0 255.255.255.0
set address "Trust" "trust2" 192.168.2.0 255.255.255.0
set address "Trust" "trust2 vpn 192.168.2.1" 192.168.2.1 255.255.255.255
set address "Untrust" "Carte blanche Sdsl lan" 192.42.41.0 255.255.255.0
set address "Untrust" "Carte blanche Sdsl wan" 62.240.242.138 255.255.255.255
set address "Untrust" "claranet noc" 212.43.195.0 255.255.255.0
set address "Untrust" "Towercast Cisco 831 lan" 192.168.0.0 255.255.255.0
set address "Untrust" "Towercast Cisco 831 wan Rnis" 212.43.197.203 255.255.255.255
set address "Untrust" "Towercast Cisco 831 wan Sdsl" 62.240.242.139 255.255.255.255
set address "DMZ" "212.43.244.145" 212.43.244.145 255.255.255.255
set address "DMZ" "212.43.244.154" 212.43.244.154 255.255.255.255
set address "DMZ" "212.43.244.155" 212.43.244.155 255.255.255.255
set address "DMZ" "212.43.244.156" 212.43.244.156 255.255.255.255
set address "DMZ" "212.43.244.157" 212.43.244.157 255.255.255.255
set address "DMZ" "212.43.244.158" 212.43.244.158 255.255.255.255
set address "DMZ" "switch" 212.43.244.146 255.255.255.255
set ike p1-proposal "pre-g2-3des-sha cisco1712" preshare group2 esp 3des sha-1 minute 3
set ike gateway "Gw Carte blache Sdsl Claranet" address 62.240.242.138 Main outgoing-interface "ethernet1" preshare "PfFIGs8zNjzYa/sNj1Cf97tSJEnl0thLqA==" proposal "rsa-g2-3des-sha" "pre-g2-3des-md5"
set ike gateway "Gw Towercast Sdsl Claranet" address 62.240.242.139 Main outgoing-interface "ethernet1" preshare "g19GwkDwNHYvGzsjRxCIj9UKALnYWqyjeA==" proposal "pre-g2-3des-sha cisco1712"
set ike gateway "Gw Towercast Rnis Claranet" address 212.43.197.203 Main outgoing-interface "ethernet1" preshare "znpfodsaNy50A4sLdECXyGxwcgny2fwJXw==" proposal "pre-g2-3des-sha"
set ike gateway "Gw Towercast Rnis Claranet" cert peer-ca all
set ike respond-bad-spi 1
set vpn "Vpn to Carte Blanche Sdsl Clara" gateway "Gw Carte blache Sdsl Claranet" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5"  "g2-esp-3des-md5" 
set vpn "Gw Towercast Sdsl Claranet" gateway "Gw Towercast Sdsl Claranet" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "Gw Towercast Rnis Claranet" gateway "Gw Towercast Rnis Claranet" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set policy id 1 from "Untrust" to "Trust"  "Carte blanche Sdsl lan" "trust1" "ANY" tunnel vpn "Vpn to Carte Blanche Sdsl Clara" id 1 pair-policy 2 
set policy id 2 from "Trust" to "Untrust"  "trust1" "Carte blanche Sdsl lan" "ANY" tunnel vpn "Vpn to Carte Blanche Sdsl Clara" id 1 pair-policy 1 
set policy id 6 from "DMZ" to "Untrust"  "Any" "Any" "ANY" permit 
set policy id 11 from "Untrust" to "DMZ"  "Any" "212.43.244.154" "HTTPS" permit 
set policy id 11
set dst-address "212.43.244.155"
set dst-address "212.43.244.156"
set dst-address "212.43.244.157"
set dst-address "212.43.244.158"
exit
set policy id 13 from "Untrust" to "DMZ"  "claranet noc" "switch" "TELNET" permit 
set policy id 14 from "DMZ" to "Trust"  "Any" "Any" "ANY" permit 
set policy id 15 from "Trust" to "DMZ"  "Any" "Any" "ANY" permit 
set policy id 16 from "Untrust" to "DMZ"  "Any" "212.43.244.145" "DNS" permit 
set policy id 16
set service "FTP"
set service "HTTP"
set service "HTTPS"
set service "port 5900"
set service "port 79"
set service "port 81"
exit
set policy id 17 from "Untrust" to "DMZ"  "Any" "212.43.244.154" "port 5900" permit 
set policy id 17
set dst-address "212.43.244.155"
set dst-address "212.43.244.156"
set dst-address "212.43.244.157"
set dst-address "212.43.244.158"
exit
set policy id 20 from "Untrust" to "DMZ"  "Any" "212.43.244.145" "SSH" permit 
set policy id 21 from "Untrust" to "Trust"  "Towercast Cisco 831 lan" "trust2 vpn 192.168.2.1" "ANY" tunnel vpn "Gw Towercast Sdsl Claranet" id 18 pair-policy 22 
set policy id 22 from "Trust" to "Untrust"  "trust2 vpn 192.168.2.1" "Towercast Cisco 831 lan" "ANY" tunnel vpn "Gw Towercast Sdsl Claranet" id 18 pair-policy 21 
set policy id 23 from "Untrust" to "Trust"  "Towercast Cisco 831 lan" "trust2 vpn 192.168.2.1" "ANY" tunnel vpn "Gw Towercast Rnis Claranet" id 29 pair-policy 24 
set policy id 24 from "Trust" to "Untrust"  "trust2 vpn 192.168.2.1" "Towercast Cisco 831 lan" "ANY" tunnel vpn "Gw Towercast Rnis Claranet" id 29 pair-policy 23 
set ssh version v2
set config lock timeout 5
set ntp server "212.43.194.2"
set ntp server backup1 "0.0.0.0"
set ntp server backup2 "0.0.0.0"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit