interfaces {
ethernet eth0 {
address 15.106.113.110/29
description "Cust: 121-Bridgewater [810Mbit] (Internet:Cox)"
duplex full
smp-affinity auto
speed 1000
}
ethernet eth1 {
address 172.30.1.1/24
description "Cust: 121-Bridgewater (Local LAN: n/a n/a)"
duplex full
smp-affinity auto
speed 1000
}
ethernet eth2 {
address 156.74.128.237/29
description "Cust: 121-Bridgewater [20Mbit] (Internet:INAP)"
duplex full
smp-affinity auto
speed 100
}
ethernet eth3 {
description SHUTDOWN
disable
duplex auto
smp-affinity auto
speed auto
}
loopback lo {
address 192.168.11.127/32
}
vti vti0 {
address 192.168.11.1/30
description "Cust: 121-Bridgewater (CH1 chi1-opaq-pan-a)"
ip {
ospf {
cost 5
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
}
vti vti1 {
address 192.168.11.129/30
description "Cust: 121-Bridgewater (CH1 chi1-opaq-pan-a)"
ip {
ospf {
cost 10
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
}
}
policy {
prefix-list local-lan {
rule 10 {
action permit
prefix 172.30.1.0/24
}
}
prefix-list static-routes {
rule 10 {
action permit
prefix 192.168.10.0/24
}
}
route-map redist-static {
rule 10 {
action permit
match {
ip {
address {
prefix-list static-routes
}
}
}
}
}
route-map redist-local-connected {
rule 10 {
action permit
match {
ip {
address {
prefix-list local-lan
}
}
}
}
}
}
protocols {
ospf {
area 0.0.0.0 {
network 192.168.11.127/32
network 192.168.11.0/30
network 192.168.11.128/30
}
log-adjacency-changes {
}
neighbor 192.168.11.2 {
poll-interval 60
priority 0
}
neighbor 192.168.11.130 {
poll-interval 60
priority 0
}
parameters {
abr-type cisco
router-id 192.168.11.127
}
redistribute {
connected {
metric-type 2
route-map redist-local-connected
}
static {
metric-type 2
route-map redist-static
}
}
}
static {
route 74.123.203.1/32 {
next-hop 15.106.113.105 {
}
}
route 74.123.203.2/32 {
next-hop 156.74.128.238 {
}
}
route 74.123.206.4/32 {
next-hop 156.74.128.238 {
distance 5
}
}
route 192.168.10.0/24 {
next-hop 172.30.1.2 {
}
}
}
}
service {
ssh {
listen-address 15.106.113.110
listen-address 156.74.128.237
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name 121-Bridgewater-Westport-1
login {
user customer-backup {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
user snoc {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server time1.google.com {
}
server time2.google.com {
}
server time3.google.com {
}
server time4.google.com {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
esp-group default {
compression disable
lifetime 3600
mode tunnel
pfs dh-group14
proposal 1 {
encryption aes256
hash sha256
}
}
ike-group default {
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 14
encryption aes256
hash sha256
}
}
ipsec-interfaces {
interface eth0
interface eth2
}
logging {
log-level 1
log-modes any
}
nat-traversal enable
site-to-site {
peer 74.123.203.1 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
remote-id 74.123.203.1
}
connection-type initiate
default-esp-group default
ike-group default
ikev2-reauth inherit
local-address 15.106.113.110
vti {
bind vti0
esp-group default
}
}
peer 74.123.203.2 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
remote-id 74.123.203.2
}
connection-type initiate
default-esp-group default
ike-group default
ikev2-reauth inherit
local-address 156.74.128.237
vti {
bind vti1
esp-group default
}
}
}
}
}