Total Config size 11267:
set auth type 0
set auth timeout 10
set clock zone 0
set admin format dos
set admin name "netscreen"
set admin sys-ip 0.0.0.0
set admin auth timeout 0
set admin auth type Local
set admin device-reset
set log module system level emergency destination console
set log module system level alert destination console
set log module system level critical destination console
set log module system level error destination console
set log module system level warning destination console
set log module system level notification destination console
set log module system level information destination console
set log module system level debugging destination console
set ip tftp retry 10
set ip tftp timeout 2
set interface trust ip 10.209.0.1 255.255.0.0
set interface trust route
set interface untrust ip 192.70.106.209 255.255.255.192
set interface trust manage ping
set interface trust manage scs
set interface trust manage telnet
set interface trust manage snmp
set interface trust manage global
unset interface trust manage global-pro
set interface trust manage ssl
set interface trust manage web
set interface trust ident-reset
set interface untrust manage ping
unset interface untrust manage scs
unset interface untrust manage telnet
unset interface untrust manage snmp
unset interface untrust manage global
unset interface untrust manage global-pro
set interface untrust manage ssl
unset interface untrust manage web
unset interface untrust ident-reset
set interface DMZ manage ping
unset interface DMZ manage scs
unset interface DMZ manage telnet
unset interface DMZ manage snmp
unset interface DMZ manage global
unset interface DMZ manage global-pro
unset interface DMZ manage ssl
unset interface DMZ manage web
unset interface DMZ ident-reset
set flow mac-flooding
set flow check-session
set console timeout 0
set domain ipsec2001.hsc.fr
set hostname netscreen
set url msg-type 0
set url cache enable
set address untrust "6WIND" 10.196.0.0 255.255.0.0
set address untrust "Cisco PIX" 10.198.0.0 255.255.0.0
set address untrust "Cisco VPN 3000" 10.199.0.0 255.255.0.0
set address untrust "OpenBSD" 10.200.0.0 255.255.0.0
set address untrust "Netcelo" 10.201.0.0 255.255.0.0
set address untrust "Cisco IOS" 10.202.0.0 255.255.0.0
set address untrust "FreeS/WAN" 10.205.0.0 255.255.0.0
set address untrust "Netasq" 10.207.0.0 255.255.0.0
set address untrust "idealx" 10.211.0.0 255.255.0.0
set address untrust "Nortel" 10.213.0.0 255.255.0.0
set address trust "interne" 10.209.0.0 255.255.0.0
set address trust "Local" 10.209.0.0 255.255.0.0
set syn-threshold 200
set firewall tear-drop
set firewall syn-flood
set firewall ip-spoofing
set firewall ping-of-death
set firewall src-route
set firewall land
unset firewall icmp-flood
unset firewall udp-flood
unset firewall winnuke
unset firewall port-scan
unset firewall ip-sweep
unset firewall applet
unset firewall bypass-others-ipsec
unset firewall bypass-non-ip
set firewall port-scan threshold 5000
set firewall log-self
unset firewall session-threshold source-ip-based
set snmp name "netscreen"
set firewall port-scan threshold 5000
set traffic-shaping ip_precedence 7 6 5 4 3 2 1 0
set user "hsc" ike-id fqdn "hsc" share-limit 1
set user "hsc" type  ike
set user "hsc" "enable"
set ike p1-proposal "rsa-g5-3des-sha" RSA-sig Group5 esp 3DES SHA hour 8
set ike gateway "6WIND" ip 192.70.106.196 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "6WIND" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "6WIND" cert peer-cert-type x509-sig
set ike gateway "6WIND" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "6WIND" nat-traversal
set ike gateway "Cisco IOS" ip 192.70.106.202 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "Cisco IOS" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "Cisco IOS" cert peer-cert-type x509-sig
set ike gateway "Cisco IOS" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "Cisco IOS" nat-traversal
set ike gateway "Cisco PIX" ip 192.70.106.198 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "Cisco PIX" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "Cisco PIX" cert peer-cert-type x509-sig
set ike gateway "Cisco PIX" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "Cisco PIX" nat-traversal
set ike gateway "Cisco VPN 3000" ip 192.70.106.199 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "Cisco VPN 3000" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "Cisco VPN 3000" cert peer-cert-type x509-sig
set ike gateway "Cisco VPN 3000" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "Cisco VPN 3000" nat-traversal
set ike gateway "FreeS/WAN" ip 192.70.106.205 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "FreeS/WAN" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "FreeS/WAN" cert peer-cert-type x509-sig
set ike gateway "FreeS/WAN" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "FreeS/WAN" nat-traversal
set ike gateway "Netasq" ip 192.70.106.207 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g5-3des-sha" "rsa-g2-3des-sha"
set ike gateway "Netasq" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "Netasq" cert peer-cert-type x509-sig
set ike gateway "Netasq" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "Netasq" nat-traversal
set ike gateway "Netcelo" ip 192.70.106.201 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "Netcelo" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "Netcelo" cert peer-cert-type x509-sig
set ike gateway "Netcelo" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "Netcelo" nat-traversal
set ike gateway "Nortel" ip 192.70.106.213 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "Nortel" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "Nortel" cert peer-cert-type x509-sig
set ike gateway "Nortel" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "Nortel" nat-traversal
set ike gateway "OpenBSD" ip 192.70.106.200 Main local-id "netscreen.ipsec2001.hsc.fr"  proposal "rsa-g2-3des-sha"
set ike gateway "OpenBSD" cert my-cert-hash FB5B58B34DC25F826C98CA1E4505B47A8B857604
set ike gateway "OpenBSD" cert peer-cert-type x509-sig
set ike gateway "OpenBSD" cert peer-ca-hash FA580FF77635A763FDC47E47CA7DB752BEEF18F3
unset ike gateway "OpenBSD" nat-traversal
set ike policy-checking
set ike respond-bad-spi 1
set vpn "6WIND" id 1 gateway "6WIND" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "Cisco IOS" id 2 gateway "Cisco IOS" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "Cisco PIX" id 3 gateway "Cisco PIX" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "Cisco VPN 3000" id 4 gateway "Cisco VPN 3000" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "FreeS/WAN" id 5 gateway "FreeS/WAN" replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "Netasq" id 6 gateway "Netasq" no-replay tunnel idletime 0 proposal "nopfs-esp-aes128-sha"  "nopfs-esp-3des-sha" 
set vpn "Netcelo" id 7 gateway "Netcelo" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "Nortel" id 8 gateway "Nortel" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "OpenBSD" id 9 gateway "OpenBSD" no-replay tunnel idletime 0 proposal "nopfs-esp-aes128-sha"  "nopfs-esp-3des-sha" 
set ike id-mode subnet
set l2tp default auth local
set l2tp default ppp-auth any
set l2tp default radius-port 1645
set route 10.196.0.0 255.255.0.0 interface untrust gateway 192.70.106.196 metric 1
set route 10.202.0.0 255.255.0.0 interface untrust gateway 192.70.106.202 metric 1
set route 10.198.0.0 255.255.0.0 interface untrust gateway 192.70.106.198 metric 1
set route 10.199.0.0 255.255.0.0 interface untrust gateway 192.70.106.199 metric 1
set route 10.205.0.0 255.255.0.0 interface untrust gateway 192.70.106.205 metric 1
set route 10.207.0.0 255.255.0.0 interface untrust gateway 192.70.106.207 metric 1
set route 10.201.0.0 255.255.0.0 interface untrust gateway 192.70.106.201 metric 1
set route 10.213.0.0 255.255.0.0 interface untrust gateway 192.70.106.213 metric 1
set route 10.200.0.0 255.255.0.0 interface untrust gateway 192.70.106.200 metric 1
set route 10.211.0.0 255.255.0.0 interface untrust gateway 192.70.106.211 metric 1
set policy id 0 outgoing "Local" "6WIND" "ANY" Tunnel vpn "6WIND" id 26 log count 
set policy id 1 incoming "6WIND" "Local" "ANY" Tunnel vpn "6WIND" id 26 log count 
set policy id 2 outgoing "Local" "Cisco PIX" "ANY" Tunnel vpn "Cisco PIX" id 27 log count 
set policy id 3 incoming "Cisco PIX" "Local" "ANY" Tunnel vpn "Cisco PIX" id 27 log count 
set policy id 4 outgoing "Local" "Cisco VPN 3000" "ANY" Tunnel vpn "Cisco VPN 3000" id 28 log count 
set policy id 5 incoming "Cisco VPN 3000" "Local" "ANY" Tunnel vpn "Cisco VPN 3000" id 28 log count 
set policy id 6 outgoing "Local" "OpenBSD" "ANY" Tunnel vpn "OpenBSD" id 29 log count 
set policy id 7 incoming "OpenBSD" "Local" "ANY" Tunnel vpn "OpenBSD" id 29 log count 
set policy id 8 outgoing "Local" "Netcelo" "ANY" Tunnel vpn "Netcelo" id 30 log count 
set policy id 9 incoming "Netcelo" "Local" "ANY" Tunnel vpn "Netcelo" id 30 log count 
set policy id 10 outgoing "Local" "Cisco IOS" "ANY" Tunnel vpn "Cisco IOS" id 31 log count 
set policy id 11 incoming "Cisco IOS" "Local" "ANY" Tunnel vpn "Cisco IOS" id 31 log count 
set policy id 12 outgoing "Local" "FreeS/WAN" "ANY" Tunnel vpn "FreeS/WAN" id 25 log count 
set policy id 13 incoming "FreeS/WAN" "Local" "ANY" Tunnel vpn "FreeS/WAN" id 25 log count 
set policy id 14 outgoing "Local" "Netasq" "ANY" Tunnel vpn "Netasq" id 32 log count 
set policy id 15 incoming "Netasq" "Local" "ANY" Tunnel vpn "Netasq" id 32 log count 
set policy id 18 outgoing "Local" "Nortel" "ANY" Tunnel vpn "Nortel" id 33 log count 
set policy id 21 outgoing "Inside Any" "Outside Any" "HTTP" nat Permit 
set policy id 19 incoming "Nortel" "Local" "ANY" Tunnel vpn "Nortel" id 33 log count 
set ha track threshold 255
set scs enable
set pki x509 default cert-path partial
set pki x509 dn country-name "fr"
set pki x509 dn state-name "france"
set pki x509 dn org-name "snaiso"
set pki x509 dn org-unit-name "tech"
set pki x509 dn name "netscreen100"
set pki x509 dn email "rgu@snaiso.com"
set pki x509 dn ip "192.70.106.209"
set pki x509 default crl-refresh "default"
set ssl cert-hash "FB5B58B34DC25F826C98CA1E4505B47A8B857604" 
set dns host dns1 192.70.106.200
set dns host schedule 00:05