Scribd
Upload
14 views3 pages

Juniper

Uploaded by

WasimulHaq Waimul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
14 views3 pages

Juniper

Uploaded by

WasimulHaq Waimul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

syntax error, expecting <command>.

root# run show configuration | display set


set version 20.2R3-S2.5
set system root-authentication encrypted-password
"$6$SMmZeXaO$LAAAeXrDHr4bNt.RU9rnQfWxADzm6cxlWECuvHCuaIUtx2ZaQw4QhX/
1Eml6RUdfvSHTQOg6lWwgTUpWB9B920"
set system services
set security ike proposal IKE-PROPOSAL authentication-method pre-shared-keys
set security ike proposal IKE-PROPOSAL dh-group group2
set security ike proposal IKE-PROPOSAL authentication-algorithm md5
set security ike proposal IKE-PROPOSAL encryption-algorithm 3des-cbc
set security ike proposal IKE-PROPOSAL lifetime-seconds 28800
set security ike policy IKE-POLICY mode main
set security ike policy IKE-POLICY proposals IKE-PROPOSAL
set security ike policy IKE-POLICY pre-shared-key ascii-text
"$9$a9ZGj.mT69pDi6Apu1INdVYaZGUi.mToJ5F"
set security ike gateway CISCO-1 ike-policy IKE-POLICY
set security ike gateway CISCO-1 address 5.5.5.1
set security ike gateway CISCO-1 local-identity inet 16.16.16.2
set security ike gateway CISCO-1 external-interface ge-0/0/0.0
set security ipsec proposal IPSEC-PROPOSAL protocol esp
set security ipsec proposal IPSEC-PROPOSAL authentication-algorithm hmac-md5-96
set security ipsec proposal IPSEC-PROPOSAL encryption-algorithm 3des-cbc
set security ipsec proposal IPSEC-PROPOSAL lifetime-seconds 3600
set security ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group2
set security ipsec policy IPSEC-POLICY proposals IPSEC-PROPOSAL
set security ipsec vpn CISCO-1 bind-interface st0.0
set security ipsec vpn CISCO-1 ike gateway CISCO-1
set security ipsec vpn CISCO-1 ike ipsec-policy IPSEC-POLICY
set security ipsec vpn CISCO-1 establish-tunnels immediately
set security flow tcp-mss ipsec-vpn mss 1350
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold
2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies from-zone trust to-zone trust policy trust-to-trust match
source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match
destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match
application any
set security policies from-zone trust to-zone trust policy trust-to-trust then
permit
set security policies from-zone trust to-zone untrust policy trust-to-untrust match
source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match
destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match
application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then
permit
set security policies from-zone trust to-zone zone1 policy trust-to-zone1 match
source-address any
set security policies from-zone trust to-zone zone1 policy trust-to-zone1 match
destination-address any
set security policies from-zone trust to-zone zone1 policy trust-to-zone1 match
application any
set security policies from-zone trust to-zone zone1 policy trust-to-zone1 then
permit
set security policies from-zone zone1 to-zone trust policy zone1-to-trust match
source-address any
set security policies from-zone zone1 to-zone trust policy zone1-to-trust match
destination-address any
set security policies from-zone zone1 to-zone trust policy zone1-to-trust match
application any
set security policies from-zone zone1 to-zone trust policy zone1-to-trust then
permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces irb.0
set security zones security-zone trust interfaces ge-0/0/1.0
set security zones security-zone trust interfaces ge-0/0/3.0
set security zones security-zone untrust
set security zones security-zone zone1 host-inbound-traffic system-services all
set security zones security-zone zone1 host-inbound-traffic protocols all
set security zones security-zone zone1 interfaces ge-0/0/0.0
set security zones security-zone zone1 interfaces gr-0/0/0.0
set security zones security-zone zone1 interfaces st0.0
set interfaces ge-0/0/0 unit 0 family inet address 16.16.16.2/30
set interfaces gr-0/0/0 unit 0 clear-dont-fragment-bit
set interfaces gr-0/0/0 unit 0 description primaryGRE
set interfaces gr-0/0/0 unit 0 tunnel source 5.5.5.2
set interfaces gr-0/0/0 unit 0 tunnel destination 5.5.5.1
set interfaces gr-0/0/0 unit 0 tunnel allow-fragmentation
set interfaces gr-0/0/0 unit 0 family inet mtu 1400
set interfaces ge-0/0/1 unit 0 family inet filter input TO_GRE
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/3 unit 0 family inet address 10.10.10.1/24
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/7 unit 0 family inet dhcp vendor-id Juniper-srx320
set interfaces cl-1/0/0 dialer-options pool 1 priority 100
set interfaces dl0 unit 0 family inet negotiate-address
set interfaces dl0 unit 0 family inet6 negotiate-address
set interfaces dl0 unit 0 dialer-options pool 1
set interfaces dl0 unit 0 dialer-options dial-string 1234
set interfaces dl0 unit 0 dialer-options always-on
set interfaces irb unit 0 family inet address 192.168.1.1/24
set interfaces st0 unit 0 family inet
set firewall family inet filter TO_GRE term 0 from source-address 10.10.10.0/24
set firewall family inet filter TO_GRE term 0 from destination-port 80
set firewall family inet filter TO_GRE term 0 from destination-port 443
set firewall family inet filter TO_GRE term 0 then routing-instance route_to_gre
set access address-assignment pool junosDHCPPool family inet network 192.168.1.0/24
set access address-assignment pool junosDHCPPool family inet range junosRange low
192.168.1.2
set access address-assignment pool junosDHCPPool family inet range junosRange high
192.168.1.254
set access address-assignment pool junosDHCPPool family inet dhcp-attributes router
192.168.1.1
set access address-assignment pool junosDHCPPool family inet dhcp-attributes
propagate-settings ge-0/0/1
set routing-instances route_to_gre instance-type forwarding
set routing-instances route_to_gre routing-options static route 0.0.0.0/0 next-hop
gr-0/0/0.0
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface irb.0
set protocols l2-learning global-mode switching
set protocols rstp interface all
set routing-options static route 0.0.0.0/0 next-hop 16.16.16.2
set routing-options static route 0.0.0.0/0 next-hop 16.16.16.1
set routing-options static route 15.15.15.0/24 next-hop 5.5.5.1
set routing-options interface-routes rib-group inet route_to_gre_1
set routing-options rib-groups route_to_gre_1 import-rib inet.0
set routing-options rib-groups route_to_gre_1 import-rib route_to_gre.inet.0

You might also like