gen # GEN STATEMENT hostname 6wind domainname ipsec2001.hsc.fr enable ipv4forwarding enable ipv6forwarding disable telnet enable ssh # ARP TABLE # NDP TABLE # HOST # NAMESERVER nameserver 192.70.106.33 nameserver 192.70.106.200 rtg # IPV4 ROUTE route 10.198.0.0/16 192.70.106.198 route 10.199.0.0/16 192.70.106.199 route 10.205.0.0/16 192.70.106.205 route 10.207.0.0/16 192.70.106.207 route 10.201.0.0/16 192.70.106.201 route 10.209.0.0/16 192.70.106.209 route 10.213.0.0/16 192.70.106.213 route 10.200.0.0/16 192.70.106.200 route 10.202.0.0/16 192.70.106.202 # IPV6 ROUTE route 3ffe:304:11e:2::/64 3ffe:304:11e:3:2e0:fdff:fe00:869 # DEFAULT ROUTE ipv4_defaultroute 192.70.106.254 ipv6_defaultroute none mig # 6IN4 TUNNELS # 4IN6 TUNNELS # 6TO4 TUNNELS # AUTOMATIC TUNNELS # MIGRATION STATEMENT disable rip disable ripng qos # QOS FLOW # QOS CLASS sec # SA_AH # SA_ESP # SECURITY TUNNEL tunnel 6wind_cisco esp 10.196.0.0/16[any] 10.202.0.0/16[any] any 6wind_cisco tunnel 6wind_ciscovpn esp 10.196.0.0/16[any] 10.199.0.0/16[any] any 6wind_ciscovpn tunnel 6wind_pix esp 10.196.0.0/16[any] 10.198.0.0/16[any] any 6wind_pix tunnel 6wind_freeswan esp 10.196.0.0/16[any] 10.205.0.0/16[any] any 6wind_freeswan tunnel 6wind_netasq esp 10.196.0.0/16[any] 10.207.0.0/16[any] any 6wind_netasq tunnel 6wind_netcelo esp 10.196.0.0/16[any] 10.201.0.0/16[any] any 6wind_netcelo tunnel 6wind_netscreen esp 10.196.0.0/16[any] 10.209.0.0/16[any] any 6wind_netscreen tunnel 6wind_nortel esp 10.196.0.0/16[any] 10.213.0.0/16[any] any 6wind_nortel tunnel 6wind_openbsd esp 10.196.0.0/16[any] 10.200.0.0/16[any] any 6wind_openbsd tunnel 6wind_openbsd_v6 esp 3ffe:304:11e:4::/64[any] 3ffe:304:11e:2::/64[any] any 6wind_openbsd_v6 # VPN vpn 6wind_cisco cer_fqdn 192.70.106.196 192.70.106.202 opca vpn 6wind_ciscovpn cer_fqdn 192.70.106.196 192.70.106.199 opca vpn 6wind_pix cer_fqdn 192.70.106.196 192.70.106.198 opca vpn 6wind_freeswan cer_fqdn 192.70.106.196 192.70.106.205 opca vpn 6wind_netasq cer_asn1dn 192.70.106.196 192.70.106.207 opca vpn 6wind_netcelo cer_fqdn 192.70.106.196 192.70.106.201 opca vpn 6wind_netscreen cer_fqdn 192.70.106.196 192.70.106.209 opca vpn 6wind_nortel cer_asn1dn 192.70.106.196 192.70.106.213 opca vpn 6wind_openbsd cer_fqdn 192.70.106.196 192.70.106.200 opca vpn 6wind_openbsd_v6 cer_fqdn 3ffe:304:11e:3::196 3ffe:304:11e:3:2e0:fdff:fe00:869 opca # PRE SHARED KEY # TRUSTED AUTHORITIES trust rootca trust opca # SECURITY STATEMENT ike_id ipsec2001 snmp # ROCOMMUNITY # RWCOMMUNITY # TRAPSINK # TRAP2SINK # INFORMSINK # SNMP STATEMENT syslocation "" syscontact "" authtrap enable disable snmp sfl # SRVFL STATEMENT ike_security clear ssh_security clear dns_security protected icmp_errors_security protected icmp_echo_out_security protected icmp_echo_in_security protected icmpv6_errors_security protected icmpv6_echo_out_security protected icmpv6_echo_in_security protected # NMS MANAGER # IGMP GROUPS # MLD GROUPS eth0_0 # IPV4 ADDRESS ipaddress 10.196.0.1/16 # IPV6 ADDRESS ipaddress 3ffe:304:11e:4::196/64 # IPV6 PREFIX prefix 3ffe:304:11e:4::/64 # INTERFACE STATEMENT disable ipsec enable arp enable ndp disable rip disable ripng disable autoconfv6 intf up maxbandwidth in 100 Mbps maxbandwidth out 100 Mbps be_size in 1 MB be_size out 1 MB disable qos in disable qos out eth1_0 # IPV4 ADDRESS # IPV6 ADDRESS # IPV6 PREFIX # INTERFACE STATEMENT disable ipsec enable arp enable ndp disable rip disable ripng disable autoconfv6 intf up maxbandwidth in 100 Mbps maxbandwidth out 100 Mbps be_size in 1 MB be_size out 1 MB disable qos in disable qos out eth2_0 # IPV4 ADDRESS ipaddress 192.70.106.196/26 # IPV6 ADDRESS ipaddress 3ffe:304:11e:3::196/64 # IPV6 PREFIX # INTERFACE STATEMENT enable ipsec enable arp enable ndp disable rip disable ripng disable autoconfv6 intf up maxbandwidth in 100 Mbps maxbandwidth out 100 Mbps be_size in 1 MB be_size out 1 MB disable qos in disable qos out exit