unset key protection enable
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "Remote Desktop" protocol tcp src-port 0-65535 dst-port 3389-3389 
set service "Samsung CCTV" protocol tcp src-port 0-65535 dst-port 554-557 
set service "Access Control" protocol udp src-port 0-65535 dst-port 2074-2075 
set service "Access Control" + udp src-port 0-65535 dst-port 1025-1025 
set service "Access Control" + tcp src-port 0-65535 dst-port 5201-5201 
set service "Access Control" + tcp src-port 0-65535 dst-port 21-21 
set service "Access Control" + tcp src-port 0-65535 dst-port 23-23 
set service "Access Control" + tcp src-port 0-65535 dst-port 80-80 
set service "Access Control TCP 5201" protocol tcp src-port 0-65535 dst-port 5201-5201 
set service "Samsung 554" protocol tcp src-port 0-65535 dst-port 554-554 
set service "Samsung 555" protocol tcp src-port 0-65535 dst-port 555-555 
set service "Samsung 556" protocol tcp src-port 0-65535 dst-port 556-556 
set service "Samsung 557" protocol tcp src-port 0-65535 dst-port 557-557 
set service "Access Control 2074" protocol udp src-port 0-65535 dst-port 2074-2074 
set service "Access 2075" protocol udp src-port 0-65535 dst-port 2075-2075 
set service "Access Control 1025" protocol udp src-port 0-65535 dst-port 1025-1025 
set service "Access control 5201" protocol tcp src-port 0-65535 dst-port 5201-5201 
set service "test" protocol tcp src-port 0-65535 dst-port 32000-32000 
set service "test" + tcp src-port 0-65535 dst-port 32005-32005 
set service "test 32000" protocol tcp src-port 0-65535 dst-port 32000-32000 
set service "worldclient" protocol tcp src-port 0-65535 dst-port 3000-3000 
set service "http 81" protocol tcp src-port 0-65535 dst-port 81-81 
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "IT-S-PRINT.ASD.LOCAL" id 1
set auth-server "IT-S-PRINT.ASD.LOCAL" server-name "145.234.135.8"
set auth-server "IT-S-PRINT.ASD.LOCAL" account-type auth xauth 
set auth-server "IT-S-PRINT.ASD.LOCAL" radius secret "deleted"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "admin"
set admin password "deleted"
set admin port 30001
set admin telnet port 30000
set admin http redirect
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set vip multi-port
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "MGT" block 
unset zone "V1-Trust" tcp-rst 
unset zone "V1-Untrust" tcp-rst 
set zone "DMZ" tcp-rst 
unset zone "V1-DMZ" tcp-rst 
unset zone "VLAN" tcp-rst 
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "ethernet0/3" zone "Trust"
set interface "tunnel.2" zone "Untrust"
set interface ethernet0/0 ip 145.234.135.20/24
set interface ethernet0/0 nat
unset interface vlan1 ip
set interface ethernet0/1 ip 10.0.0.2/24
set interface ethernet0/1 nat
set interface ethernet0/2 ip 80.193.231.82/28
set interface ethernet0/2 route
set interface tunnel.2 ip unnumbered interface ethernet0/2
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/1 ip manageable
unset interface ethernet0/2 ip manageable
set interface ethernet0/0 manage mtrace
set interface ethernet0/2 manage ping
set interface ethernet0/2 manage ssh
set interface ethernet0/2 manage telnet
set interface ethernet0/2 manage ssl
unset interface ethernet0/3 manage ping
unset interface ethernet0/3 manage ssh
unset interface ethernet0/3 manage telnet
unset interface ethernet0/3 manage snmp
unset interface ethernet0/3 manage ssl
unset interface ethernet0/3 manage web
unset interface ethernet0/3 g-arp
unset interface vlan1 manage telnet
set interface vlan1 manage mtrace
set interface ethernet0/2 vip interface-ip 3389 "Remote Desktop" 145.234.135.3
set interface ethernet0/2 vip interface-ip 1025 "Access Control 1025" 10.0.0.25
set interface ethernet0/2 vip interface-ip 21 "FTP" 10.0.0.25
set interface ethernet0/2 vip interface-ip 557 "Samsung 557" 10.0.0.5
set interface ethernet0/2 vip interface-ip 556 "Samsung 556" 10.0.0.5
set interface ethernet0/2 vip interface-ip 555 "Samsung 555" 10.0.0.5
set interface ethernet0/2 vip interface-ip 554 "Samsung 554" 10.0.0.5
set interface ethernet0/2 vip interface-ip 23 "TELNET" 10.0.0.25
set interface ethernet0/2 vip interface-ip 80 "HTTP" 10.0.0.25
set interface ethernet0/2 vip interface-ip 2074 "Access Control 2074" 10.0.0.25
set interface ethernet0/2 vip interface-ip 2075 "Access 2075" 10.0.0.25
set interface ethernet0/2 vip interface-ip 5201 "Access control 5201" 10.0.0.25
set interface ethernet0/2 vip interface-ip 32000 "test" 10.0.0.8
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set console page 50
set domain gateway.asd.local
set hostname gateway
set dbuf size 4096
set pki authority default cert-status revocation-check none
set pki authority default scep mode "auto"
set pki x509 default cert-path full
set pki x509 dn country-name "UK"
set pki x509 dn state-name "South Yorkshire"
set pki x509 dn local-name "Sheffield"
set pki x509 dn org-name "ASD Lighting"
set pki x509 dn org-unit-name "IT"
set pki x509 dn name "Admin"
set pki x509 dn phone ""
set pki x509 cert-fqdn gateway.asd.local
set dns host dns1 145.234.135.19
set dns host dns2 0.0.0.0
set dns host dns3 0.0.0.0
set address "Trust" "10.0.0.111/0" 10.0.0.111 0.0.0.0
set address "Trust" "10.0.0.111/24" 10.0.0.111 255.255.255.0
set address "Trust" "10.16.2.0/24" 10.16.2.0 255.255.255.0
set address "Trust" "10.16.2.2/32" 10.16.2.2 255.255.255.255
set address "Trust" "10.32.255.0/24" 10.32.255.0 255.255.255.0
set address "Trust" "145.234.135.0/24" 145.234.135.0 255.255.255.0
set address "Trust" "145.234.135.14/32" 145.234.135.14 255.255.255.255
set address "Trust" "145.234.135.144/32" 145.234.135.144 255.255.255.255
set address "Trust" "145.234.135.154/32" 145.234.135.154 255.255.255.255
set address "Trust" "145.234.135.18/32" 145.234.135.18 255.255.255.255
set address "Trust" "145.234.135.2/32" 145.234.135.2 255.255.255.255
set address "Trust" "145.234.135.200/32" 145.234.135.200 255.255.255.255
set address "Trust" "145.234.135.201/32" 145.234.135.201 255.255.255.255
set address "Trust" "145.234.135.22/32" 145.234.135.22 255.255.255.255
set address "Trust" "145.234.135.24/32" 145.234.135.24 255.255.255.255
set address "Trust" "145.234.135.25/0" 145.234.135.25 0.0.0.0
set address "Trust" "145.234.135.25/32" 145.234.135.25 255.255.255.255
set address "Trust" "145.234.135.26/32" 145.234.135.26 255.255.255.255
set address "Trust" "145.234.135.3/32" 145.234.135.3 255.255.255.255
set address "Trust" "145.234.135.36/32" 145.234.135.36 255.255.255.255
set address "Trust" "145.234.135.39/32" 145.234.135.39 255.255.255.255
set address "Trust" "145.234.135.4/32" 145.234.135.4 255.255.255.255
set address "Trust" "145.234.135.8/32" 145.234.135.8 255.255.255.255
set address "Trust" "91.207.36.33/32" 91.207.36.33 255.255.255.255
set address "Trust" "Internal" 145.234.135.0 255.255.255.0
set address "Trust" "VPN Address" 10.1.1.5 255.255.255.255
set address "Untrust" "10.16.0.0/16" 10.16.0.0 255.255.0.0
set address "Untrust" "192.168.181.0/24" 192.168.181.0 255.255.255.0
set address "Untrust" "91.207.36.33/32" 91.207.36.33 255.255.255.255
set address "Untrust" "91.207.36.37/32" 91.207.36.37 255.255.255.255
set address "Untrust" "91.207.36.42/32" 91.207.36.42 255.255.255.255
set address "Untrust" "91.207.36.44/32" 91.207.36.44 255.255.255.255
set address "Untrust" "See360 Address 1" 192.168.180.0 255.255.255.0
set address "Untrust" "See360 Address 2" 192.168.144.0 255.255.255.0
set address "Untrust" "See360 Address 3" 192.168.185.0 255.255.255.0
set address "DMZ" "10.0.0.111/0" 10.0.0.111 0.0.0.0
set address "DMZ" "10.0.0.111/24" 10.0.0.111 255.255.255.0
set address "DMZ" "81.174.143.11/32" 81.174.143.11 255.255.255.255
set address "DMZ" "DMZ Subnet" 10.0.0.0 255.255.255.0
set ippool "ASD Dial Up" 10.32.255.1 10.32.255.254
set user "dialupxauthuser" uid 6
set user "dialupxauthuser" ike-id u-fqdn "client@asdlighting.com" share-limit 50
set user "dialupxauthuser" type auth ike xauth
set user "dialupxauthuser" remote ippool "ASD Dial Up"
set user "dialupxauthuser" password "deleted"
set user "dialupxauthuser" "enable"
set user "sdfoijsdfoij" uid 2
set user "sdfoijsdfoij" ike-id u-fqdn "john@fuck.com" share-limit 1
set user "sdfoijsdfoij" type auth ike xauth
set user "sdfoijsdfoij" remote ippool "ASD Dial Up"
set user "sdfoijsdfoij" password ""
set user "sdfoijsdfoij" "enable"
set user-group "Dial Up xAuth Group" id 4
set user-group "Dial Up xAuth Group" user "dialupxauthuser"
set crypto-policy
exit
set ike p1-proposal "See360 Crypto Suite" preshare group2 esp 3des sha-1 second 28800
set ike p1-proposal "test" preshare group1 esp 3des sha-1 second 28800
set ike p2-proposal "See360Phase2" group2 esp 3des sha-1 second 28000
set ike p2-proposal "nopfs-esp-3des-sha-windows7" no-pfs esp 3des sha-1 second 3600 kbyte 250000
set ike p2-proposal "nopfs-esp-aes128-sha-windows7" no-pfs esp aes128 sha-1 second 3600 kbyte 250000
set ike gateway "Gateway for See360" address 194.168.76.125 Main outgoing-interface "ethernet0/2" preshare "deleted" proposal "See360 Crypto Suite" "pre-g2-3des-md5" "pre-g2-des-sha" "pre-g1-des-sha"
set ike gateway "Gateway for See360" dpd-liveness interval 30
set ike gateway "Gateway for See360" dpd-liveness retry 2
set ike gateway "Gateway To RUFC" address 80.193.119.210 Main outgoing-interface "ethernet0/2" preshare "deleted" proposal "See360 Crypto Suite"
set ike gateway "Dial Up Phase 1" dialup "Dial Up xAuth Group" Aggr outgoing-interface "ethernet0/2" preshare "deleted" proposal "pre-g2-3des-sha"
unset ike gateway "Dial Up Phase 1" nat-traversal
set ike gateway "Dial Up Phase 1" xauth server "IT-S-PRINT.ASD.LOCAL"
set ike gateway "Dial Up Phase 1" xauth accounting server "IT-S-PRINT.ASD.LOCAL" 
unset ike gateway "Dial Up Phase 1" xauth do-edipi-auth
set ike gateway "1.1.1.1" address 1.2.1.1 Main outgoing-interface "ethernet0/0" preshare "deleted" sec-level standard
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "ASD Dial Up"
set xauth default dns1 145.234.135.201
set vpn "VPN for See360" gateway "Gateway for See360" no-replay tunnel idletime 0 proposal "See360Phase2"  "g2-esp-des-md5"  "g2-esp-des-sha"  "g2-esp-3des-md5" 
set vpn "RUFC VPN" gateway "Gateway To RUFC" replay tunnel idletime 0 proposal "See360Phase2" 
set vpn "Dial Up Phase 2" gateway "Dial Up Phase 1" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" 
set vpn "Dial Up Phase 2" monitor rekey
set vpn "Dial Up Phase 2" bind zone "Untrust-Tun"
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set l2tp default accounting off 
set l2tp default dns1 145.234.135.19
set l2tp default ppp-auth chap
set url protocol websense
exit
set policy id 36 from "Trust" to "Untrust"  "Any" "Dial-Up VPN" "ANY" tunnel vpn "Dial Up Phase 2" id 0x17 pair-policy 35 
set policy id 36
exit
set policy id 35 from "Untrust" to "Trust"  "Dial-Up VPN" "Any" "ANY" tunnel vpn "Dial Up Phase 2" id 0x17 pair-policy 36 
set policy id 35
exit
set policy id 6 from "Untrust" to "Trust"  "See360 Address 1" "145.234.135.0/24" "ANY" tunnel vpn "VPN for See360" id 0x10 pair-policy 5 
set policy id 6
exit
set policy id 5 from "Trust" to "Untrust"  "145.234.135.0/24" "See360 Address 1" "ANY" tunnel vpn "VPN for See360" id 0x10 pair-policy 6 
set policy id 5
exit
set policy id 7 from "Untrust" to "Trust"  "See360 Address 2" "145.234.135.0/24" "ANY" tunnel vpn "VPN for See360" id 0x11 pair-policy 9 
set policy id 7
exit
set policy id 8 from "Untrust" to "Trust"  "See360 Address 3" "145.234.135.0/24" "ANY" tunnel vpn "VPN for See360" id 0x12 pair-policy 10 
set policy id 8
exit
set policy id 9 from "Trust" to "Untrust"  "145.234.135.0/24" "See360 Address 2" "ANY" tunnel vpn "VPN for See360" id 0x11 pair-policy 7 
set policy id 9
exit
set policy id 10 from "Trust" to "Untrust"  "145.234.135.0/24" "See360 Address 3" "ANY" tunnel vpn "VPN for See360" id 0x12 pair-policy 8 
set policy id 10
exit
set policy id 30 from "Trust" to "Untrust"  "145.234.135.0/24" "10.16.0.0/16" "ANY" tunnel vpn "RUFC VPN" id 0xc pair-policy 29 
set policy id 30
exit
set policy id 11 from "DMZ" to "Untrust"  "Any" "Any" "ANY" nat src permit 
set policy id 11
exit
set policy id 16 from "Untrust" to "DMZ"  "Any" "VIP(ethernet0/2)" "Access Control" permit 
set policy id 16
exit
set policy id 17 from "Untrust" to "DMZ"  "Any" "VIP(ethernet0/2)" "Samsung CCTV" permit 
set policy id 17
exit
set policy id 19 from "Untrust" to "DMZ"  "Any" "VIP(ethernet0/2)" "TELNET" permit 
set policy id 19
exit
set policy id 21 from "Untrust" to "DMZ"  "Any" "VIP(ethernet0/2)" "SMTP" permit 
set policy id 21
exit
set policy id 22 name "worldclient" from "Untrust" to "DMZ"  "Any" "VIP(ethernet0/2)" "worldclient" permit 
set policy id 22
exit
set policy id 23 from "Trust" to "Untrust"  "145.234.135.14/32" "Any" "ANY" permit 
set policy id 23
set src-address "145.234.135.18/32"
set src-address "145.234.135.2/32"
set src-address "145.234.135.200/32"
set src-address "145.234.135.201/32"
set src-address "145.234.135.3/32"
set src-address "145.234.135.36/32"
set src-address "145.234.135.39/32"
set src-address "145.234.135.8/32"
exit
set policy id 25 from "DMZ" to "Trust"  "Any" "Any" "ANY" permit 
set policy id 25
exit
set policy id 28 from "Trust" to "Untrust"  "Any" "91.207.36.33/32" "ANY" permit 
set policy id 28
set dst-address "91.207.36.37/32"
set dst-address "91.207.36.42/32"
set dst-address "91.207.36.44/32"
exit
set policy id 29 from "Untrust" to "Trust"  "10.16.0.0/16" "145.234.135.0/24" "ANY" tunnel vpn "RUFC VPN" id 0xc pair-policy 30 
set policy id 29
exit
set policy id 32 name "Remote Desktop" from "Untrust" to "Trust"  "Any" "VIP(ethernet0/2)" "Remote Desktop" permit 
set policy id 32
exit
set policy id 34 from "Trust" to "Untrust"  "Any" "Any" "FTP" permit 
set policy id 34
exit
set policy id 37 from "Untrust" to "Trust"  "Any" "Any" "ANY" permit 
set policy id 37
exit
set policy id 38 from "Trust" to "Untrust"  "10.32.255.0/24" "Any" "ANY" permit 
set policy id 38
exit
unset log module system level notification destination email
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface ethernet0/2 gateway 80.193.231.81
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit