## Last changed: 2015-06-02 17:49:13 UTC

version 12.1X44-D45.2;
system {
host-name FW-PIURA;
root-authentication {
encrypted-password "$1$MrRaeyQg$/49HQ5kj1nMQBEn871lWf1";
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ ge-0/0/1.0 ge-0/0/0.0 ];
}
https {
system-generated-certificate;
interface [ ge-0/0/1.0 ge-0/0/0.0 ];
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.5/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 152.25.1.2/24;
}

}
}
ge-0/0/2
unit
}
ge-0/0/3
unit
}
ge-0/0/4
unit
}
ge-0/0/5
unit
}
ge-0/0/6
unit
}
ge-0/0/7
unit
}
st0 {
unit

{
0;
{
0;
{
0;
{
0;
{
0;
{
0;
0 {
family inet {
address 6.7.8.9/8;
}

}
}
}
routing-options {
static {
route 192.168.0.0/24 next-hop st0.0;
route 0.0.0.0/0 next-hop 192.168.1.1;
}
}
protocols {
stp;
}
security {
ike {
proposal proposal {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha-256;
encryption-algorithm 3des-cbc;
lifetime-seconds 28800;
}
policy Policy {
mode main;
proposals proposal;
pre-shared-key ascii-text "$9$n9qF9tOhSeX7V1R7VwYZG69Ap1RcylMLx";
}
gateway Paita {
ike-policy Policy;
address 190.116.54.217;
external-interface ge-0/0/0.0;
version v1-only;
}
}
ipsec {
proposal Proposal {

authentication-algorithm hmac-sha1-96;
encryption-algorithm des-cbc;
}
policy Policy {
perfect-forward-secrecy {
keys group2;
}
proposals Proposal;
}
vpn Paita {
bind-interface st0.0;
vpn-monitor;
ike {
gateway Paita;
ipsec-policy Policy;
}
establish-tunnels immediately;
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool 8081 {
address 152.25.1.19/32 port 8081;

}
pool 1495 {
address 152.25.1.19/32 port 1495;
}
pool 8080 {
address 152.25.1.16/32 port 8080;
}
pool 1494 {
address 152.25.1.16/32 port 1494;
}
pool 2121 {
address 152.25.1.16/32 port 2121;
}
pool 65530 {
address 152.25.1.16/32 port 65530;
}
pool 8084 {
address 152.25.1.16/32 port 8084;
}
pool 1723 {
description VPN-TCP;
routing-instance {
default;
}
address 152.25.1.10/32 port 1723;
}
pool 47 {
description VPN-UDP;
address 152.25.1.10/32 port 47;
}
rule-set Nats {
from zone untrust;
rule 8081 {
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 8081;
}
then {
destination-nat pool 8081;
}
}
rule 1495 {
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 1495;
}
then {
destination-nat pool 1495;
}
}
rule 8080 {
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 8080;
}
then {
destination-nat pool 8080;

}
}
rule 1494 {
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 1494;
}
then {
destination-nat pool 1494;
}
}
rule 2121 {
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 2121;
}
then {
destination-nat pool 2121;
}
}
rule 65530 {
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 65530;
}
then {
destination-nat pool 65530;
}
}
rule 8084 {
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 8084;
}
then {
destination-nat pool 8084;
}
}
rule 1723 {
description VPN-TCP;
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 1723;
}
then {
destination-nat pool 1723;
}
}
rule 47 {
description VPN-UDP;
match {
source-address 0.0.0.0/0;
destination-address 192.168.1.5/32;
destination-port 47;
}

then {
destination-nat pool 47;
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy Acceso152-25-1-19 {
match {
source-address any;
destination-address 152.25.1.19;
application [ TCP_8081 TCP_1495 UDP_1495 ];
}
then {
permit;
}
}
policy Acceso152-25-1-16 {
match {
source-address any;
destination-address 152.25.1.16;
application [ TCP_8080 TCP_1494 UDP_1494 TCP_2121 UDP_2121 T
CP_65530 UDP_65530 TCP_8084 ];
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
address-book {
address 152.25.1.19 152.25.1.19/32;
address 152.25.1.16 152.25.1.16/32;
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;

}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone VPN-PAITA {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
st0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
}
applications {
application TCP_8081 {
protocol tcp;
source-port 0-65535;
destination-port 8081;
}
application TCP_1495 {
protocol tcp;
source-port 0-65535;
destination-port 1495;
}

application UDP_1495 {
protocol udp;
source-port 0-65535;
destination-port 1495;
}
application TCP_8080 {
protocol tcp;
source-port 0-65535;
destination-port 8080;
}
application TCP_1494 {
protocol tcp;
source-port 0-65535;
destination-port 1494;
}
application UDP_1494 {
protocol udp;
source-port 0-65535;
destination-port 1494;
}
application TCP_2121 {
protocol tcp;
source-port 0-65535;
destination-port 2121;
}
application UDP_2121 {
protocol udp;
source-port 0-65535;
destination-port 2121;
}
application TCP_65530 {
protocol tcp;
source-port 0-65535;
destination-port 65530;
}
application UDP_65530 {
protocol udp;
source-port 0-65535;
destination-port 65530;
}
application TCP_8084 {
protocol tcp;
source-port 0-65535;
destination-port 8084;
}
}