## Last changed: 2013-04-09 22:44:29 UTC version 11.4R4.4; system { host-name FW-GADOR; root-authentication { encrypted-password "$1$Y5uuTZsS$rZ9mvqXD5NR5LQ1778deB."; } name-server { 200.87.100.

10; } services { ssh; telnet; web-management { http { interface [ vlan.0 fe-0/0/0.0 ]; } https { system-generated-certificate; interface vlan.0; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } file policy_session { user info; match RT_FLOW; archive size 1000k world-readable; structured-data; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { interface-range interfaces-trust { member fe-0/0/1; member fe-0/0/2; member fe-0/0/3; member fe-0/0/4; member fe-0/0/5; member fe-0/0/6; member fe-0/0/7; unit 0 {

family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/0 { unit 0 { family inet { address 190.129.14.67/29; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } st0 { unit 0 { family inet; family inet6; } unit 1 { family inet; family inet6; } } vlan { unit 0 { family inet { address 192.168.18.30/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop 190.129.14.65; route 192.168.128.0/24 next-hop 192.168.18.20; route 192.168.129.0/24 next-hop 192.168.18.20; route 192.168.101.0/24 next-hop st0.0; route 192.168.104.0/23 next-hop st0.1; } } security { ike { proposal sha-pre-g2-3des { authentication-method pre-shared-keys; dh-group group2; authentication-algorithm sha1; encryption-algorithm 3des-cbc; } policy Ike_Fase1 { mode main; proposals sha-pre-g2-3des; pre-shared-key ascii-text "$9$3Znu6A0B1hyeWFntOBEeK";

} gateway GW-SIGMA { ike-policy Ike_Fase1; address 200.87.146.82; external-interface fe-0/0/0; } } ipsec { proposal sha-3des-esp { protocol esp; authentication-algorithm hmac-sha1-96; encryption-algorithm 3des-cbc; } policy Pol_Fase2_Sigma { perfect-forward-secrecy { keys group2; } proposals sha-3des-esp; } vpn VPN-SIGMA { bind-interface st0.0; vpn-monitor { optimized; } ike { gateway GW-SIGMA; proxy-identity { local 192.168.18.0/24; remote 192.168.101.0/24; } ipsec-policy Pol_Fase2_Sigma; } establish-tunnels immediately; } vpn vpn_105 { bind-interface st0.1; vpn-monitor { optimized; } ike { gateway GW-SIGMA; proxy-identity { local 192.168.18.0/24; remote 192.168.104.0/23; } ipsec-policy Pol_Fase2_Sigma; } establish-tunnels immediately; } } alg { sql disable; tftp disable; } screen { ids-option untrust-screen { icmp { ping-death; } ip {

source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trusts-to-sigma { from zone trust; to zone untrust; rule salida { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set nat_vpn { from zone VPN; to zone trust; rule red_105 { match { source-address 192.168.104.0/23; destination-address 192.168.18.0/24; } then { source-nat { interface; } } } } } proxy-arp { interface fe-0/0/0.0 { address { 190.129.14.68/32; } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match {

source-address any; destination-address any; application [ junos-icmp-ping junos-ping ]; } then { permit; log { session-init; session-close; } count; } } policy navegacion { match { source-address Red_GADOR; destination-address any; application [ junos-http junos-https junos-dns-udp junos-dns -tcp ]; } then { permit; log { session-init; session-close; } count; } } policy new_navegacion { match { source-address Red_GADOR; destination-address any; application any; } then { deny; log { session-init; session-close; } count; } } } from-zone untrust to-zone trust { policy Sigma_59 { match { source-address Sigma_59; destination-address any; application any; } then { permit; } } } from-zone trust to-zone trust { policy lan-lan { match {

source-address any; destination-address any; application any; } then { permit; log { session-init; session-close; } } } } from-zone VPN to-zone trust { policy SIGMA_TO_TRUST { match { source-address any; destination-address any; application any; } then { permit; log { session-init; session-close; } count; } } } from-zone trust to-zone VPN { policy TRUST_TO-SIGMA { match { source-address any; destination-address any; application any; } then { permit; log { session-init; session-close; } count; } } } } zones { security-zone trust { address-book { address Red_GADOR 192.168.18.0/24; } host-inbound-traffic { system-services { all; } protocols { all; }

} interfaces { vlan.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } security-zone untrust { address-book { address Red_Sigma 192.168.101.0/24; address Red_Sigma2 192.168.104.0/23; address Sigma_67 192.168.67.0/24; address Sigma_72 192.168.72.0/24; address Sigma_58 192.168.58.0/24; address Sigma_59 192.168.65.0/24; address Sigma_52 192.168.52.0/24; address Sigma_65 192.168.65.0/24; } screen untrust-screen; host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { fe-0/0/0.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } security-zone prueba { interfaces { lo0.0; } } security-zone VPN { host-inbound-traffic { system-services { all; } protocols { all; }

} interfaces { st0.0 { host-inbound-traffic { system-services { all; } } } st0.1 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.0; } }