EasyManua.ls Logo

GE MDS ORBIT ECR - Page 439

GE MDS ORBIT ECR
463 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 439
set services vpn ipsec connection SRX240 filter output OUT_TRUSTED
# GRE interface configuration
set interfaces interface GRE-SRX240 type gre
set interfaces interface GRE-SRX240 gre-config mode ip-over-gre
set interfaces interface GRE-SRX240 gre-config src-address 172.16.1.2
set interfaces interface GRE-SRX240 gre-config dst-address 172.16.1.1
set interfaces interface GRE-SRX240 ipv4 mtu 1250
set interfaces interface GRE-SRX240 ipv4 address 10.1.1.2 prefix-length 30
set interfaces interface GRE-SRX240 filter input IN_TRUSTED
set interfaces interface GRE-SRX240 filter output OUT_TRUSTED
# Routing configuration
set routing static-routes ipv4 route 1 dest-prefix 192.168.3.0/24
set routing static-routes ipv4 route 1 outgoing-interface GRE-SRX240
set routing static-routes ipv4 route 1 dest-prefix 192.168.4.0/24
set routing static-routes ipv4 route 1 outgoing-interface GRE-SRX240
# Firewall configuration
set services firewall enabled true
set services firewall address-set CELL-IP
set services firewall filter IN_TRUSTED rule 10 match protocol all
set services firewall filter IN_TRUSTED rule 10 actions
set services firewall filter IN_TRUSTED rule 10 actions action accept
set services firewall filter IN_UNTRUSTED rule 1 match protocol icmp
set services firewall filter IN_UNTRUSTED rule 1 actions
set services firewall filter IN_UNTRUSTED rule 1 actions action accept
set services firewall filter IN_UNTRUSTED rule 2 match protocol udp
set services firewall filter IN_UNTRUSTED rule 2 match src-port
set services firewall filter IN_UNTRUSTED rule 2 match src-port services [ dns ]
set services firewall filter IN_UNTRUSTED rule 10 match protocol udp
set services firewall filter IN_UNTRUSTED rule 10 match dst-port
set services firewall filter IN_UNTRUSTED rule 10 match dst-port services [ ike ntp ]
set services firewall filter IN_UNTRUSTED rule 10 actions
set services firewall filter IN_UNTRUSTED rule 10 actions action accept
set services firewall filter IN_UNTRUSTED rule 11 match protocol esp
set services firewall filter IN_UNTRUSTED rule 11 actions
set services firewall filter IN_UNTRUSTED rule 11 actions action accept
set services firewall filter IN_UNTRUSTED rule 12 match protocol all
set services firewall filter IN_UNTRUSTED rule 12 actions

Table of Contents

Related product manuals