## Last commit: 2017-08-20 01:14:06 UTC by testuser
version 14.1R5.4;
system {
    host-name atl-internet;
    default-address-selection;
    services {
        ssh {
            protocol-version v2;
        }
    }
    syslog {
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
chassis {
    aggregated-devices {
        ethernet {
            device-count 2;
        }
    }
    fpc 0 {
        pic 0 {
            number-of-ports 23;
        }
    }
}
interfaces {
    st0 {
        unit 0 {
            point-to-point;
            family inet {
                mtu 1420;
                address 10.5.0.0/24;
            }
        }
    }
    st1 {
        unit 0 {
            point-to-point;
            family inet {
                mtu 1420;
                address 10.193.0.0/16;
            }
        }
    } 
    st2 {
        unit 0 {
            point-to-point;
            family inet {
                mtu 1420;
                address 10.7.0.0/24;
            }
        }
    }
    ge-0/0/0 {
        link-mode full-duplex;
        unit 0 {
            family inet {
                address 91.213.92.51/31;
            }
            family iso;
        }
    }
    ge-0/0/1 {
        link-mode full-duplex;
        unit 0 {
            family inet {
                address 10.110.3.64/31;
            }
        }
    }
    ge-0/0/2 {
        link-mode full-duplex;
        unit 0 {
            family inet {
                address 10.110.3.66/31;
            }
        }
    }
    ge-0/0/3 {
        link-mode full-duplex;
    }
    ge-0/0/4 {
        link-mode full-duplex;
    }
    ge-0/0/5 {
        link-mode full-duplex;
    }
    ge-0/0/6 {
        link-mode full-duplex;
    }
    ge-0/0/7 {
        link-mode full-duplex;
    }
    ge-0/0/8 {
        link-mode full-duplex;
    }
    ge-0/0/9 {
        link-mode full-duplex;
    }
    ge-0/0/10 {
        link-mode full-duplex;
    }
    lo0 {
        unit 0 {
            family inet {
                address 100.100.1.1/32;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 reject;
        route 175.45.176.0/24 reject;
        route 216.49.184.0/21 reject;
        route 84.54.64.0/19 reject;
    }
    router-id 100.100.1.1;
    autonomous-system 100;
    forwarding-table {
        export LOAD_BALANCE;
    }
}
protocols {
    bgp {
        group ebgp {
            type external;
            export announce-via-bgp;
            peer-as 25;
            multipath;
            neighbor 10.110.3.65;
            neighbor 10.110.3.67;
        }
    }
    lldp {
        interface all;
    }
}
policy-options {
    policy-statement LOAD_BALANCE {
        then {
            load-balance per-packet;
        }
    }
    policy-statement announce-via-bgp {
        from protocol static;
        then accept;
    }
    policy-statement export-direct {
        term from-direct {
            from protocol direct;
            then accept;
        }
    }
    policy-statement export-statics {
        term from-static {
            from protocol static;
            then accept;
        }
    }
}
security {
    ike {
        proposal vpn1-bb-proposal {
            authentication-method pre-shared-keys;
            dh-group group2;
            authentication-algorithm sha-256;
            encryption-algorithm aes-256-cbc;
        }
        policy vpn1-bb-ike-policy {
            mode main;
            proposals vpn1-bb-proposal;
            pre-shared-key ascii-text \"secret-key\"; ## ENSURE THIS IS THE SAME ON BOTH SIDES
        }
        policy vpn2-bb-ike-policy {
            mode main;
            proposals vpn1-bb-proposal;
            pre-shared-key ascii-text \"secret-key\"; ## ENSURE THIS IS THE SAME ON BOTH SIDES
        }
        policy vpn3-bb-ike-policy {
            mode main;
            proposals vpn1-bb-proposal;
            pre-shared-key ascii-text \"secret-key\"; ## ENSURE THIS IS THE SAME ON BOTH SIDES
        }
        gateway vpn1-bb-gateway {
            ike-policy vpn1-bb-ike-policy;
            address 35.180.16.171; ## EXTERNAL-FACING INTERFACE ADDRESS OF VPN1.BB
            external-interface ge-0/0/0.0; ## EXTERNAL-FACING INTERFACE OF VPN1.AA
        }
        gateway vpn2-bb-gateway {
            ike-policy vpn1-bb-ike-policy;
            address 52.247.218.72; ## EXTERNAL-FACING INTERFACE ADDRESS OF VPN2.BB
            external-interface ge-0/0/0.0; ## EXTERNAL-FACING INTERFACE OF VPN2.AA
        }
        gateway vpn3-bb-gateway {
            ike-policy vpn1-bb-ike-policy;
            address 34.75.42.129; ## EXTERNAL-FACING INTERFACE ADDRESS OF VPN3.BB
            external-interface ge-0/0/0.0; ## EXTERNAL-FACING INTERFACE OF VPN3.AA
        }
    }
    ipsec {
        proposal vpn1-bb-ipsec-proposal {
            protocol esp;
            authentication-algorithm hmac-sha-256-128;
            encryption-algorithm aes-256-cbc;
        }
        policy vpn1-bb-ipsec-policy {
            perfect-forward-secrecy {
                keys group2;
            }
            proposals vpn1-bb-ipsec-proposal;
        }
        vpn vpn1-bb-ipsec-vpn {
            bind-interface st0.0;
            ike {
                gateway vpn1-bb-gateway;
                ipsec-policy vpn1-bb-ipsec-policy;
            }
            establish-tunnels immediately;
        }
        vpn vpn1-bb-ipsec-vpn {
            bind-interface st1.0;
            ike {
                gateway vpn2-bb-gateway;
                ipsec-policy vpn2-bb-ipsec-policy;
            }
            establish-tunnels immediately;
        }
        vpn vpn1-bb-ipsec-vpn {
            bind-interface st2.0;
            ike {
                gateway vpn3-bb-gateway;
                ipsec-policy vpn3-bb-ipsec-policy;
            }
            establish-tunnels immediately;
        }
    }
}
firewall {
    family inet {
        filter man-filter {
            term 1 {
                from {
                    source-address {
                        0.0.0.0/0;
                    }
                    destination-address {
                        10.100.0.8/32;
                        10.100.0.6/32;
                    }
                }
                then accept;
            }
        }
    }
}
