IPsecVPN->Auto tunnel->PHASE1

1.IN Proposal

show security ike proposal BMTC-RSRTC2-PH1

authentication-method pre-shared-keys;

dh-group group2;

authentication-algorithm sha1;

encryption-algorithm 3des-cbc;

lifetime-seconds 28800;

IN IKE policy

show security ike policy BMTC-RSRTC2-POLICY

mode main;

proposals BMTC-RSRTC2-PH1;

pre-shared-key ascii-text "$9$K2mW7dY24JUip0IcleMWaZGj.PQFn"; ## SECRET-DATA

In Gateway

show security ike gateway BMTC-RSRTC2-GW

ike-policy BMTC-RSRTC2-POLICY;

address 122.252.232.116;

external-interface reth1.0;

IN PHASE2

IPsecVPN->Auto tunnel->PHASE2
IN IPsec Proposal

show security ipsec proposal BMTC-RSRTC2-PH2

protocol esp;

authentication-algorithm hmac-sha1-96;

encryption-algorithm 3des-cbc;

lifetime-seconds 3600;

In IPSEC Policy

show security ipsec policy BMTC-RSRTC2-PH2-POLICY

perfect-forward-secrecy {

keys group2;

proposals BMTC-RSRTC2-PH2;

IN ipsec vpn

show security ipsec vpn BMTC-RSRTC2-VPN

vpn-monitor {

optimized;

ike {

gateway BMTC-RSRTC2-GW;

proxy-identity {
 local 10.30.1.0/24;

remote 192.168.3.0/24;

ipsec-policy BMTC-RSRTC2-PH2-POLICY;

Policy Trust To Untrust

show security policies from-zone SERVER to-zone INTERNET policy BMTC-TO-RSRTC2

match {

source-address addr_10_30_1_0_24;

destination-address addr_192_168_3_0_24;

application any;

then {

permit {

tunnel {

ipsec-vpn BMTC-RSRTC2-VPN;

pair-policy RSRTC2-TO-BMTC;

log {

session-init;

session-close;

}
show security policies from-zone INTERNET to-zone SERVER policy RSRTC2-TO-BMTC

match {

source-address addr_192_168_3_0_24;

destination-address addr_10_30_1_0_24;

application any;

then {

permit {

tunnel {

ipsec-vpn BMTC-RSRTC2-VPN;

pair-policy BMTC-TO-RSRTC2;

log {

session-init;

session-close;

insert security policies from-zone SERVER to-zone INTERNET policy BMTC-TO-RSRTC2 before policy
NAME OF THE POLICY(we are moving the BMTC-TO-RSRTC2 above this policy)

For saving:

Commit