1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
{
"zone": {
"dmvpn-ipsec": { "addr": "0.0.0.0/0" },
"dmvpn-gre": { "addr": "0.0.0.0/0", "ipsec": true },
"dmvpn-bgp": {
"iface": "$dmvpn_gre_iface", "addr": "0.0.0.0/0"
},
"dmvpn": { "iface": "$dmvpn_gre_iface", "route-back": true }
},
"log": {
"dmvpn": {
"mode": "nflog",
"group": "$dmvpn_nflog_group",
"range": 128,
"limit": {
"interval": 15,
"src-mask": "$dmvpn_site_mask",
"dest-mask": "$dmvpn_site_mask"
}
}
},
"packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ],
"filter": [
{
"in": "_fw",
"service": [
"dns",
"http",
"https",
"ldap",
"ldaps",
"ntp"
]
},
{ "in": "dmvpn-ipsec", "out": "_fw", "service": "ipsec" },
{ "in": "_fw", "out": "dmvpn-ipsec", "service": "ipsec" },
{ "in": "dmvpn-gre", "out": "_fw", "service": "gre" },
{ "in": "_fw", "out": "dmvpn-gre", "service": "gre" },
{ "in": "dmvpn-bgp", "out": "_fw", "service": "bgp" },
{ "in": "_fw", "out": "dmvpn-bgp", "service": "bgp" },
{ "in": "dmvpn", "out": "dmvpn" }
]
}
|