Building configuration...


Current configuration : 47425 bytes
!
! Last configuration change at 13:32:42 IZH Tue Jun 28 2022 by akhmetzyanovrr_adm
! NVRAM config last updated at 01:00:00 IZH Thu Jul 28 2022
!
version 16.9
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 1000000
!
hostname IZH-KG-P11-RT-1-3
!
boot-start-marker
boot system flash isr4400-universalk9.16.09.04.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition TUN
 !
 address-family ipv4
 exit-address-family
!
security authentication failure rate 3 log
logging buffered 65536
logging rate-limit 100 except warnings
logging console critical
enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1
!
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip vrf forwarding Mgmt-intf
 ip radius source-interface GigabitEthernet0
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone IZH 4 0
clock calendar-valid
no ip source-route
no ip gratuitous-arps
!
ip host tftp 10.4.0.214
no ip domain lookup
ip domain name komos.ru
!
!
!
login on-failure log
login on-success log
!
!
!
!
!
!
!
subscriber templating
! 
! 
! 
! 
!
multilink bundle-name authenticated
!
flow exporter FLOW_EXPORTER_NTOP
 destination 10.4.0.215
 source GigabitEthernet0/0/1.551
 transport udp 9995
 export-protocol netflow-v5
!
!
flow exporter FLOW_EXPORTER_CISCO
 destination 10.4.0.217
 source GigabitEthernet0/0/1.551
 transport udp 9995
 export-protocol netflow-v5
!
!
flow monitor FLOW_MONITOR_INPUT
 description input
 exporter FLOW_EXPORTER_CISCO
 cache timeout inactive 10
 cache timeout active 60
 record netflow ipv4 original-input
!
!
flow monitor FLOW_MONITOR_OUTPUT
 description output
 exporter FLOW_EXPORTER_CISCO
 cache timeout inactive 10
 cache timeout active 60
 record netflow ipv4 original-output
!
!
!
!
crypto pki trustpoint TP-self-signed-2031109008
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2031109008
 revocation-check none
 rsakeypair TP-self-signed-2031109008
!
!
crypto pki certificate chain TP-self-signed-2031109008
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32303331 31303930 3038301E 170D3139 30393132 30363530 
  33325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333131 
  30393030 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 
  0A028201 0100A391 CE6B506A BF534242 0E9D071E E424B790 0AA20C51 736781C1 
  00C107F1 18B1E072 7719422B 3DF52AD2 5B6AC914 183F7E74 6C126371 9292E1D9 
  E19244AE 06CDC03D 5C4DE689 FF16BC4A A969CA86 1514C9C7 0021596E 53F1A75D 
  33288A8E CDF8E834 8F377C67 E33CD7FD E4E6C9B9 4CC9DA27 E79126BB B86430A7 
  D048D097 4F7E8DA3 C4DF8ED5 AEE24416 4DA92146 00F52341 453C7CB0 9E30DB1C 
  DDF2820D 145E4ED1 3A37BFEA A7C1198B 663A0830 F5A0D9DD 92E88C18 83BB9061 
  3A4DEAA5 2EECC0B9 20A45711 49A188B5 20E92DBB 0570B376 919F3D57 EFF1E588 
  50690875 1B96E923 6EA675D2 0B2F9814 50DD93ED A25EB6B1 D54992EF 88941F72 
  342CF2C7 D1770203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 
  301F0603 551D2304 18301680 14E59BE2 B210DC11 02A79CC8 3C8E5AD3 9B81C496 
  39301D06 03551D0E 04160414 E59BE2B2 10DC1102 A79CC83C 8E5AD39B 81C49639 
  300D0609 2A864886 F70D0101 05050003 82010100 5C84C9B7 DE92D156 756ACD8B 
  0B37D5BF CC9B43F1 D1ED4012 6D74876F 58F2A336 A367912B BD323CB4 3CD3B4F4 
  E4F18566 3EDEBAA4 D22B24B7 4A7EB8D9 8A4340B1 DB1DF23A 9DC0A2AE 31FFF1AE 
  8FEF66E1 491BA24E 8C560BCB 28E334BC 3DCA425B 082AE31E 21E5B44C 9194198C 
  4B052178 A6BF012A B893E9B6 16112AC0 02E9F583 273FF029 920EECD8 AF410A54 
  E665588F 25AC11A5 5B323C74 70111938 13ED8AB8 3D56A1C3 977BB368 28D0E704 
  AA1D2117 0DE29FE5 4FC42C63 B8E1B0AA 62DE5927 C3B3D0AF 0E2C0756 EBBF52AC 
  2477607B 03B6F9D6 55A654CE 00994ACC 1AA1CD74 BF3FE785 52ED207B 72FD9BA2 
  D55255A6 9B765604 C433D276 3955A533 2AAFE6B1
  	quit
!
license udi pid ISR4431/K9 sn FOC23172U4F
license boot level securityk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf
 write-memory
 time-period 10080
!
!
!
!
!
object-group network OBJ_BBN_RN_BBN 
 host 85.140.32.104
 host 78.85.13.205
!
object-group network OBJ_IZH_MLK_IZM 
 host 85.140.32.27
 host 78.85.13.42
 host 5.227.126.169
 host 31.173.105.54
 host 217.14.195.253
 host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11 
 91.240.179.0 255.255.255.0
 host 5.227.124.143
 host 78.85.13.93
 host 62.141.96.126
 host 84.201.247.190
 host 88.80.33.50
 host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM 
 host 5.227.124.82
 host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44 
 host 212.46.204.74
 host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48 
 host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR 
 host 87.249.239.226
 host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK 
 host 185.62.195.150
 host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK 
 host 31.173.105.62
 host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK 
 host 83.69.126.54
 host 94.180.253.210
 host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS 
 host 31.173.105.66
 host 78.85.13.52
 host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK 
 host 178.47.128.18
 host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM 
 host 31.173.105.58
 host 78.85.13.53
 host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK 
 host 37.113.128.241
 host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ 
 host 78.85.13.94
 host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA 
 host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK 
 host 78.25.80.134
 host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17 
 host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI 
 host 78.85.15.85
 host 84.201.247.24
 host 79.175.36.97
 host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB 
 host 62.168.232.182
 host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56 
 host 83.143.54.246
 host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM 
 host 85.140.32.177
 host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF 
 host 95.215.208.234
 host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF 
 host 85.140.32.141
 host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV 
 host 85.140.32.178
 host 94.181.119.90
 host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF 
 host 78.85.13.118
 host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF 
 host 178.47.130.10
 host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF 
 host 178.205.241.114
 host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL 
 host 5.227.124.130
 host 78.85.34.99
 host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH 
 host 88.80.33.250
 host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA 
 host 85.140.32.24
 host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB 
 host 78.85.37.88
 host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK 
 host 78.85.19.93
 host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK 
 host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM 
 host 89.232.91.106
 host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB 
 host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL 
 host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB 
 host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61 
 host 84.201.247.32
 host 88.80.33.194
!
object-group network OBJ_YAN_GKZ_YEL 
 host 77.94.97.222
!
object-group network OBJ_KUN_KMK_B2 
 94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80 
 host 178.161.207.26
 host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9 
 host 178.47.128.98
 host 194.150.90.20
 host 194.150.91.170
!
object-group network OBJ_KGB_RN_KGB 
 host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH 
 host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI 
 host 78.85.13.167
!
object-group network OBJ_URN_RN_URN 
 host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM 
 host 88.80.32.230
 host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG 
 host 95.215.208.240
 host 146.120.104.235
 host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21 
 host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP 
 host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK 
 host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17 
 host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17 
 85.140.32.64 255.255.255.252
 host 85.140.32.63
 host 85.140.32.68
!
object-group network OBJ_IZH_VST_VS298 
 host 91.144.167.3
 host 5.227.125.36
 host 178.176.100.154
!
object-group network OBJ_SPB_KG_SPB 
 host 85.140.7.161
 host 94.72.27.43
 host 62.141.114.190
!
object-group network OBJ_IZH_VRS_AKS 
 host 5.227.124.50
 host 87.249.233.80
!
object-group network OBJ_IZH_KI_VOR158 
 host 46.147.130.59
 host 5.227.125.126
!
object-group network OBJ_BRANCHES 
 group-object OBJ_IZH_MLK_IZM
 group-object OBJ_IZH_KG_P11
 group-object OBJ_IZH_VST_IZM
 group-object OBJ_IZH_TK_M44
 group-object OBJ_IZH_TK_M48
 group-object OBJ_IZH_TK_SMR
 group-object OBJ_MSK_KG_MSK
 group-object OBJ_GLZ_MLK_GMK
 group-object OBJ_KZN_MLK_KMK
 group-object OBJ_KEZ_MLK_KZS
 group-object OBJ_PRM_MLK_PHK
 group-object OBJ_SAR_MLK_SRM
 group-object OBJ_CLB_MLK_CMK
 group-object OBJ_BBN_RN_BBN
 group-object OBJ_GLZ_GKZ_GKZ
 group-object OBJ_KIA_RN_KIA
 group-object OBJ_IZH_TZK_TZK
 group-object OBJ_IZH_MK_VS17
 group-object OBJ_IZH_KL_KLI
 group-object OBJ_EKB_KG_EKB
 group-object OBJ_IZH_KEN_VS56
 group-object OBJ_IZH_VRS_IZM
 group-object OBJ_GLZ_VRS_UPF
 group-object OBJ_IZH_VRS_IPF
 group-object OBJ_IZH_VRS_PFV
 group-object OBJ_VOT_VRS_VPF
 group-object OBJ_PRM_VRS_MPF
 group-object OBJ_LAI_VRS_DPF
 group-object OBJ_ITL_VST_ITL
 group-object OBJ_MZH_VST_MZH
 group-object OBJ_KIA_VST_KIA
 group-object OBJ_KGB_VST_KBB
 group-object OBJ_SAR_VST_SMK
 group-object OBJ_KNK_VST_KMK
 group-object OBJ_SHM_TMA_SHM
 group-object OBJ_MSB_TMA_MSB
 group-object OBJ_EVL_TMA_EVL
 group-object OBJ_KIB_TMA_KIB
 group-object OBJ_IZH_KM_S61
 group-object OBJ_YAN_GKZ_YEL
 group-object OBJ_KUN_KMK_B2
 group-object OBJ_KUN_KMK_H80
 group-object OBJ_KUN_KMK_CH9
 group-object OBJ_KGB_RN_KGB
 group-object OBJ_NCH_RN_NCH
 group-object OBJ_PRI_RN_PRI
 group-object OBJ_URN_RN_URN
 group-object OBJ_MZH_TK_TKM
 group-object OBJ_GLZ_TK_TKG
 group-object OBJ_IZH_TK_M21
 group-object OBJ_IZH_HLA_PP
 group-object OBJ_IZH_HLA_UHK
 group-object OBJ_IZH_VD_VS17
 group-object OBJ_IZH_KS_H17
 group-object OBJ_IZH_VST_VS298
 group-object OBJ_SPB_KG_SPB
 group-object OBJ_IZH_VRS_AKS
 group-object OBJ_IZH_KI_VOR158
!
object-group network STATIC_ISP_IP 
 host 84.201.247.190
 host 5.227.124.143
!
!
!
username netadmin privilege 15 secret 5 $1$3nmT$Wx1Oexnb10Jzrg/5QRzmN1
!
redundancy
 mode none
!
!
!
!
!
!
!
class-map match-any CM_QOS_Q2
 match access-group name ACL_QOS_Q2
class-map match-any CM_QOS_Q3
 match access-group name ACL_QOS_Q3
class-map match-any CM_QOS_Q1
 match access-group name ACL_QOS_Q1
class-map match-any CM_QOS_Q4
 match access-group name ACL_QOS_Q4
class-map match-any CM_QOS_Q5
 match access-group name ACL_QOS_Q5
class-map type inspect match-any CM-LAN_TO_WAN_KOM
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all CM-WAN_TO_LAN_KOM
 match access-group name ACL-WAN_TO_LAN_KOM
class-map type inspect match-all CM-WAN_TO_SELF_KOM
 match access-group name ACL-WAN_TO_SELF_KOM
class-map type inspect match-all CM-DMVPN_KOM
 match access-group name ACL-DMVPN_TRAFFIC_KOM
!
policy-map type inspect PM-DMVPN_KOM
 class type inspect CM-DMVPN_KOM
  pass
 class class-default
  drop
policy-map type inspect PM-SELF_TO_WAN_KOM
 description :: ALL TRAFIC FROM ROUTER ALLOWED TO WAN
 class class-default
  pass
policy-map type inspect PM-ALLPASS_KOM
 class class-default
  pass
policy-map PM_QOS_IN
 class CM_QOS_Q5
  set ip dscp cs5
 class CM_QOS_Q4
  set ip dscp cs4
 class CM_QOS_Q3
  set ip dscp cs3
 class CM_QOS_Q2
  set ip dscp cs2
 class CM_QOS_Q1
  set ip dscp cs1
 class class-default
  set ip dscp default
policy-map type inspect PM-WAN_TO_SELF_KOM
 class type inspect CM-WAN_TO_SELF_KOM
  pass
 class class-default
  drop
policy-map type inspect PM-WAN_TO_LAN_KOM
 class class-default
  drop
policy-map type inspect PM-LAN_TO_WAN_KOM
 class type inspect CM-LAN_TO_WAN_KOM
  inspect
 class class-default
  drop
!
zone security LAN
zone security WAN
zone security DMVPN
zone security MGMT
 description Management Network Equipment
zone-pair security ZP-DMVPN_TO_SELF_KOM source DMVPN destination self
 service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-LAN_TO_DMVPN_KOM source LAN destination DMVPN
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_SELF_KOM source LAN destination self
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_WAN_KOM source LAN destination WAN
 service-policy type inspect PM-LAN_TO_WAN_KOM
zone-pair security ZP-MGMT_TO_SELF source MGMT destination self
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_TO_MGMT source self destination MGMT
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_DMVPN_KOM source self destination DMVPN
 service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-SELF_to_LAN_KOM source self destination LAN
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_WAN_KOM source self destination WAN
 service-policy type inspect PM-SELF_TO_WAN_KOM
zone-pair security ZP-WAN_to_LAN_KOM source WAN destination LAN
 service-policy type inspect PM-WAN_TO_LAN_KOM
zone-pair security ZP-WAN_to_SELF_KOM source WAN destination self
 service-policy type inspect PM-WAN_TO_SELF_KOM
zone-pair security ZP_DMVPN_TO_LAN_KOM source DMVPN destination LAN
 service-policy type inspect PM-ALLPASS_KOM
! 
crypto keyring TUN vrf TUN 
  pre-shared-key address 0.0.0.0 0.0.0.0 key fjhJSHpUcnqbpGfI
!
!
!
!
crypto isakmp policy 150
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp policy 160
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key mlk20kom19 address 0.0.0.0         no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
crypto ipsec security-association replay disable
!
crypto ipsec transform-set TS_DMVPN esp-aes esp-sha-hmac 
 mode transport
crypto ipsec transform-set TS_GREIPSEC esp-aes 256 esp-sha-hmac 
 mode transport require
!
crypto ipsec profile GRE_IPSEC
 set transform-set TS_GREIPSEC 
 set pfs group2
!
crypto ipsec profile IPSEC_DMVPN
 description -==SPOKE to SITE DMVPN IPSec GRE Profile ==-
 set transform-set TS_DMVPN 
!
!
!
!
!
!
! 
! 
!
!
interface Tunnel1001
 description DMVPN_SPOKE1_Cloud1
 bandwidth 100000
 ip address 172.30.1.3 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication M_K.Cl01
 ip nhrp map 172.30.1.1 85.140.32.27
 ip nhrp map 172.30.1.2 78.85.13.42
 ip nhrp map multicast 85.140.32.27
 ip nhrp map multicast 78.85.13.42
 ip nhrp network-id 1001
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.1.1
 ip nhrp nhs 172.30.1.2
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0/0.3073
 tunnel mode gre multipoint
 tunnel key 1001
 tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface Tunnel1002
 description DMVPN-HUB1-Cloud2
 bandwidth 100000
 ip address 172.30.2.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication M_K.Cl02
 ip nhrp network-id 1002
 ip nhrp holdtime 300
 ip nhrp redirect
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 bfd interval 50 min_rx 50 multiplier 3
 tunnel source GigabitEthernet0/0/0.3073
 tunnel mode gre multipoint
 tunnel key 1002
 tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface Tunnel2300
 no ip address
 shutdown
!
interface Tunnel2301
 no ip address
 shutdown
!
interface Tunnel2302
 description IZH-KLS-P20-RT-1-1
 bandwidth 100000
 ip address 91.240.179.233 255.255.255.0
 ip mtu 1400
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 keepalive 10 3
 tunnel source GigabitEthernet0/0/1.1113
 tunnel destination 5.227.125.114
 tunnel vrf TUN
 tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel2303
 description KGR-KUMK-B2-RT-1-1
 bandwidth 100000
 ip address 10.1.50.1 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip access-group ACL_KUMK_IN in
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 keepalive 10 3
 tunnel source GigabitEthernet0/0/1.1113
 tunnel destination 94.138.150.1
 tunnel vrf TUN
 tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel2304
 description PRM-KUMK-CH9-RT-1-1
 bandwidth 100000
 ip address 10.1.50.13 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip access-group ACL_KUMK_IN in
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 keepalive 10 3
 tunnel source GigabitEthernet0/0/1.1113
 tunnel destination 178.47.128.98
 tunnel vrf TUN
 tunnel protection ipsec profile GRE_IPSEC
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/0.3073
 description [ISP-100M] MTS_DMVPN
 bandwidth 100000
 encapsulation dot1Q 3073
 ip address 5.227.124.143 255.255.254.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 zone-member security WAN
!
interface GigabitEthernet0/0/1
 description [CORE] SW-1-2
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 negotiation auto
 service-policy input PM_QOS_IN
!
interface GigabitEthernet0/0/1.100
 description MGM
 encapsulation dot1Q 100
 ip address 10.1.1.249 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 zone-member security LAN
!
interface GigabitEthernet0/0/1.551
 description --TRANSIT_HSRP--
 encapsulation dot1Q 551
 ip flow monitor FLOW_MONITOR_INPUT input
 ip flow monitor FLOW_MONITOR_OUTPUT output
 ip address 10.1.239.20 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/0/1.598
 description Transit_Network_to_Core
 encapsulation dot1Q 598
 ip flow monitor FLOW_MONITOR_INPUT input
 ip flow monitor FLOW_MONITOR_OUTPUT output
 ip address 172.30.30.41 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 zone-member security LAN
 standby version 2
 standby 598 ip 172.30.30.43
 standby 598 timers 5 15
 standby 598 priority 150
 standby 598 preempt delay minimum 30
 standby 598 authentication BDC_Kom
 standby 598 name HSRP-TRANSIT-VLAN_598
!
interface GigabitEthernet0/0/1.1113
 description [PI] For Remote tunnels vrf TUN
 encapsulation dot1Q 1113
 vrf forwarding TUN
 ip address 91.240.179.233 255.255.255.0
!
interface GigabitEthernet0/0/2
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 10.1.254.252 255.255.255.0
 zone-member security MGMT
 negotiation auto
!
router bgp 64513
 bgp router-id 172.30.30.41
 bgp log-neighbor-changes
 network 10.1.20.131 mask 255.255.255.255
 timers bgp 10 30
 redistribute connected route-map RM_REDIS_CONN
 neighbor TO_RT_PEERS peer-group
 neighbor TO_RT_PEERS next-hop-self all
 neighbor TO_RT_PEERS soft-reconfiguration inbound
 neighbor TO_MTS_PEERS peer-group
 neighbor TO_MTS_PEERS next-hop-self all
 neighbor TO_MTS_PEERS soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA peer-group
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA remote-as 64521
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA next-hop-self all
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO peer-group
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO remote-as 64522
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO next-hop-self all
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KMK peer-group
 neighbor PG_BGP_SPOKE_KMK remote-as 64516
 neighbor PG_BGP_SPOKE_KMK next-hop-self all
 neighbor PG_BGP_SPOKE_KMK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KMK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_VOTKINSK peer-group
 neighbor PG_BGP_SPOKE_PF_VOTKINSK remote-as 64527
 neighbor PG_BGP_SPOKE_PF_VOTKINSK next-hop-self all
 neighbor PG_BGP_SPOKE_PF_VOTKINSK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_VOTKINSK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_PERM peer-group
 neighbor PG_BGP_SPOKE_PF_PERM remote-as 64529
 neighbor PG_BGP_SPOKE_PF_PERM next-hop-self all
 neighbor PG_BGP_SPOKE_PF_PERM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_PERM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_IZHEVSK peer-group
 neighbor PG_BGP_SPOKE_PF_IZHEVSK remote-as 64526
 neighbor PG_BGP_SPOKE_PF_IZHEVSK next-hop-self all
 neighbor PG_BGP_SPOKE_PF_IZHEVSK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_IZHEVSK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_KAZAN peer-group
 neighbor PG_BGP_SPOKE_PF_KAZAN remote-as 64528
 neighbor PG_BGP_SPOKE_PF_KAZAN next-hop-self all
 neighbor PG_BGP_SPOKE_PF_KAZAN soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_KAZAN route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_VARAKSINO peer-group
 neighbor PG_BGP_SPOKE_PF_VARAKSINO remote-as 64525
 neighbor PG_BGP_SPOKE_PF_VARAKSINO next-hop-self all
 neighbor PG_BGP_SPOKE_PF_VARAKSINO soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_VARAKSINO route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_GLAZOV peer-group
 neighbor PG_BGP_SPOKE_PF_GLAZOV remote-as 64524
 neighbor PG_BGP_SPOKE_PF_GLAZOV next-hop-self all
 neighbor PG_BGP_SPOKE_PF_GLAZOV soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_GLAZOV route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_DC peer-group
 neighbor PG_BGP_SPOKE_PF_DC remote-as 64523
 neighbor PG_BGP_SPOKE_PF_DC next-hop-self all
 neighbor PG_BGP_SPOKE_PF_DC soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_DC route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_MOSCOW peer-group
 neighbor PG_BGP_SPOKE_KG_MOSCOW remote-as 64530
 neighbor PG_BGP_SPOKE_KG_MOSCOW next-hop-self all
 neighbor PG_BGP_SPOKE_KG_MOSCOW soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_MOSCOW route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA peer-group
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA remote-as 64531
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA next-hop-self all
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA peer-group
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA remote-as 64533
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA next-hop-self all
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG peer-group
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG remote-as 64534
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG next-hop-self all
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_GKZ peer-group
 neighbor PG_BGP_SPOKE_KG_GKZ remote-as 64535
 neighbor PG_BGP_SPOKE_KG_GKZ next-hop-self all
 neighbor PG_BGP_SPOKE_KG_GKZ soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_GKZ route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY peer-group
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY remote-as 64537
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY next-hop-self all
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK peer-group
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK remote-as 64532
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK next-hop-self all
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_KIB peer-group
 neighbor PG_BGP_SPOKE_TMA_KIB remote-as 64548
 neighbor PG_BGP_SPOKE_TMA_KIB next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_KIB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_KIB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_EVL peer-group
 neighbor PG_BGP_SPOKE_TMA_EVL remote-as 64547
 neighbor PG_BGP_SPOKE_TMA_EVL next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_EVL soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_EVL route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_MSB peer-group
 neighbor PG_BGP_SPOKE_TMA_MSB remote-as 64549
 neighbor PG_BGP_SPOKE_TMA_MSB next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_MSB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_MSB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_SHM peer-group
 neighbor PG_BGP_SPOKE_TMA_SHM remote-as 64546
 neighbor PG_BGP_SPOKE_TMA_SHM next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_SHM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_SHM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY peer-group
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY remote-as 64550
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY next-hop-self all
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_BBN peer-group
 neighbor PG_BGP_SPOKE_VST_BBN remote-as 64541
 neighbor PG_BGP_SPOKE_VST_BBN next-hop-self all
 neighbor PG_BGP_SPOKE_VST_BBN soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_BBN route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_IZM peer-group
 neighbor PG_BGP_SPOKE_VST_IZM remote-as 64539
 neighbor PG_BGP_SPOKE_VST_IZM next-hop-self all
 neighbor PG_BGP_SPOKE_VST_IZM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_IZM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_SMK peer-group
 neighbor PG_BGP_SPOKE_VST_SMK remote-as 64543
 neighbor PG_BGP_SPOKE_VST_SMK next-hop-self all
 neighbor PG_BGP_SPOKE_VST_SMK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_SMK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_KIA peer-group
 neighbor PG_BGP_SPOKE_VST_KIA remote-as 64540
 neighbor PG_BGP_SPOKE_VST_KIA next-hop-self all
 neighbor PG_BGP_SPOKE_VST_KIA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_KIA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_KGB peer-group
 neighbor PG_BGP_SPOKE_VST_KGB remote-as 64544
 neighbor PG_BGP_SPOKE_VST_KGB next-hop-self all
 neighbor PG_BGP_SPOKE_VST_KGB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_KGB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_KNK peer-group
 neighbor PG_BGP_SPOKE_VST_KNK remote-as 64545
 neighbor PG_BGP_SPOKE_VST_KNK next-hop-self all
 neighbor PG_BGP_SPOKE_VST_KNK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_KNK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_ITL peer-group
 neighbor PG_BGP_SPOKE_VST_ITL remote-as 64538
 neighbor PG_BGP_SPOKE_VST_ITL next-hop-self all
 neighbor PG_BGP_SPOKE_VST_ITL soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_ITL route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_SPB peer-group
 neighbor PG_BGP_SPOKE_KG_SPB remote-as 64552
 neighbor PG_BGP_SPOKE_KG_SPB next-hop-self
 neighbor PG_BGP_SPOKE_KG_SPB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_SPB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_AKS peer-group
 neighbor PG_BGP_SPOKE_PF_AKS remote-as 64553
 neighbor PG_BGP_SPOKE_PF_AKS next-hop-self
 neighbor PG_BGP_SPOKE_PF_AKS soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_AKS route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_MZH peer-group
 neighbor PG_BGP_SPOKE_VST_MZH remote-as 64542
 neighbor PG_BGP_SPOKE_VST_MZH soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_MZH route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KM peer-group
 neighbor PG_BGP_SPOKE_KM remote-as 64519
 neighbor PG_BGP_SPOKE_KM next-hop-self all
 neighbor PG_BGP_SPOKE_KM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KM route-map RM_KOMOS_MEDIA_IN in
 neighbor PG_BGP_SPOKE_KM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_MK peer-group
 neighbor PG_BGP_SPOKE_MK remote-as 64520
 neighbor PG_BGP_SPOKE_MK next-hop-self all
 neighbor PG_BGP_SPOKE_MK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_MK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PHK peer-group
 neighbor PG_BGP_SPOKE_PHK remote-as 64517
 neighbor PG_BGP_SPOKE_PHK next-hop-self all
 neighbor PG_BGP_SPOKE_PHK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PHK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_SRM peer-group
 neighbor PG_BGP_SPOKE_SRM remote-as 64518
 neighbor PG_BGP_SPOKE_SRM next-hop-self all
 neighbor PG_BGP_SPOKE_SRM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_SRM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_GMK peer-group
 neighbor PG_BGP_SPOKE_GMK remote-as 64514
 neighbor PG_BGP_SPOKE_GMK next-hop-self all
 neighbor PG_BGP_SPOKE_GMK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_GMK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KZS peer-group
 neighbor PG_BGP_SPOKE_KZS remote-as 64515
 neighbor PG_BGP_SPOKE_KZS next-hop-self all
 neighbor PG_BGP_SPOKE_KZS soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KZS route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_IZM peer-group
 neighbor PG_BGP_SPOKE_IZM remote-as 64512
 neighbor PG_BGP_SPOKE_IZM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_IZM weight 500
 neighbor PG_BGP_SPOKE_IZM route-map RM_TO_MILKON_MAIN_OUT out
 neighbor PG_BGP_KLS peer-group
 neighbor PG_BGP_KLS remote-as 65506
 neighbor PG_BGP_KLS next-hop-self all
 neighbor PG_BGP_KLS soft-reconfiguration inbound
 neighbor PG_BGP_KLS route-map RM_SPOKE_OUT out
 neighbor PG_BGP_KUMK peer-group
 neighbor PG_BGP_KUMK remote-as 65504
 neighbor PG_BGP_KUMK next-hop-self all
 neighbor PG_BGP_KUMK soft-reconfiguration inbound
 neighbor PG_BGP_KUMK route-map RM_BGP_KUMK_IN in
 neighbor PG_BGP_KUMK route-map RM_SPOKE_OUT out
 neighbor 10.1.50.2 peer-group PG_BGP_KUMK
 neighbor 10.1.50.2 description KGR-KUMK-B12-RT-1-1
 neighbor 10.1.50.14 peer-group PG_BGP_KUMK
 neighbor 10.1.50.14 description PRM-KUMK-CH9-RT-1-1
 neighbor 10.1.50.34 peer-group PG_BGP_KLS
 neighbor 172.30.1.1 peer-group PG_BGP_SPOKE_IZM
 neighbor 172.30.1.2 peer-group PG_BGP_SPOKE_IZM
 neighbor 172.30.2.5 peer-group PG_BGP_SPOKE_GMK
 neighbor 172.30.2.6 peer-group PG_BGP_SPOKE_GMK
 neighbor 172.30.2.7 peer-group PG_BGP_SPOKE_KZS
 neighbor 172.30.2.8 peer-group PG_BGP_SPOKE_KZS
 neighbor 172.30.2.9 peer-group PG_BGP_SPOKE_KMK
 neighbor 172.30.2.10 peer-group PG_BGP_SPOKE_KMK
 neighbor 172.30.2.10 weight 500
 neighbor 172.30.2.10 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.11 peer-group PG_BGP_SPOKE_PHK
 neighbor 172.30.2.12 peer-group PG_BGP_SPOKE_PHK
 neighbor 172.30.2.13 peer-group PG_BGP_SPOKE_SRM
 neighbor 172.30.2.14 peer-group PG_BGP_SPOKE_SRM
 neighbor 172.30.2.15 peer-group PG_BGP_SPOKE_KM
 neighbor 172.30.2.16 peer-group PG_BGP_SPOKE_KM
 neighbor 172.30.2.17 peer-group PG_BGP_SPOKE_MK
 neighbor 172.30.2.19 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
 neighbor 172.30.2.19 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.20 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
 neighbor 172.30.2.21 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
 neighbor 172.30.2.21 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.22 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
 neighbor 172.30.2.23 peer-group PG_BGP_SPOKE_PF_DC
 neighbor 172.30.2.24 peer-group PG_BGP_SPOKE_PF_DC
 neighbor 172.30.2.25 peer-group PG_BGP_SPOKE_PF_GLAZOV
 neighbor 172.30.2.26 peer-group PG_BGP_SPOKE_PF_GLAZOV
 neighbor 172.30.2.27 peer-group PG_BGP_SPOKE_PF_VARAKSINO
 neighbor 172.30.2.28 peer-group PG_BGP_SPOKE_PF_VARAKSINO
 neighbor 172.30.2.29 peer-group PG_BGP_SPOKE_PF_IZHEVSK
 neighbor 172.30.2.30 peer-group PG_BGP_SPOKE_PF_IZHEVSK
 neighbor 172.30.2.31 peer-group PG_BGP_SPOKE_PF_VOTKINSK
 neighbor 172.30.2.31 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.32 peer-group PG_BGP_SPOKE_PF_VOTKINSK
 neighbor 172.30.2.33 peer-group PG_BGP_SPOKE_PF_KAZAN
 neighbor 172.30.2.34 peer-group PG_BGP_SPOKE_PF_KAZAN
 neighbor 172.30.2.35 peer-group PG_BGP_SPOKE_PF_PERM
 neighbor 172.30.2.36 peer-group PG_BGP_SPOKE_PF_PERM
 neighbor 172.30.2.37 peer-group PG_BGP_SPOKE_KG_MOSCOW
 neighbor 172.30.2.37 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.38 peer-group PG_BGP_SPOKE_KG_MOSCOW
 neighbor 172.30.2.39 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
 neighbor 172.30.2.40 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
 neighbor 172.30.2.41 peer-group PG_BGP_SPOKE_MLK_CHELYABINSK
 neighbor 172.30.2.43 peer-group PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA
 neighbor 172.30.2.44 peer-group PG_BGP_SPOKE_KG_EKATERINBURG
 neighbor 172.30.2.45 peer-group PG_BGP_SPOKE_KG_GKZ
 neighbor 172.30.2.46 peer-group PG_BGP_SPOKE_KG_GKZ
 neighbor 172.30.2.47 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
 neighbor 172.30.2.48 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
 neighbor 172.30.2.49 peer-group PG_BGP_SPOKE_TZK_KRYLATSKIY
 neighbor 172.30.2.50 peer-group PG_BGP_SPOKE_VST_IZM
 neighbor 172.30.2.51 peer-group PG_BGP_SPOKE_VST_IZM
 neighbor 172.30.2.52 peer-group PG_BGP_SPOKE_VST_ITL
 neighbor 172.30.2.53 peer-group PG_BGP_SPOKE_VST_ITL
 neighbor 172.30.2.54 peer-group PG_BGP_SPOKE_VST_KIA
 neighbor 172.30.2.55 peer-group PG_BGP_SPOKE_VST_KIA
 neighbor 172.30.2.55 route-map RM_MTS_LP in
 neighbor 172.30.2.56 peer-group PG_BGP_SPOKE_VST_BBN
 neighbor 172.30.2.57 peer-group PG_BGP_SPOKE_VST_BBN
 neighbor 172.30.2.58 peer-group PG_BGP_SPOKE_VST_MZH
 neighbor 172.30.2.59 peer-group PG_BGP_SPOKE_VST_MZH
 neighbor 172.30.2.60 peer-group PG_BGP_SPOKE_VST_SMK
 neighbor 172.30.2.61 peer-group PG_BGP_SPOKE_VST_SMK
 neighbor 172.30.2.61 route-map RM_MTS_LP in
 neighbor 172.30.2.62 peer-group PG_BGP_SPOKE_VST_KGB
 neighbor 172.30.2.63 peer-group PG_BGP_SPOKE_VST_KGB
 neighbor 172.30.2.63 route-map RM_MTS_LP in
 neighbor 172.30.2.64 peer-group PG_BGP_SPOKE_VST_KNK
 neighbor 172.30.2.65 peer-group PG_BGP_SPOKE_TMA_SHM
 neighbor 172.30.2.66 peer-group PG_BGP_SPOKE_TMA_SHM
 neighbor 172.30.2.67 peer-group PG_BGP_SPOKE_TMA_EVL
 neighbor 172.30.2.68 peer-group PG_BGP_SPOKE_TMA_KIB
 neighbor 172.30.2.69 peer-group PG_BGP_SPOKE_TMA_MSB
 neighbor 172.30.2.70 peer-group PG_BGP_SPOKE_KOMOS_ENERGY
 neighbor 172.30.2.73 peer-group PG_BGP_SPOKE_KG_SPB
 neighbor 172.30.2.74 peer-group PG_BGP_SPOKE_PF_AKS
 neighbor 172.30.2.75 peer-group PG_BGP_SPOKE_PF_AKS
 neighbor 172.30.2.76 remote-as 64556
 neighbor 172.30.2.76 next-hop-self all
 neighbor 172.30.2.76 soft-reconfiguration inbound
 neighbor 172.30.2.76 route-map RM_SPOKE_OUT out
 neighbor 172.30.30.42 remote-as 64513
 neighbor 172.30.30.42 next-hop-self all
 neighbor 172.30.30.42 soft-reconfiguration inbound
 neighbor 172.30.30.46 remote-as 64513
 neighbor 172.30.30.46 next-hop-self all
 neighbor 172.30.30.46 soft-reconfiguration inbound
 distance bgp 150 150 150
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
ip route 0.0.0.0 0.0.0.0 5.227.124.1
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.1.254.254 name --Default_Gateway_for_Management--
ip route vrf TUN 0.0.0.0 0.0.0.0 91.240.179.254 100 name GW_VRF
!
ip bgp-community new-format
!
!
ip prefix-list IN_FROM_KOMOS_MEDIA seq 10 permit 10.14.7.0/24
!
ip prefix-list IN_FROM_PS_GLAZOV seq 10 permit 10.2.3.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 20 permit 172.16.3.0/29
ip prefix-list IN_FROM_PS_GLAZOV seq 30 permit 10.5.30.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 40 permit 192.168.31.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 50 permit 192.168.32.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 60 permit 192.168.33.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 70 permit 192.168.34.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 80 permit 192.168.36.0/25
!
ip prefix-list IN_FROM_PS_KAZAN seq 10 permit 10.2.8.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 20 permit 172.16.8.0/29
ip prefix-list IN_FROM_PS_KAZAN seq 30 permit 10.200.1.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 40 permit 192.168.70.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 50 permit 192.168.72.0/22
ip prefix-list IN_FROM_PS_KAZAN seq 60 permit 192.168.76.0/25
ip prefix-list IN_FROM_PS_KAZAN seq 70 permit 192.168.77.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 80 permit 192.168.78.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 90 permit 10.5.62.0/24
!
ip prefix-list IN_FROM_PS_KEZ seq 10 permit 10.2.10.0/24
ip prefix-list IN_FROM_PS_KEZ seq 20 permit 10.5.95.0/29
ip prefix-list IN_FROM_PS_KEZ seq 30 permit 10.5.94.0/24
ip prefix-list IN_FROM_PS_KEZ seq 40 permit 10.200.3.0/24
ip prefix-list IN_FROM_PS_KEZ seq 50 permit 192.168.20.0/24
ip prefix-list IN_FROM_PS_KEZ seq 60 permit 192.168.22.0/24
ip prefix-list IN_FROM_PS_KEZ seq 70 permit 192.168.23.0/24
ip prefix-list IN_FROM_PS_KEZ seq 80 permit 192.168.25.0/24
ip prefix-list IN_FROM_PS_KEZ seq 90 permit 192.168.26.0/25
!
ip prefix-list IN_FROM_PS_PERM seq 10 permit 10.2.5.0/24
ip prefix-list IN_FROM_PS_PERM seq 20 permit 10.10.250.252/30
ip prefix-list IN_FROM_PS_PERM seq 30 permit 172.16.5.0/29
ip prefix-list IN_FROM_PS_PERM seq 40 permit 192.168.48.0/22
ip prefix-list IN_FROM_PS_PERM seq 50 permit 192.168.53.0/24
ip prefix-list IN_FROM_PS_PERM seq 60 permit 10.5.126.0/24
!
ip prefix-list IN_FROM_PS_SARAPUL seq 10 permit 10.2.4.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 20 permit 172.16.4.0/29
ip prefix-list IN_FROM_PS_SARAPUL seq 30 permit 10.5.158.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 40 permit 192.168.10.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 50 permit 192.168.11.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 60 permit 192.168.12.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 70 permit 192.168.13.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 80 permit 192.168.14.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 90 permit 192.168.15.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 100 permit 192.168.16.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 110 permit 192.168.19.0/25
ip prefix-list IN_FROM_PS_SARAPUL seq 120 permit 10.5.157.0/24
!
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 10 permit 192.168.8.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 20 permit 192.168.9.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 30 permit 192.168.110.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 40 permit 10.4.0.0/16
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_KOMOS_MEDIA seq 10 permit 10.1.19.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 20 permit 10.1.15.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 30 permit 10.0.0.0/14
ip prefix-list OUT_TO_KOMOS_MEDIA seq 40 permit 192.168.0.0/22
ip prefix-list OUT_TO_KOMOS_MEDIA seq 50 permit 10.4.24.0/21
ip prefix-list OUT_TO_KOMOS_MEDIA seq 60 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_MEAT_COMPANY seq 10 permit 192.168.0.0/22
ip prefix-list OUT_TO_MEAT_COMPANY seq 20 permit 10.1.19.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 30 permit 10.1.15.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 40 permit 10.14.7.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list PFL_ROUTE_TO_MLK seq 5 permit 10.1.20.131/32
ip prefix-list PFL_ROUTE_TO_MLK seq 10 permit 10.0.0.0/14 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 20 permit 10.14.24.0/21 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 30 permit 172.31.2.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 40 permit 192.168.0.0/22
ip prefix-list PFL_ROUTE_TO_MLK seq 50 permit 10.14.17.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 60 permit 10.14.52.0/22
!
ip prefix-list PL_DF_GW seq 5 permit 0.0.0.0/0
ip prefix-list PL_DF_GW seq 10 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_KUMK_IN seq 5 permit 10.12.252.0/22
ip prefix-list PL_KUMK_IN seq 10 permit 10.12.0.0/17
!
ip prefix-list PL_REDIS_CONN seq 5 permit 10.1.50.0/24 le 30
!
ip access-list extended ACL-DMVPN_TRAFFIC_KOM
 permit ip any any
 permit tcp any any eq 22
 permit icmp any any
 permit gre any any
 permit udp any any eq isakmp
 permit esp any any
 permit eigrp any any
ip access-list extended ACL-WAN_TO_SELF_KOM
 permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
 permit icmp any any unreachable
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 permit icmp any any administratively-prohibited
 permit icmp any any echo
 deny   ip any any
ip access-list extended ACL_KUMK_IN
 deny   tcp any any eq 445
 permit ip 10.1.50.0 0.0.0.255 10.1.50.0 0.0.0.255
 permit ip any 10.12.0.0 0.0.255.255
 permit ip host 10.1.50.2 host 10.1.50.1
 permit icmp 10.12.1.0 0.0.0.255 any
 permit icmp 10.12.0.0 0.0.0.255 any
 permit ip 10.12.1.0 0.0.0.255 host 10.1.9.207
 permit ip 10.12.1.0 0.0.0.255 host 192.168.8.137
 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.43
 permit ip 10.12.0.0 0.0.0.255 host 10.4.0.214
 permit ip host 10.12.0.254 any
 permit ip 10.12.0.0 0.0.127.255 10.12.252.0 0.0.3.255
 permit ip 10.12.252.0 0.0.3.255 10.12.0.0 0.0.127.255
 permit ip host 172.30.31.2 host 172.30.31.1
 permit ip host 10.12.252.254 any
 permit tcp any any eq domain
 permit udp any any eq domain
 permit ip any host 10.1.8.14
 permit icmp any any
 permit ip any host 10.1.9.207
 permit ip any host 10.4.0.214
 permit ip 10.12.4.0 0.0.0.255 any
 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.14
 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.15
 permit ip any host 10.4.0.15
 permit ip any host 10.4.0.14
 permit tcp any any eq 8291
ip access-list extended ACL_QOS_Q1
 remark WEB Internet
 permit tcp any any eq www 443 8443
 permit tcp any eq www 443 8443 any
 remark Samba
 permit tcp any any eq 445
 permit tcp any eq 445 any
ip access-list extended ACL_QOS_Q2
 remark 1C
 permit tcp any any range 1560 1591
 permit tcp any any eq 1540 1541
 permit tcp any range 1560 1591 any
 permit tcp any eq 1540 1541 any
 remark SQL
 permit udp any any eq 1433
 permit tcp any any eq 1433
 permit udp any eq 1433 any
 permit tcp any eq 1433 any
 remark WEB Local
 permit tcp any 10.0.0.0 0.255.255.255 eq www 443 8443
 permit tcp any 192.168.0.0 0.0.255.255 eq www 443 8443
 permit tcp any 172.16.0.0 0.15.255.255 eq www 443 8443
 permit tcp 10.0.0.0 0.255.255.255 eq www 443 8443 any
 permit tcp 192.168.0.0 0.0.255.255 eq www 443 8443 any
 permit tcp 172.16.0.0 0.15.255.255 eq www 443 8443 any
ip access-list extended ACL_QOS_Q3
 remark SIP
 permit udp any any eq 5060 5061
 permit udp any eq 5060 5061 any
 remark RDP
 permit tcp any any eq 3389
 permit tcp any eq 3389 any
 permit udp any any eq 3389
 permit udp any eq 3389 any
 remark SSH
 permit tcp any any eq 22
 permit tcp any eq 22 any
 remark Winbox
 permit tcp any any eq 8291
 permit tcp any eq 8291 any
ip access-list extended ACL_QOS_Q4
 remark TEAMS + Confirence and other + Telegram
ip access-list extended ACL_QOS_Q5
 remark RTP trafic
 permit udp any range 10000 20000 host 172.17.100.1 range 10000 20000
 permit udp host 172.17.100.1 range 10000 20000 any range 10000 20000
 permit udp any range 10000 20000 host 10.4.7.17 range 10000 20000
 permit udp host 10.4.7.17 range 10000 20000 any range 10000 20000
 remark DNS
 permit udp any any eq domain
 permit tcp any any eq domain
 permit udp any eq domain any
 permit tcp any eq domain any
 remark NTP
 permit udp any any eq ntp
 remark LDAP
 permit udp any any eq 389 88
 permit tcp any any eq 389 88
 permit udp any eq 389 88 any
 permit tcp any eq 389 88 any
ip access-list extended Access_VTY
 permit icmp any any
 permit tcp 10.0.0.0 0.255.255.255 eq 22 any
 permit tcp 192.168.0.0 0.0.255.255 eq 22 any
 permit tcp 172.0.0.0 0.16.255.255 eq 22 any
 deny   ip any any
kron occurrence EveryDay at 1:00 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging origin-id hostname
logging source-interface GigabitEthernet0/0/1.100
logging host 10.4.244.4 transport udp port 515
!
!
route-map RM_KEZ_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_BGP_KUMK_IN permit 10 
 match ip address prefix-list PL_KUMK_IN
!
route-map RM_KAZAN_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_GLAZOV_IN permit 20 
 match ip address prefix-list IN_FROM_PS_GLAZOV
!
route-map RM_PERM_IN permit 20 
 match ip address prefix-list IN_FROM_PS_PERM
!
route-map RM_SPOKE_OUT deny 10 
 match ip address prefix-list PL_DF_GW
!
route-map RM_SPOKE_OUT permit 20 
!
route-map RM_SARAPUL_OUT permit 20 
 match ip address prefix-list OUT_ALL_PS_MILKOM
!
route-map RM_KOMOS_MEDIA_OUT permit 10 
 match ip address prefix-list OUT_TO_KOMOS_MEDIA
!
route-map RM_BGP_FROM_SPOKE permit 10 
 set local-preference 1000
!
route-map RM_TO_MILKON_MAIN_OUT permit 20 
 match ip address prefix-list PFL_ROUTE_TO_MLK
!
route-map RM_KAZAN_IN permit 20 
 match ip address prefix-list IN_FROM_PS_KAZAN
!
route-map RM_MTS_LP permit 20 
 set local-preference 1000
!
route-map RM_KEZ_IN permit 20 
 match ip address prefix-list IN_FROM_PS_KEZ
!
route-map RM_SARAPUL_IN permit 20 
 match ip address prefix-list IN_FROM_PS_SARAPUL
!
route-map RM_MEAT_COMPANY_OUT permit 10 
 match ip address prefix-list OUT_TO_MEAT_COMPANY
!
route-map RM_KOMOS_MEDIA_IN permit 10 
 match ip address prefix-list IN_FROM_KOMOS_MEDIA
!
route-map RM_GLAZOV_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_REDIS_CONN permit 10 
 match ip address prefix-list PL_REDIS_CONN
!
route-map RM_PERM_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv 
!
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
!
control-plane
!
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
alias exec q exit
alias exec sib sh ip int brief
!
line con 0
 login authentication CONSOLE
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 login authentication NPS
 length 0
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 login authentication NPS
 transport input ssh
!
ntp server 10.1.8.1
ntp server 10.1.8.2
!
!
!
!
!
end