Building configuration...


Current configuration : 47041 bytes
!
! Last configuration change at 11:03:10 IZH Tue Jul 19 2022 by adm_kapustinal
! NVRAM config last updated at 01:00:00 IZH Thu Jul 28 2022
!
version 16.9
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
service unsupported-transceiver
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 1000000
!
hostname IZH-KG-P11-RT-1-4
!
boot-start-marker
boot system flash isr4400-universalk9.16.09.04.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 65536
enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1
!
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip vrf forwarding Mgmt-intf
 ip radius source-interface GigabitEthernet0
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone IZH 4 0
!
ip host tftp 10.4.0.214
no ip domain lookup
ip domain name komos.ru
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
! 
! 
! 
! 
!
multilink bundle-name authenticated
!
flow exporter FLOW_EXPORTER_NTOP
 destination 10.4.0.215
 source GigabitEthernet0/0/1.551
 transport udp 9995
 export-protocol netflow-v5
!
!
flow exporter FLOW_EXPORTER_CISCO
 destination 10.4.0.217
 source GigabitEthernet0/0/1.551
 transport udp 9995
 export-protocol netflow-v5
!
!
flow monitor FLOW_MONITOR_INPUT
 description input
 exporter FLOW_EXPORTER_CISCO
 cache timeout inactive 10
 cache timeout active 60
 record netflow ipv4 original-input
!
!
flow monitor FLOW_MONITOR_OUTPUT
 description output
 exporter FLOW_EXPORTER_CISCO
 cache timeout inactive 10
 cache timeout active 60
 record netflow ipv4 original-output
!
!
!
!
crypto pki trustpoint TP-self-signed-2363434832
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2363434832
 revocation-check none
 rsakeypair TP-self-signed-2363434832
!
!
crypto pki certificate chain TP-self-signed-2363434832
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32333633 34333438 3332301E 170D3139 30393034 31303437 
  32385A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33363334 
  33343833 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 
  0A028201 0100CE13 360EE118 1FD80BA9 3A3B82FA BFF8353C AA5EC046 1A53D50D 
  3144AFF4 6A263B2E D519E509 A0979C8F 2CE57BDB CF71B52F 2B2A9674 780128EC 
  A2035953 4A7AAC91 DE35D974 8B06245E DB302B23 73EF3CD1 EC9B666D BEDBF006 
  57E3D140 A6E3ACFD 1D1F127A 97588ED0 D8881EBE 4FD78D02 0C512804 8831E31B 
  96D0987E 8B95B976 532B3FF0 D1BC5D57 B4F72477 AA62F439 7EE8192F E697C9CE 
  6C1E1569 425AB397 5551B1AC 824523CC 3FFD55F6 068C4A44 C6EB095F CF70FAB1 
  71FF6633 1247D83E 6A9140EF B9C87E4F 6C5C2A16 10ED10D1 47CEEFD2 507DE555 
  453E7E56 EA37BB43 68BA1C81 3C693B71 653B8898 1A26385E 0AB6E054 908ED99D 
  6EF5930A 538B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 
  301F0603 551D2304 18301680 1438E369 59FC92BA 8DED2B12 C8B1DAD4 C1758151 
  1F301D06 03551D0E 04160414 38E36959 FC92BA8D ED2B12C8 B1DAD4C1 7581511F 
  300D0609 2A864886 F70D0101 05050003 82010100 5ABB039B 0150A35A 7A83A051 
  83BC6BB7 067D491F 3B7196A6 5848F3A5 C321D8C4 AF46F22E 3A1A6216 A1E18FFB 
  8D91FE67 101605FC DAF618FE C40E954E BDF6CCAF A109E140 364372FF 7C1BF3B6 
  64EDE796 B7A9CFBC D5BB240F 291F609F FB4A4AF4 081F027A 4C95EF59 1155384D 
  7F5389D5 02A273BB 17791B34 171DEBB1 ECF3C34F 130E70AB 038DD10C 2280D550 
  A8156BE5 0B8B0749 2BBF815E 45C9B806 4E522325 80FA3C10 C0CE29EA F9D21591 
  B3F28070 3D7E4CFE FE213BB0 E5C4D9C3 1181BC0D 64C09068 658F317A 51429A86 
  126AC059 90B475CB EEF13495 1F8D534A 8769D760 C8A86CCE 59F681F7 FF56BCCD 
  4B56CF93 8775F5A1 57C725F5 CE5DDCAC BE32F63D
  	quit
!
license udi pid ISR4431/K9 sn FOC23172U6P
license boot level securityk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf
 write-memory
 time-period 10080
!
!
!
!
!
object-group network OBJ_BBN_RN_BBN 
 host 85.140.32.104
 host 78.85.13.205
!
object-group network OBJ_BEECLOUD 
 host 82.142.146.70
!
object-group network OBJ_IZH_MLK_IZM 
 host 85.140.32.27
 host 78.85.13.42
 host 5.227.126.169
 host 31.173.105.54
 host 217.14.195.253
 host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11 
 91.240.179.0 255.255.255.0
 host 5.227.124.143
 host 78.85.13.93
 host 62.141.96.126
 host 84.201.247.190
 host 88.80.33.50
 host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM 
 host 5.227.124.82
 host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44 
 host 212.46.204.74
 host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48 
 host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR 
 host 87.249.239.226
 host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK 
 host 185.62.195.150
 host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK 
 host 31.173.105.62
 host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK 
 host 83.69.126.54
 host 94.180.253.210
 host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS 
 host 31.173.105.66
 host 78.85.13.52
 host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK 
 host 178.47.128.18
 host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM 
 host 31.173.105.58
 host 78.85.13.53
 host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK 
 host 37.113.128.241
 host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ 
 host 78.85.13.94
 host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA 
 host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK 
 host 78.25.80.134
 host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17 
 host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI 
 host 78.85.15.85
 host 84.201.247.24
 host 79.175.36.97
 host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB 
 host 62.168.232.182
 host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56 
 host 83.143.54.246
 host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM 
 host 85.140.32.177
 host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF 
 host 95.215.208.234
 host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF 
 host 85.140.32.141
 host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV 
 host 85.140.32.178
 host 94.181.119.90
 host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF 
 host 78.85.13.118
 host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF 
 host 178.47.130.10
 host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF 
 host 178.205.241.114
 host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL 
 host 5.227.124.130
 host 78.85.34.99
 host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH 
 host 88.80.33.250
 host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA 
 host 85.140.32.24
 host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB 
 host 78.85.37.88
 host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK 
 host 78.85.19.93
 host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK 
 host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM 
 host 89.232.91.106
 host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB 
 host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL 
 host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB 
 host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61 
 host 84.201.247.32
 host 88.80.33.194
!
object-group network OBJ_YAN_GKZ_YEL 
 host 77.94.97.222
!
object-group network OBJ_KUN_KMK_B2 
 94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80 
 host 178.161.207.26
 host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9 
 host 178.47.128.98
 host 194.150.90.20
 host 194.150.91.170
!
object-group network OBJ_KGB_RN_KGB 
 host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH 
 host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI 
 host 78.85.13.167
!
object-group network OBJ_URN_RN_URN 
 host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM 
 host 88.80.32.230
 host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG 
 host 95.215.208.240
 host 146.120.104.235
 host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21 
 host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP 
 host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK 
 host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17 
 host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17 
 85.140.32.64 255.255.255.252
 host 85.140.32.63
 host 85.140.32.68
!
object-group network OBJ_IZH_VST_VS298 
 host 91.144.167.3
 host 178.176.100.154
!
object-group network OBJ_SPB_KG_SPB 
 host 94.72.27.43
 host 62.141.114.190
!
object-group network OBJ_IZH_VRS_AKS 
 host 5.227.124.50
 host 87.249.233.80
!
object-group network OBJ_CLOUD_RT 
 host 195.19.101.162
!
object-group network OBJ_IZH_KI_VOR158 
 host 46.147.130.59
 host 5.227.125.126
!
object-group network OBJ_BRANCHES 
 group-object OBJ_IZH_MLK_IZM
 group-object OBJ_IZH_KG_P11
 group-object OBJ_IZH_VST_IZM
 group-object OBJ_IZH_TK_M44
 group-object OBJ_IZH_TK_M48
 group-object OBJ_IZH_TK_SMR
 group-object OBJ_MSK_KG_MSK
 group-object OBJ_GLZ_MLK_GMK
 group-object OBJ_KZN_MLK_KMK
 group-object OBJ_KEZ_MLK_KZS
 group-object OBJ_PRM_MLK_PHK
 group-object OBJ_SAR_MLK_SRM
 group-object OBJ_CLB_MLK_CMK
 group-object OBJ_BBN_RN_BBN
 group-object OBJ_GLZ_GKZ_GKZ
 group-object OBJ_KIA_RN_KIA
 group-object OBJ_IZH_TZK_TZK
 group-object OBJ_IZH_MK_VS17
 group-object OBJ_IZH_KL_KLI
 group-object OBJ_EKB_KG_EKB
 group-object OBJ_IZH_KEN_VS56
 group-object OBJ_IZH_VRS_IZM
 group-object OBJ_GLZ_VRS_UPF
 group-object OBJ_IZH_VRS_IPF
 group-object OBJ_IZH_VRS_PFV
 group-object OBJ_VOT_VRS_VPF
 group-object OBJ_PRM_VRS_MPF
 group-object OBJ_LAI_VRS_DPF
 group-object OBJ_ITL_VST_ITL
 group-object OBJ_MZH_VST_MZH
 group-object OBJ_KIA_VST_KIA
 group-object OBJ_KGB_VST_KBB
 group-object OBJ_SAR_VST_SMK
 group-object OBJ_KNK_VST_KMK
 group-object OBJ_SHM_TMA_SHM
 group-object OBJ_MSB_TMA_MSB
 group-object OBJ_EVL_TMA_EVL
 group-object OBJ_KIB_TMA_KIB
 group-object OBJ_IZH_KM_S61
 group-object OBJ_YAN_GKZ_YEL
 group-object OBJ_KUN_KMK_B2
 group-object OBJ_KUN_KMK_H80
 group-object OBJ_KUN_KMK_CH9
 group-object OBJ_KGB_RN_KGB
 group-object OBJ_NCH_RN_NCH
 group-object OBJ_PRI_RN_PRI
 group-object OBJ_URN_RN_URN
 group-object OBJ_MZH_TK_TKM
 group-object OBJ_GLZ_TK_TKG
 group-object OBJ_IZH_TK_M21
 group-object OBJ_IZH_HLA_PP
 group-object OBJ_IZH_HLA_UHK
 group-object OBJ_IZH_VD_VS17
 group-object OBJ_IZH_KS_H17
 group-object OBJ_IZH_VST_VS298
 group-object OBJ_SPB_KG_SPB
 group-object OBJ_IZH_VRS_AKS
 group-object OBJ_CLOUD_RT
 group-object OBJ_IZH_KI_VOR158
!
object-group network STATIC_ISP_IP 
 host 78.85.13.93
 host 195.239.120.225
!
!
!
username netadmin privilege 15 secret 5 $1$Wk4d$y8WZdYo4LIMHBGEMNyDCb0
!
redundancy
 mode none
!
!
!
!
!
!
!
class-map match-any CM_QOS_Q2
 match access-group name ACL_QOS_Q2
class-map match-any CM_QOS_Q3
 match access-group name ACL_QOS_Q3
class-map match-any CM_QOS_Q1
 match access-group name ACL_QOS_Q1
class-map match-any CM_QOS_Q4
 match access-group name ACL_QOS_Q4
class-map match-any CM_QOS_Q5
 match access-group name ACL_QOS_Q5
class-map type inspect match-any CM-LAN_TO_WAN_KOM
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all CM-WAN_TO_LAN_KOM
 match access-group name ACL-WAN_TO_LAN_KOM
class-map type inspect match-all CM-WAN_TO_SELF_KOM
 match access-group name ACL-WAN_TO_SELF_KOM
class-map type inspect match-all CM-DMVPN_KOM
 match access-group name ACL-DMVPN_TRAFFIC_KOM
!
policy-map type inspect PM-DMVPN_KOM
 class type inspect CM-DMVPN_KOM
  pass
 class class-default
  drop
policy-map type inspect PM-SELF_TO_WAN_KOM
 description :: ALL TRAFIC FROM ROUTER ALLOWED TO WAN
 class class-default
  pass
policy-map type inspect PM-ALLPASS_KOM
 class class-default
  pass
policy-map PM_QOS_IN
 class CM_QOS_Q5
  set ip dscp cs5
 class CM_QOS_Q4
  set ip dscp cs4
 class CM_QOS_Q3
  set ip dscp cs3
 class CM_QOS_Q2
  set ip dscp cs2
 class CM_QOS_Q1
  set ip dscp cs1
 class class-default
  set ip dscp default
policy-map type inspect PM-WAN_TO_SELF_KOM
 class type inspect CM-WAN_TO_SELF_KOM
  pass
 class class-default
  drop
policy-map type inspect PM-WAN_TO_LAN_KOM
 class type inspect CM-WAN_TO_LAN_KOM
  inspect
 class class-default
  drop
policy-map type inspect PM-LAN_TO_WAN_KOM
 class type inspect CM-LAN_TO_WAN_KOM
  inspect
 class class-default
  drop
!
zone security LAN
zone security WAN
zone security DMVPN
zone security MGMT
 description Management Network Equipment
zone-pair security ZP-DMVPN_TO_SELF_KOM source DMVPN destination self
 service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-LAN_TO_DMVPN_KOM source LAN destination DMVPN
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_SELF_KOM source LAN destination self
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_WAN_KOM source LAN destination WAN
 service-policy type inspect PM-LAN_TO_WAN_KOM
zone-pair security ZP-MGMT_TO_SELF source MGMT destination self
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_TO_MGMT source self destination MGMT
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_DMVPN_KOM source self destination DMVPN
 service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-SELF_to_LAN_KOM source self destination LAN
 service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_WAN_KOM source self destination WAN
 service-policy type inspect PM-SELF_TO_WAN_KOM
zone-pair security ZP-WAN_to_LAN_KOM source WAN destination LAN
 service-policy type inspect PM-WAN_TO_LAN_KOM
zone-pair security ZP-WAN_to_SELF_KOM source WAN destination self
 service-policy type inspect PM-WAN_TO_SELF_KOM
zone-pair security ZP_DMVPN_TO_LAN_KOM source DMVPN destination LAN
 service-policy type inspect PM-ALLPASS_KOM
! 
!
!
!
!
crypto isakmp policy 150
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp policy 160
 encr aes 256
 authentication pre-share
 group 14
crypto isakmp key F5BfdOazun4M address 82.142.146.70  
crypto isakmp key mlk20kom19 address 0.0.0.0         no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
crypto ipsec security-association replay disable
!
crypto ipsec transform-set TS_DMVPN esp-aes esp-sha-hmac 
 mode transport
crypto ipsec transform-set TS-BEECLOUD esp-aes 256 esp-sha-hmac 
 mode transport
!
crypto ipsec profile BEECLOUD
 set transform-set TS-BEECLOUD 
 set pfs group14
!
crypto ipsec profile IPSEC_DMVPN
 description -==SPOKE to SITE DMVPN IPSec GRE Profile ==-
 set transform-set TS_DMVPN 
!
!
!
!
!
!
!
!
!
! 
! 
!
!
interface Loopback9999
 ip address 10.1.255.1 255.255.255.0
!
interface Tunnel103
 description BeeCLOUD
 ip address 10.1.50.13 255.255.255.252
 no ip redirects
 ip mtu 1400
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0/2
 tunnel mode ipsec ipv4
 tunnel destination 82.142.146.70
 tunnel protection ipsec profile BEECLOUD
!
interface Tunnel1001
 description DMVPN_SPOKE2_Cloud1
 bandwidth 100000
 ip address 172.30.1.4 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication M_K.Cl01
 ip nhrp map 172.30.1.1 85.140.32.27
 ip nhrp map 172.30.1.2 78.85.13.42
 ip nhrp map multicast 85.140.32.27
 ip nhrp map multicast 78.85.13.42
 ip nhrp network-id 1001
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.1.1
 ip nhrp nhs 172.30.1.2
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0/0.3074
 tunnel mode gre multipoint
 tunnel key 1001
 tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface Tunnel1002
 description DMVPN-HUB2-Cloud2
 bandwidth 100000
 ip address 172.30.2.2 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication M_K.Cl02
 ip nhrp network-id 1002
 ip nhrp holdtime 300
 ip nhrp redirect
 zone-member security DMVPN
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0/0.3074
 tunnel mode gre multipoint
 tunnel key 1002
 tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface GigabitEthernet0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 negotiation auto
!
interface GigabitEthernet0/0/0.3074
 description [ISP-100M] Rostelecom_DMVPN
 bandwidth 100000
 encapsulation dot1Q 3074
 ip address 78.85.13.93 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 zone-member security WAN
!
interface GigabitEthernet0/0/1
 description [CORE] SW-1-2
 no ip address
 negotiation auto
 service-policy input PM_QOS_IN
!
interface GigabitEthernet0/0/1.100
 description MGM
 encapsulation dot1Q 100
 ip address 10.1.1.250 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 zone-member security LAN
!
interface GigabitEthernet0/0/1.551
 description --TRANSIT_HSRP--
 encapsulation dot1Q 551
 ip flow monitor FLOW_MONITOR_INPUT input
 ip flow monitor FLOW_MONITOR_OUTPUT output
 ip address 10.1.239.21 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
!
interface GigabitEthernet0/0/1.598
 description Transit_Network_to_Core
 encapsulation dot1Q 598
 ip flow monitor FLOW_MONITOR_INPUT input
 ip flow monitor FLOW_MONITOR_OUTPUT output
 ip address 172.30.30.42 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 zone-member security LAN
 standby version 2
 standby 598 ip 172.30.30.43
 standby 598 timers 5 15
 standby 598 priority 150
 standby 598 preempt delay minimum 30
 standby 598 authentication BDC_Kom
 standby 598 name HSRP-TRANSIT-VLAN_598
 ip policy route-map GLOBAL_ROUTING
!
interface GigabitEthernet0/0/2
 description [ISP-1G] BeeLine for BEECLOUD
 ip address 195.239.120.225 255.255.255.254
 ip nat outside
 zone-member security WAN
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 10.1.254.253 255.255.255.0
 zone-member security MGMT
 negotiation auto
!
router bgp 64513
 bgp router-id 172.30.30.42
 bgp log-neighbor-changes
 bgp graceful-restart
 timers bgp 10 30
 neighbor TO_MTS_PEERS peer-group
 neighbor TO_MTS_PEERS next-hop-self all
 neighbor TO_MTS_PEERS soft-reconfiguration inbound
 neighbor TO_RT_PEERS peer-group
 neighbor TO_RT_PEERS next-hop-self all
 neighbor TO_RT_PEERS soft-reconfiguration inbound
 neighbor TO_RT_PEERS route-map RM_RT_LP in
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA peer-group
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA remote-as 64521
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA next-hop-self all
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO peer-group
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO remote-as 64522
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO next-hop-self all
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TK_SMIRNOVO route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KMK peer-group
 neighbor PG_BGP_SPOKE_KMK remote-as 64516
 neighbor PG_BGP_SPOKE_KMK next-hop-self all
 neighbor PG_BGP_SPOKE_KMK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KMK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_VOTKINSK peer-group
 neighbor PG_BGP_SPOKE_PF_VOTKINSK remote-as 64527
 neighbor PG_BGP_SPOKE_PF_VOTKINSK next-hop-self all
 neighbor PG_BGP_SPOKE_PF_VOTKINSK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_VOTKINSK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_PERM peer-group
 neighbor PG_BGP_SPOKE_PF_PERM remote-as 64529
 neighbor PG_BGP_SPOKE_PF_PERM next-hop-self all
 neighbor PG_BGP_SPOKE_PF_PERM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_PERM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_IZHEVSK peer-group
 neighbor PG_BGP_SPOKE_PF_IZHEVSK remote-as 64526
 neighbor PG_BGP_SPOKE_PF_IZHEVSK next-hop-self all
 neighbor PG_BGP_SPOKE_PF_IZHEVSK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_IZHEVSK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_KAZAN peer-group
 neighbor PG_BGP_SPOKE_PF_KAZAN remote-as 64528
 neighbor PG_BGP_SPOKE_PF_KAZAN next-hop-self all
 neighbor PG_BGP_SPOKE_PF_KAZAN soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_KAZAN route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_VARAKSINO peer-group
 neighbor PG_BGP_SPOKE_PF_VARAKSINO remote-as 64525
 neighbor PG_BGP_SPOKE_PF_VARAKSINO next-hop-self all
 neighbor PG_BGP_SPOKE_PF_VARAKSINO soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_VARAKSINO route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_GLAZOV peer-group
 neighbor PG_BGP_SPOKE_PF_GLAZOV remote-as 64524
 neighbor PG_BGP_SPOKE_PF_GLAZOV next-hop-self all
 neighbor PG_BGP_SPOKE_PF_GLAZOV soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_GLAZOV route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_DC peer-group
 neighbor PG_BGP_SPOKE_PF_DC remote-as 64523
 neighbor PG_BGP_SPOKE_PF_DC next-hop-self all
 neighbor PG_BGP_SPOKE_PF_DC soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_DC route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_MOSCOW peer-group
 neighbor PG_BGP_SPOKE_KG_MOSCOW remote-as 64530
 neighbor PG_BGP_SPOKE_KG_MOSCOW next-hop-self all
 neighbor PG_BGP_SPOKE_KG_MOSCOW soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_MOSCOW route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA peer-group
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA remote-as 64531
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA next-hop-self all
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA peer-group
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA remote-as 64533
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA next-hop-self all
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG peer-group
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG remote-as 64534
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG next-hop-self all
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_EKATERINBURG route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_GKZ peer-group
 neighbor PG_BGP_SPOKE_KG_GKZ remote-as 64535
 neighbor PG_BGP_SPOKE_KG_GKZ next-hop-self all
 neighbor PG_BGP_SPOKE_KG_GKZ soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_GKZ route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY peer-group
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY remote-as 64537
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY next-hop-self all
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK peer-group
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK remote-as 64532
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK next-hop-self all
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_KIB peer-group
 neighbor PG_BGP_SPOKE_TMA_KIB remote-as 64548
 neighbor PG_BGP_SPOKE_TMA_KIB next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_KIB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_KIB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_EVL peer-group
 neighbor PG_BGP_SPOKE_TMA_EVL remote-as 64547
 neighbor PG_BGP_SPOKE_TMA_EVL next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_EVL soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_EVL route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_MSB peer-group
 neighbor PG_BGP_SPOKE_TMA_MSB remote-as 64549
 neighbor PG_BGP_SPOKE_TMA_MSB next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_MSB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_MSB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_TMA_SHM peer-group
 neighbor PG_BGP_SPOKE_TMA_SHM remote-as 64546
 neighbor PG_BGP_SPOKE_TMA_SHM next-hop-self all
 neighbor PG_BGP_SPOKE_TMA_SHM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_TMA_SHM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY peer-group
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY remote-as 64550
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY next-hop-self all
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KOMOS_ENERGY route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_BBN peer-group
 neighbor PG_BGP_SPOKE_VST_BBN remote-as 64541
 neighbor PG_BGP_SPOKE_VST_BBN next-hop-self all
 neighbor PG_BGP_SPOKE_VST_BBN soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_BBN route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_IZM peer-group
 neighbor PG_BGP_SPOKE_VST_IZM remote-as 64539
 neighbor PG_BGP_SPOKE_VST_IZM next-hop-self all
 neighbor PG_BGP_SPOKE_VST_IZM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_IZM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_SMK peer-group
 neighbor PG_BGP_SPOKE_VST_SMK remote-as 64543
 neighbor PG_BGP_SPOKE_VST_SMK next-hop-self all
 neighbor PG_BGP_SPOKE_VST_SMK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_SMK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_KIA peer-group
 neighbor PG_BGP_SPOKE_VST_KIA remote-as 64540
 neighbor PG_BGP_SPOKE_VST_KIA next-hop-self all
 neighbor PG_BGP_SPOKE_VST_KIA soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_KIA route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_KGB peer-group
 neighbor PG_BGP_SPOKE_VST_KGB remote-as 64544
 neighbor PG_BGP_SPOKE_VST_KGB next-hop-self all
 neighbor PG_BGP_SPOKE_VST_KGB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_KGB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_KNK peer-group
 neighbor PG_BGP_SPOKE_VST_KNK remote-as 64545
 neighbor PG_BGP_SPOKE_VST_KNK next-hop-self all
 neighbor PG_BGP_SPOKE_VST_KNK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_KNK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_ITL peer-group
 neighbor PG_BGP_SPOKE_VST_ITL remote-as 64538
 neighbor PG_BGP_SPOKE_VST_ITL next-hop-self all
 neighbor PG_BGP_SPOKE_VST_ITL soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_ITL route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KG_SPB peer-group
 neighbor PG_BGP_SPOKE_KG_SPB remote-as 64552
 neighbor PG_BGP_SPOKE_KG_SPB next-hop-self
 neighbor PG_BGP_SPOKE_KG_SPB soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KG_SPB route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PF_AKS peer-group
 neighbor PG_BGP_SPOKE_PF_AKS remote-as 64553
 neighbor PG_BGP_SPOKE_PF_AKS next-hop-self
 neighbor PG_BGP_SPOKE_PF_AKS soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PF_AKS route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_VST_MZH peer-group
 neighbor PG_BGP_SPOKE_VST_MZH remote-as 64542
 neighbor PG_BGP_SPOKE_VST_MZH soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_VST_MZH route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_MK peer-group
 neighbor PG_BGP_SPOKE_MK remote-as 64520
 neighbor PG_BGP_SPOKE_MK next-hop-self all
 neighbor PG_BGP_SPOKE_MK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_MK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KM peer-group
 neighbor PG_BGP_SPOKE_KM remote-as 64519
 neighbor PG_BGP_SPOKE_KM next-hop-self all
 neighbor PG_BGP_SPOKE_KM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KM route-map RM_KOMOS_MEDIA_IN in
 neighbor PG_BGP_SPOKE_KM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_SRM peer-group
 neighbor PG_BGP_SPOKE_SRM remote-as 64518
 neighbor PG_BGP_SPOKE_SRM next-hop-self all
 neighbor PG_BGP_SPOKE_SRM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_SRM route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_PHK peer-group
 neighbor PG_BGP_SPOKE_PHK remote-as 64517
 neighbor PG_BGP_SPOKE_PHK next-hop-self all
 neighbor PG_BGP_SPOKE_PHK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_PHK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_KZS peer-group
 neighbor PG_BGP_SPOKE_KZS remote-as 64515
 neighbor PG_BGP_SPOKE_KZS next-hop-self all
 neighbor PG_BGP_SPOKE_KZS soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_KZS route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_GMK peer-group
 neighbor PG_BGP_SPOKE_GMK remote-as 64514
 neighbor PG_BGP_SPOKE_GMK next-hop-self all
 neighbor PG_BGP_SPOKE_GMK soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_GMK route-map RM_SPOKE_OUT out
 neighbor PG_BGP_SPOKE_IZM peer-group
 neighbor PG_BGP_SPOKE_IZM remote-as 64512
 neighbor PG_BGP_SPOKE_IZM soft-reconfiguration inbound
 neighbor PG_BGP_SPOKE_IZM weight 500
 neighbor 10.1.50.14 remote-as 64554
 neighbor 10.1.50.14 soft-reconfiguration inbound
 neighbor 10.1.50.14 route-map RM_FROM_BEECLOUD in
 neighbor 10.1.50.14 route-map RM_SPOKE_OUT out
 neighbor 172.30.1.1 peer-group PG_BGP_SPOKE_IZM
 neighbor 172.30.1.2 peer-group PG_BGP_SPOKE_IZM
 neighbor 172.30.2.5 peer-group PG_BGP_SPOKE_GMK
 neighbor 172.30.2.6 peer-group PG_BGP_SPOKE_GMK
 neighbor 172.30.2.7 peer-group PG_BGP_SPOKE_KZS
 neighbor 172.30.2.8 peer-group PG_BGP_SPOKE_KZS
 neighbor 172.30.2.9 peer-group PG_BGP_SPOKE_KMK
 neighbor 172.30.2.10 peer-group PG_BGP_SPOKE_KMK
 neighbor 172.30.2.11 peer-group PG_BGP_SPOKE_PHK
 neighbor 172.30.2.12 peer-group PG_BGP_SPOKE_PHK
 neighbor 172.30.2.13 peer-group PG_BGP_SPOKE_SRM
 neighbor 172.30.2.14 peer-group PG_BGP_SPOKE_SRM
 neighbor 172.30.2.15 peer-group PG_BGP_SPOKE_KM
 neighbor 172.30.2.16 peer-group PG_BGP_SPOKE_KM
 neighbor 172.30.2.17 peer-group PG_BGP_SPOKE_MK
 neighbor 172.30.2.19 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
 neighbor 172.30.2.19 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.20 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
 neighbor 172.30.2.21 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
 neighbor 172.30.2.21 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.22 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
 neighbor 172.30.2.23 peer-group PG_BGP_SPOKE_PF_DC
 neighbor 172.30.2.24 peer-group PG_BGP_SPOKE_PF_DC
 neighbor 172.30.2.25 peer-group PG_BGP_SPOKE_PF_GLAZOV
 neighbor 172.30.2.26 peer-group PG_BGP_SPOKE_PF_GLAZOV
 neighbor 172.30.2.27 peer-group PG_BGP_SPOKE_PF_VARAKSINO
 neighbor 172.30.2.28 peer-group PG_BGP_SPOKE_PF_VARAKSINO
 neighbor 172.30.2.29 peer-group PG_BGP_SPOKE_PF_IZHEVSK
 neighbor 172.30.2.30 peer-group PG_BGP_SPOKE_PF_IZHEVSK
 neighbor 172.30.2.31 peer-group PG_BGP_SPOKE_PF_VOTKINSK
 neighbor 172.30.2.31 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.32 peer-group PG_BGP_SPOKE_PF_VOTKINSK
 neighbor 172.30.2.33 peer-group PG_BGP_SPOKE_PF_KAZAN
 neighbor 172.30.2.34 peer-group PG_BGP_SPOKE_PF_KAZAN
 neighbor 172.30.2.35 peer-group PG_BGP_SPOKE_PF_PERM
 neighbor 172.30.2.36 peer-group PG_BGP_SPOKE_PF_PERM
 neighbor 172.30.2.37 peer-group PG_BGP_SPOKE_KG_MOSCOW
 neighbor 172.30.2.37 route-map RM_BGP_FROM_SPOKE in
 neighbor 172.30.2.38 peer-group PG_BGP_SPOKE_KG_MOSCOW
 neighbor 172.30.2.39 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
 neighbor 172.30.2.40 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
 neighbor 172.30.2.41 peer-group PG_BGP_SPOKE_MLK_CHELYABINSK
 neighbor 172.30.2.43 peer-group PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA
 neighbor 172.30.2.44 peer-group PG_BGP_SPOKE_KG_EKATERINBURG
 neighbor 172.30.2.45 peer-group PG_BGP_SPOKE_KG_GKZ
 neighbor 172.30.2.46 peer-group PG_BGP_SPOKE_KG_GKZ
 neighbor 172.30.2.47 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
 neighbor 172.30.2.48 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
 neighbor 172.30.2.49 peer-group PG_BGP_SPOKE_TZK_KRYLATSKIY
 neighbor 172.30.2.50 peer-group PG_BGP_SPOKE_VST_IZM
 neighbor 172.30.2.51 peer-group PG_BGP_SPOKE_VST_IZM
 neighbor 172.30.2.52 peer-group PG_BGP_SPOKE_VST_ITL
 neighbor 172.30.2.53 peer-group PG_BGP_SPOKE_VST_ITL
 neighbor 172.30.2.54 peer-group PG_BGP_SPOKE_VST_KIA
 neighbor 172.30.2.55 peer-group PG_BGP_SPOKE_VST_KIA
 neighbor 172.30.2.56 peer-group PG_BGP_SPOKE_VST_BBN
 neighbor 172.30.2.57 peer-group PG_BGP_SPOKE_VST_BBN
 neighbor 172.30.2.58 peer-group PG_BGP_SPOKE_VST_MZH
 neighbor 172.30.2.59 peer-group PG_BGP_SPOKE_VST_MZH
 neighbor 172.30.2.60 peer-group PG_BGP_SPOKE_VST_SMK
 neighbor 172.30.2.60 route-map RM_RT_LP in
 neighbor 172.30.2.61 peer-group PG_BGP_SPOKE_VST_SMK
 neighbor 172.30.2.62 peer-group PG_BGP_SPOKE_VST_KGB
 neighbor 172.30.2.62 route-map RM_RT_LP in
 neighbor 172.30.2.63 peer-group PG_BGP_SPOKE_VST_KGB
 neighbor 172.30.2.64 peer-group PG_BGP_SPOKE_VST_KNK
 neighbor 172.30.2.65 peer-group PG_BGP_SPOKE_TMA_SHM
 neighbor 172.30.2.66 peer-group PG_BGP_SPOKE_TMA_SHM
 neighbor 172.30.2.67 peer-group PG_BGP_SPOKE_TMA_EVL
 neighbor 172.30.2.68 peer-group PG_BGP_SPOKE_TMA_KIB
 neighbor 172.30.2.69 peer-group PG_BGP_SPOKE_TMA_MSB
 neighbor 172.30.2.70 peer-group PG_BGP_SPOKE_KOMOS_ENERGY
 neighbor 172.30.2.73 peer-group PG_BGP_SPOKE_KG_SPB
 neighbor 172.30.2.74 peer-group PG_BGP_SPOKE_PF_AKS
 neighbor 172.30.2.75 peer-group PG_BGP_SPOKE_PF_AKS
 neighbor 172.30.2.76 remote-as 64556
 neighbor 172.30.2.76 next-hop-self all
 neighbor 172.30.2.76 soft-reconfiguration inbound
 neighbor 172.30.2.76 route-map RM_SPOKE_OUT out
 neighbor 172.30.30.41 remote-as 64513
 neighbor 172.30.30.41 description To-ISR4431_1
 neighbor 172.30.30.41 next-hop-self all
 neighbor 172.30.30.41 soft-reconfiguration inbound
 neighbor 172.30.30.46 remote-as 64513
 neighbor 172.30.30.46 description To-Catalyst6506
 neighbor 172.30.30.46 next-hop-self all
 neighbor 172.30.30.46 soft-reconfiguration inbound
 distance bgp 150 150 150
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
ip nat translation max-entries host 192.168.2.200 1000
ip nat inside source static tcp 10.1.19.121 5001 78.85.13.93 5001 extendable
ip nat inside source static tcp 192.168.1.253 7789 78.85.13.93 7789 extendable
ip nat inside source route-map RM_NAT_BEELINE interface GigabitEthernet0/0/2 overload
ip nat inside source route-map RM_NAT_RT interface GigabitEthernet0/0/0.3074 overload
ip route 0.0.0.0 0.0.0.0 78.85.13.1 100 name --RT_DMVPN--
ip route 10.1.30.0 255.255.255.0 78.85.13.1
ip route 82.142.146.68 255.255.255.252 195.239.120.224 name BeeCLOUD
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.1.254.254
!
!
!
ip prefix-list IN_FROM_KOMOS_MEDIA seq 10 permit 10.14.7.0/24
!
ip prefix-list IN_FROM_PS_GLAZOV seq 10 permit 10.2.3.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 20 permit 172.16.3.0/29
ip prefix-list IN_FROM_PS_GLAZOV seq 30 permit 10.5.30.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 40 permit 192.168.31.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 50 permit 192.168.32.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 60 permit 192.168.33.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 70 permit 192.168.34.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 80 permit 192.168.36.0/25
!
ip prefix-list IN_FROM_PS_KAZAN seq 10 permit 10.2.8.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 20 permit 172.16.8.0/29
ip prefix-list IN_FROM_PS_KAZAN seq 30 permit 10.200.1.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 40 permit 192.168.70.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 50 permit 192.168.72.0/22
ip prefix-list IN_FROM_PS_KAZAN seq 60 permit 192.168.76.0/25
ip prefix-list IN_FROM_PS_KAZAN seq 70 permit 192.168.77.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 80 permit 192.168.78.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 90 permit 10.5.62.0/24
!
ip prefix-list IN_FROM_PS_KEZ seq 10 permit 10.2.10.0/24
ip prefix-list IN_FROM_PS_KEZ seq 20 permit 10.5.95.0/29
ip prefix-list IN_FROM_PS_KEZ seq 30 permit 10.5.94.0/24
ip prefix-list IN_FROM_PS_KEZ seq 40 permit 10.200.3.0/24
ip prefix-list IN_FROM_PS_KEZ seq 50 permit 192.168.20.0/24
ip prefix-list IN_FROM_PS_KEZ seq 60 permit 192.168.22.0/24
ip prefix-list IN_FROM_PS_KEZ seq 70 permit 192.168.23.0/24
ip prefix-list IN_FROM_PS_KEZ seq 80 permit 192.168.25.0/24
ip prefix-list IN_FROM_PS_KEZ seq 90 permit 192.168.26.0/25
!
ip prefix-list IN_FROM_PS_PERM seq 10 permit 10.2.5.0/24
ip prefix-list IN_FROM_PS_PERM seq 20 permit 10.10.250.252/30
ip prefix-list IN_FROM_PS_PERM seq 30 permit 172.16.5.0/29
ip prefix-list IN_FROM_PS_PERM seq 40 permit 192.168.48.0/22
ip prefix-list IN_FROM_PS_PERM seq 50 permit 192.168.53.0/24
ip prefix-list IN_FROM_PS_PERM seq 60 permit 10.5.126.0/24
!
ip prefix-list IN_FROM_PS_SARAPUL seq 10 permit 10.2.4.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 20 permit 172.16.4.0/29
ip prefix-list IN_FROM_PS_SARAPUL seq 30 permit 10.5.158.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 40 permit 192.168.10.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 50 permit 192.168.11.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 60 permit 192.168.12.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 70 permit 192.168.13.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 80 permit 192.168.14.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 90 permit 192.168.15.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 100 permit 192.168.16.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 110 permit 192.168.19.0/25
ip prefix-list IN_FROM_PS_SARAPUL seq 120 permit 10.5.157.0/24
!
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 10 permit 192.168.8.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 20 permit 192.168.9.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 30 permit 192.168.110.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 40 permit 10.4.0.0/16
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_KOMOS_MEDIA seq 10 permit 10.1.19.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 20 permit 10.1.15.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 30 permit 10.0.0.0/14
ip prefix-list OUT_TO_KOMOS_MEDIA seq 40 permit 192.168.0.0/22
ip prefix-list OUT_TO_KOMOS_MEDIA seq 50 permit 10.4.24.0/21
ip prefix-list OUT_TO_KOMOS_MEDIA seq 60 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_MEAT_COMPANY seq 10 permit 192.168.0.0/22
ip prefix-list OUT_TO_MEAT_COMPANY seq 20 permit 10.1.19.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 30 permit 10.1.15.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 40 permit 10.14.7.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_MILKOM_MAIN seq 10 permit 10.0.0.0/14
ip prefix-list OUT_TO_MILKOM_MAIN seq 20 permit 192.168.0.0/22
!
ip prefix-list PFL_ROUTE_TO_MLK seq 10 permit 10.0.0.0/14 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 20 permit 10.14.24.0/21 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 30 permit 172.31.2.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 40 permit 192.168.0.0/22
ip prefix-list PFL_ROUTE_TO_MLK seq 50 permit 10.14.17.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 60 permit 10.14.52.0/22
!
ip prefix-list PL_DF_GW seq 5 permit 0.0.0.0/0
ip prefix-list PL_DF_GW seq 10 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_FROM_BEECLOUD seq 5 permit 10.100.0.0/24 le 25
ip prefix-list PL_FROM_BEECLOUD seq 10 permit 10.101.0.0/20 le 24
!
ip prefix-list PL_TO_BEECLOUD seq 5 permit 10.0.0.0/8 le 24
!
ip access-list extended ACL-DMVPN_TRAFFIC_KOM
 permit ip any any
 permit tcp any any eq 22
 permit icmp any any
 permit gre any any
 permit udp any any eq isakmp
 permit esp any any
 permit eigrp any any
ip access-list extended ACL-WAN_TO_LAN_KOM
 deny   ip any any
 permit ip any any
ip access-list extended ACL-WAN_TO_SELF_KOM
 permit ip 10.1.30.0 0.0.0.255 any
 permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
 permit esp object-group OBJ_BEECLOUD object-group STATIC_ISP_IP
 permit udp object-group OBJ_BEECLOUD object-group STATIC_ISP_IP eq isakmp
 permit icmp any any unreachable
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 permit icmp any any administratively-prohibited
 permit icmp any any echo
 deny   ip any any
ip access-list extended ACL_NAT_BEECLOUD
 permit ip host 10.1.19.121 any
ip access-list extended ACL_NAT_RT_CLOUD
 deny   ip any 10.1.30.0 0.0.0.255
 permit ip 192.168.252.0 0.0.0.255 any
 permit ip 10.1.17.0 0.0.0.255 any
 permit ip 192.168.0.0 0.0.3.255 any
 permit ip host 10.1.19.121 any
ip access-list extended ACL_QOS_Q1
 remark WEB Internet
 permit tcp any any eq www 443 8443
 permit tcp any eq www 443 8443 any
 remark Samba
 permit tcp any any eq 445
 permit tcp any eq 445 any
ip access-list extended ACL_QOS_Q2
 remark 1C
 permit tcp any any range 1560 1591
 permit tcp any any eq 1540 1541
 permit tcp any range 1560 1591 any
 permit tcp any eq 1540 1541 any
 remark SQL
 permit udp any any eq 1433
 permit tcp any any eq 1433
 permit udp any eq 1433 any
 permit tcp any eq 1433 any
 remark WEB Local
 permit tcp any 10.0.0.0 0.255.255.255 eq www 443 8443
 permit tcp any 192.168.0.0 0.0.255.255 eq www 443 8443
 permit tcp any 172.16.0.0 0.15.255.255 eq www 443 8443
 permit tcp 10.0.0.0 0.255.255.255 eq www 443 8443 any
 permit tcp 192.168.0.0 0.0.255.255 eq www 443 8443 any
 permit tcp 172.16.0.0 0.15.255.255 eq www 443 8443 any
ip access-list extended ACL_QOS_Q3
 remark SIP
 permit udp any any eq 5060 5061
 permit udp any eq 5060 5061 any
 remark RDP
 permit tcp any any eq 3389
 permit tcp any eq 3389 any
 permit udp any any eq 3389
 permit udp any eq 3389 any
 remark SSH
 permit tcp any any eq 22
 permit tcp any eq 22 any
 remark Winbox
 permit tcp any any eq 8291
 permit tcp any eq 8291 any
ip access-list extended ACL_QOS_Q4
 remark TEAMS + Confirence and other + Telegram
ip access-list extended ACL_QOS_Q5
 remark RTP trafic
 permit udp any range 10000 20000 host 172.17.100.1 range 10000 20000
 permit udp host 172.17.100.1 range 10000 20000 any range 10000 20000
 permit udp any range 10000 20000 host 10.4.7.17 range 10000 20000
 permit udp host 10.4.7.17 range 10000 20000 any range 10000 20000
 remark DNS
 permit udp any any eq domain
 permit tcp any any eq domain
 permit udp any eq domain any
 permit tcp any eq domain any
 remark NTP
 permit udp any any eq ntp
 remark LDAP
 permit udp any any eq 389 88
 permit tcp any any eq 389 88
 permit udp any eq 389 88 any
 permit tcp any eq 389 88 any
ip access-list extended ACL_TO_CLOUD_RT
 permit ip 10.0.0.0 0.255.255.255 10.1.30.0 0.0.0.255
 permit ip 10.1.255.0 0.0.0.255 10.1.30.0 0.0.0.255
 permit ip 10.1.0.0 0.0.255.255 10.1.30.0 0.0.0.255
 permit ip 10.4.0.0 0.0.255.255 10.1.30.0 0.0.0.255
 permit ip 192.168.0.0 0.0.255.255 10.1.30.0 0.0.0.255
ip access-list extended Access_VTY
 permit icmp any any
 permit tcp 10.0.0.0 0.255.255.255 eq 22 any
 permit tcp 192.168.0.0 0.0.255.255 eq 22 any
 permit tcp 172.0.0.0 0.16.255.255 eq 22 any
 deny   ip any any
ip access-list extended LOCAL_TRAFFIC
 permit ip any 192.168.0.0 0.0.255.255
 permit ip any 10.0.0.0 0.255.255.255
 permit ip any 172.16.0.0 0.15.255.255
ip sla 7777
 icmp-echo 78.85.13.1 source-interface GigabitEthernet0/0/0.3074
 request-data-size 1400
 threshold 600
 timeout 2000
 frequency 30
ip sla schedule 7777 life forever start-time now
kron occurrence EveryDay at 1:00 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging origin-id hostname
logging source-interface GigabitEthernet0/0/1.100
logging host 10.4.244.4 transport udp port 515
!
!
route-map RM_KEZ_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_RT_LP permit 20 
 set local-preference 900
!
route-map RM_NAT_BEELINE permit 10 
 match ip address ACL_NAT_BEECLOUD
 match interface GigabitEthernet0/0/2
!
route-map GLOBAL_ROUTING permit 5 
 match ip address LOCAL_TRAFFIC
!
route-map GLOBAL_ROUTING permit 10 
 match ip address ACL_NAT_BEECLOUD
 set ip next-hop 195.239.120.224
!
route-map GLOBAL_ROUTING permit 20 
!
route-map RM_KAZAN_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_GLAZOV_IN permit 20 
 match ip address prefix-list IN_FROM_PS_GLAZOV
!
route-map RM_PERM_IN permit 20 
 match ip address prefix-list IN_FROM_PS_PERM
!
route-map RM_SPOKE_OUT deny 10 
 match ip address prefix-list PL_DF_GW
!
route-map RM_SPOKE_OUT permit 20 
!
route-map RM_TO_BEECLOUD permit 10 
 match ip address prefix-list PL_TO_BEECLOUD
 set as-path prepend 64513
!
route-map RM_SARAPUL_OUT permit 20 
 match ip address prefix-list OUT_ALL_PS_MILKOM
!
route-map RM_FROM_BEECLOUD permit 10 
 match ip address prefix-list PL_FROM_BEECLOUD
 set as-path prepend 64554
!
route-map RM_KOMOS_MEDIA_OUT permit 10 
 match ip address prefix-list OUT_TO_KOMOS_MEDIA
!
route-map RM_BGP_FROM_SPOKE permit 10 
 set local-preference 900
!
route-map RM_NAT_RT permit 10 
 match ip address ACL_NAT_RT_CLOUD
 match interface GigabitEthernet0/0/0.3074
!
route-map RM_TO_MILKON_MAIN_OUT permit 20 
 match ip address prefix-list PFL_ROUTE_TO_MLK
!
route-map RM_KAZAN_IN permit 20 
 match ip address prefix-list IN_FROM_PS_KAZAN
!
route-map RM_KEZ_IN permit 20 
 match ip address prefix-list IN_FROM_PS_KEZ
!
route-map RM_SARAPUL_IN permit 20 
 match ip address prefix-list IN_FROM_PS_SARAPUL
!
route-map RM_MEAT_COMPANY_OUT permit 10 
 match ip address prefix-list OUT_TO_MEAT_COMPANY
!
route-map RM_KOMOS_MEDIA_IN permit 10 
 match ip address prefix-list IN_FROM_KOMOS_MEDIA
!
route-map RM_GLAZOV_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_PERM_OUT permit 20 
 match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv 
!
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
!
control-plane
!
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
alias exec q exit
alias exec sib sh ip int brief
!
line con 0
 login authentication CONSOLE
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 login authentication NPS
 length 0
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 login authentication NPS
 transport input ssh
!
ntp source GigabitEthernet0/0/1.100
ntp server 10.1.8.1
ntp server 10.1.8.2
!
!
!
!
!
end