Building configuration...

  
  
  
Current configuration : 34217 bytes
!
! Last configuration change at 09:02:09 IZH Tue Apr 26 2022 by akhmetzyanovrr_adm
! NVRAM config last updated at 01:30:00 IZH Thu Jul 28 2022
!
version 15.7
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname IZH-VRS-PFV-RT-1-2
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.157-3.M.bin
boot-end-marker
!
!
security authentication failure rate 3 log
logging buffered 16386
logging rate-limit 100 except warnings
logging console critical
!
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface GigabitEthernet0/2.300
 load-balance method least-outstanding
!
aaa authentication login default local group NPS enable
aaa authentication login LOCAL_AUTH local
aaa authentication login sslvpn local
aaa authentication login CONSOLE local group NPS
aaa authorization exec default local group NPS if-authenticated 
aaa authorization network sslvpn local 
!
!
!
!
!
aaa session-id common
clock timezone IZH 4 0
!
!
!
!
!
!
no ip source-route
no ip gratuitous-arps
!
!
!
!
!
!
ip flow-cache timeout inactive 60
ip flow-cache timeout active 5
no ip bootp server
ip domain name komos.ru
ip host tftp 10.4.0.214
ip name-server 95.215.208.42
ip name-server 8.8.8.8
ip cef
login block-for 60 attempts 3 within 20
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
!
!
!
crypto pki trustpoint CA_VPNPFV_KOMOS_RU
 enrollment terminal pem
 revocation-check none
!
crypto pki trustpoint VPNPFV_KOMOS_RU
 enrollment pkcs12
 revocation-check none
 rsakeypair VPNPFV_KOMOS_RU
!
!
crypto pki certificate chain CA_VPNPFV_KOMOS_RU
 certificate ca 01FD6D30FCA3CA51A81BBC640E35032D
  308205DE 308203C6 A0030201 02021001 FD6D30FC A3CA51A8 1BBC640E 35032D30 
  0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113 
  30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65 
  72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553 
  54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253 
  41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313030 
  32303130 30303030 305A170D 33383031 31383233 35393539 5A308188 310B3009 
  06035504 06130255 53311330 11060355 0408130A 4E657720 4A657273 65793114 
  30120603 55040713 0B4A6572 73657920 43697479 311E301C 06035504 0A131554 
  68652055 53455254 52555354 204E6574 776F726B 312E302C 06035504 03132555 
  53455254 72757374 20525341 20436572 74696669 63617469 6F6E2041 7574686F 
  72697479 30820222 300D0609 2A864886 F70D0101 01050003 82020F00 3082020A 
  02820201 00801265 17360EC3 DB08B3D0 AC570D76 EDCD27D3 4CAD5083 61E2AA20 
  4D092D64 09DCCE89 9FCC3DA9 ECF6CFC1 DCF1D3B1 D67B3728 112B47DA 39C6BC3A 
  19B45FA6 BD7D9DA3 6342B676 F2A93B2B 91F8E26F D0EC1620 90093EE2 E874C918 
  B491D462 64DB7FA3 06F18818 6A90223C BCFE13F0 87147BF6 E41F8ED4 E451C611 
  67460851 CB861454 3FBC33FE 7E6C9CFF 169D18BD 518E35A6 A766C872 67DB2166 
  B1D49B78 03C0503A E8CCF0DC BC9E4CFE AF059635 1F575AB7 FFCEF93D B72CB6F6 
  54DDC8E7 123A4DAE 4C8AB75C 9AB4B720 3DCA7F22 34AE7E3B 68660144 E7014E46 
  539B3360 F794BE53 37907343 F332C353 EFDBAAFE 744E69C7 6B8C6093 DEC4C70C 
  DFE132AE CC933B51 7895678B EE3D56FE 0CD0690F 1B0FF325 266B336D F76E47FA 
  7343E57E 0EA566B1 297C3284 635589C4 0DC19354 301913AC D37D37A7 EB5D3A6C 
  355CDB41 D712DAA9 490BDFD8 808A0993 628EB566 CF2588CD 84B8B13F A4390FD9 
  029EEB12 4C957CF3 6B05A95E 1683CCB8 67E2E813 9DCC5B82 D34CB3ED 5BFFDEE5 
  73AC233B 2D00BF35 55740949 D849581A 7F9236E6 51920EF3 267D1C4D 17BCC9EC 
  4326D0BF 415F40A9 4444F499 E757879E 501F5754 A83EFD74 632FB150 6509E658 
  422E431A 4CB4F025 4759FA04 1E93D426 464A5081 B2DEBE78 B7FC6715 E1C95784 
  1E0F63D6 E962BAD6 5F552EEA 5CC62808 042539B8 0E2BA9F2 4C971C07 3F0D52F5 
  EDEF2F82 0F020301 0001A342 3040301D 0603551D 0E041604 145379BF 5AAA2B4A 
  CF5480E1 D89BC09D F2B20366 CB300E06 03551D0F 0101FF04 04030201 06300F06 
  03551D13 0101FF04 05300301 01FF300D 06092A86 4886F70D 01010C05 00038202 
  01005CD4 7C0DCFF7 017D4199 650C73C5 529FCBF8 CF99067F 1BDA4315 9F9E0255 
  579614F1 523C2787 9428ED1F 3A0137A2 76FC5350 C0849BC6 6B4EBA8C 214FA28E 
  556291F3 6915D8BC 88E3C4AA 0BFDEFA8 E94B552A 06206D55 782919EE 5F305C4B 
  241155FF 249A6E5E 2A2BEE0B 4D9F7FF7 01389414 95430709 FB60A9EE 1CAB128C 
  A09A5EA7 986A596D 8B3F08FB C8D145AF 18156490 120F7328 2EC5E224 4EFC58EC 
  F0F445FE 22B3EB2F 8ED2D945 6105C197 6FA87672 8F8B8C36 AFBF0D05 CE718DE6 
  A66F1F6C A67162C5 D8D08372 0CF16711 890C9C13 4C7234DF BCD571DF AA71DDE1 
  B96C8C3C 125D65DA BD5712B6 436BFFE5 DE4D6611 51CF99AE EC17B6E8 71918CDE 
  49FEDD35 71A21527 941CCF61 E326BB6F A3672521 5DE6DD1D 0B2E681B 3B82AFEC 
  836785D4 985174B1 B9998089 FF7F7819 5C794A60 2E9240AE 4C372A2C C9C762C8 
  0E5DF736 5BCAE025 2501B4DD 1A079C77 003FD0DC D5EC3DD4 FABB3FCC 85D66F7F 
  A92DDFB9 02F7F597 9AB535DA C367B087 4AA9289E 238EFF5C 276BE1B0 4FF307EE 
  002ED459 87CB5241 95EAF447 D7EE6441 557C8D59 0295DD62 9DC2B9EE 5A287484 
  A59BB790 C70C07DF F5893674 32D628C1 B0B00BE0 9C4CC31C D6FCE369 B5474681 
  2FA282AB D3634470 C48DFF2D 33BAAD8F 7BB57088 AE3E19CF 4028D8FC C890BB5D 
  9922F552 E658C51F 883143EE 881DD7C6 8E3C436A 1DA718DE 7D3D16F1 62F9CA90 A8FD
  	quit
crypto pki certificate chain VPNPFV_KOMOS_RU
 certificate 0093FAAC8A0C37F508F5D3C800883BFDB6
  308206C2 308205AA A0030201 02021100 93FAAC8A 0C37F508 F5D3C800 883BFDB6 
  300D0609 2A864886 F70D0101 0B050030 8195310B 30090603 55040613 02474231 
  1B301906 03550408 13124772 65617465 72204D61 6E636865 73746572 3110300E 
  06035504 07130753 616C666F 72643118 30160603 55040A13 0F536563 7469676F 
  204C696D 69746564 313D303B 06035504 03133453 65637469 676F2052 5341204F 
  7267616E 697A6174 696F6E20 56616C69 64617469 6F6E2053 65637572 65205365 
  72766572 20434130 1E170D32 30303532 31303030 3030305A 170D3231 30363036 
  32333539 35395A30 81BF310B 30090603 55040613 02525531 0F300D06 03550411 
  13063132 37303135 31193017 06035504 08131055 646D7572 74736B61 79612052 
  65737031 0F300D06 03550407 13064D6F 73636F77 31433041 06035504 09133A64 
  2E203220 6B6F7270 2E203120 706F6D2E 20584C49 206B6F6D 2E203120 6574617A 
  6820352C 20756C2E 204E6F76 6F646D69 74726F76 736B6179 61311930 17060355 
  040A1310 4B4F4D4F 53204752 5550502C 204F4F4F 31133011 06035504 030C0A2A 
  2E6B6F6D 6F732E72 75308201 22300D06 092A8648 86F70D01 01010500 0382010F 
  00308201 0A028201 0100A9BC A8041307 C2830836 182F1AD2 C9D774D7 E50702F9 
  60DC1C7B BBD56BD9 398B8CDB F56C4BD7 F6F0C489 EC427A54 B89402D5 B305D795 
  0F52D67A D6F82E80 89650879 4F719B66 21C14B0D 0FABC31E 6FE730EF 71B553C8 
  DBE2A5C4 F069BB0D 3C141AC6 3DA12719 31D1DE66 D34DCCCB 490B0FAA D68C5E15 
  7A9962FD 09E2B17D 74115809 B1ABDE35 323B7E3E 48816379 338849E9 5F906B3E 
  A711DBBC 1C3C76C2 2E5FE73C E67A9249 90347DE7 79623B3D 42D48F61 C745B439 
  54B21C99 9FB93878 F298AB84 53CFF3CC A34C039E 89393DF1 80192065 DCDA3811 
  291251A8 43C27A6D A5119AB1 9BECCF61 B14BE8B9 5822B8E0 07DF763F E688AB56 
  F630725B 040F0C58 86010203 010001A3 8202DF30 8202DB30 1F060355 1D230418 
  30168014 17D9D625 2767F931 C24943D9 3036448C 6CA94FEB 301D0603 551D0E04 
  1604144D 10DBEA91 956D4FC3 2B72ED20 556CFA1E 38927130 0E060355 1D0F0101 
  FF040403 0205A030 0C060355 1D130101 FF040230 00301D06 03551D25 04163014 
  06082B06 01050507 03010608 2B060105 05070302 304A0603 551D2004 43304130 
  35060C2B 06010401 B2310102 01030430 25302306 082B0601 05050702 01161768 
  74747073 3A2F2F73 65637469 676F2E63 6F6D2F43 50533008 06066781 0C010202 
  305A0603 551D1F04 53305130 4FA04DA0 4B864968 7474703A 2F2F6372 6C2E7365 
  63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761 6E697A61 74696F6E 
  56616C69 64617469 6F6E5365 63757265 53657276 65724341 2E63726C 30818A06 
  082B0601 05050701 01047E30 7C305506 082B0601 05050730 02864968 7474703A 
  2F2F6372 742E7365 63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761 
  6E697A61 74696F6E 56616C69 64617469 6F6E5365 63757265 53657276 65724341 
  2E637274 30230608 2B060105 05073001 86176874 74703A2F 2F6F6373 702E7365 
  63746967 6F2E636F 6D301F06 03551D11 04183016 820A2A2E 6B6F6D6F 732E7275 
  82086B6F 6D6F732E 72753082 0104060A 2B060104 01D67902 04020481 F50481F2 
  00F00076 007D3EF2 F88FFF88 556824C2 C0CA9E52 89792BC5 0E78097F 2E6A9768 
  997E22F0 D7000001 7236A9F2 D2000004 03004730 45022100 BACB9772 4718DCE5 
  AFEED323 E69255EB F80BC770 691BC5CC 6ED46DC0 7B943C7A 02206694 07DA794C 
  00D45D62 77AE3C67 551C8579 1809B227 1DB745AD 453697BE 07130076 009420BC 
  1E8ED58D 6C88731F 828B222C 0DD1DA4D 5E6C4F94 3D61DB4E 2F584DA2 C2000001 
  7236A9F3 87000004 03004730 45022100 F36F3BC4 9BA01275 14F2FF66 148551B5 
  C6A70EBE 09A65A0D CCF96BF1 92C2B748 02207971 87B7F2D7 A2E5C871 A2643DCB 
  F9D929BA 8FA907CC B13764C8 087C64E5 E33E300D 06092A86 4886F70D 01010B05 
  00038201 010091BE 0134215B E5683466 47B8CBD4 95E668A9 E30DE2EA A58F0276 
  88F68F0B D5656A80 642FB4C4 633C68E5 FB95144E 185DDB2A 9E796A26 2F0147D8 
  6850CEFC A41D8856 A62E9EBF 907523C5 AB9F25C0 E0556618 2416F912 AE30B0F1 
  C4621BDB AEF3E06F 55FA13E9 F9549290 3AD8617F BCEE2058 4B04A901 4C1E9A18 
  D5FD603C C92178FB 1ABC12E8 84E8F30E 3E08F04F D8544887 460AC53B 78A06E0E 
  27EC0426 2AA9E09D A5EF10C1 1EEA1FA4 CE572F16 9081F5CE 94371A35 35B32B0B 
  DCB1BCD8 A872E24D A7045002 52764CAD F80FAC74 FBF9EF0F DD9F3397 DAE4CE81 
  BB504649 0A2DE226 8E037485 4392319B 7116D45E B8D40724 FC487229 4651A35D 
  0483B01E E61E
  	quit
 certificate ca 137D539CAA7C31A9A433701968847A8D
  30820619 30820401 A0030201 02021013 7D539CAA 7C31A9A4 33701968 847A8D30 
  0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113 
  30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65 
  72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553 
  54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253 
  41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313831 
  31303230 30303030 305A170D 33303132 33313233 35393539 5A308195 310B3009 
  06035504 06130247 42311B30 19060355 04081312 47726561 74657220 4D616E63 
  68657374 65723110 300E0603 55040713 0753616C 666F7264 31183016 06035504 
  0A130F53 65637469 676F204C 696D6974 6564313D 303B0603 55040313 34536563 
  7469676F 20525341 204F7267 616E697A 6174696F 6E205661 6C696461 74696F6E 
  20536563 75726520 53657276 65722043 41308201 22300D06 092A8648 86F70D01 
  01010500 0382010F 00308201 0A028201 01009C93 0246454A 524892FC 578DF92D 
  EA53BEB3 2CD5D8A8 A5EC5B69 03C01D10 F65933DE FE0748A8 E88C7A67 4AF1F58D 
  C33766D0 3291F7C4 9D0460C4 B54AE283 8BA7AE26 D45D3A5E F8D11671 BB8ABD71 
  A27DC8CE A26024B0 52A03A45 51DE7893 6C6260F1 E4569CB7 3BF73C55 D8DFD57A 
  317C357F 125170E1 2CBE04AC CBFA4FE1 7C656AC0 40A7D97C A5638419 E1F7CAEF 
  AAB4E858 5AD999E3 26DF8E12 B2B8DC33 B236DA14 1D965842 406E0B22 851C5122 
  AEC4C806 456D92E6 67B71923 E4D8366B 85D07FC7 52E3CFB0 7501E089 B4A8BF8A 
  364EA3E0 6CEB8441 CEA52F48 22139750 62451E09 A5CC9F6C 57704006 DB20E81B 
  D6F3938B A7329EB7 441509D7 AFFD7C01 1CDB0203 010001A3 82016E30 82016A30 
  1F060355 1D230418 30168014 5379BF5A AA2B4ACF 5480E1D8 9BC09DF2 B20366CB 
  301D0603 551D0E04 16041417 D9D62527 67F931C2 4943D930 36448C6C A94FEB30 
  0E060355 1D0F0101 FF040403 02018630 12060355 1D130101 FF040830 060101FF 
  02010030 1D060355 1D250416 30140608 2B060105 05070301 06082B06 01050507 
  0302301B 0603551D 20041430 12300606 04551D20 00300806 0667810C 01020230 
  50060355 1D1F0449 30473045 A043A041 863F6874 74703A2F 2F63726C 2E757365 
  72747275 73742E63 6F6D2F55 53455254 72757374 52534143 65727469 66696361 
  74696F6E 41757468 6F726974 792E6372 6C307606 082B0601 05050701 01046A30 
  68303F06 082B0601 05050730 02863368 7474703A 2F2F6372 742E7573 65727472 
  7573742E 636F6D2F 55534552 54727573 74525341 41646454 72757374 43412E63 
  72743025 06082B06 01050507 30018619 68747470 3A2F2F6F 6373702E 75736572 
  74727573 742E636F 6D300D06 092A8648 86F70D01 010C0500 03820201 004E1340 
  96C9C3E6 6E5BC0E3 BAF417E1 AE091FC9 BFCB0C25 16F27353 B3761AB7 AB4806D6 
  CD007C20 4543456C 165A1B13 61D749BA A402A4AC E8CECE2D C92A74A3 DCDEAEAB 
  D06836F8 91AF3C01 F777D50B CF97ABEB 87E715A8 FA305A61 7120B1C0 43C4B98F 
  6D8A31EB 153624FB 62D50B9C 8FE966BD E6615197 93B61D87 BDB0B56C FEA61129 
  06613431 303D2027 7351D0DE 8583D377 39204696 DAA7C65A 162785B2 CF4E0F4E 
  8C5CBEBE 3800F84B F9727BD4 F27AD7A2 2985D004 BAD3422C 5188522E D13D2467 
  47EC55CC 1BF4CA34 EA26C1DE DDC42189 F6BA7B32 1E8E965E 844538CF 80AA3769 
  8B601774 1548919C 6DF04EA3 77CA1B1C 48FAF9CF 49E85F4F 850AE28F 901BAB70 
  4C9AEBB7 A63FB4AC 5DA45FCF E6D88A96 90F74F26 8160765D 0F247791 B32A319F 
  165AB25D 8C1C29AA 489C8E6F D3784070 DB77ECDD E3D15705 702DE649 98880584 
  62057056 7686394E D3226F1D FE6DF10E B362C43C CBC085B9 611EBAE1 15805994 
  0CAE05BB 8C7F56BE 1CD25ABF 97F26A4C B0C67076 B0908DC1 0B36B911 D8D6285C 
  EA4FFE24 B7180A9B 0CD0C17C 5CFB69BD CCA24DC6 90BCA64D F2B1BAD6 9A675B96 
  0252D082 F9C40A5C 0D28E03F C8FA9595 89D5A4BE 496C40B2 3EA86BB8 D525B2C4 
  FEF1D3D7 E7D6DC43 017630FB 3B8B5DF7 4A897C9A 35BEFCCA F05701F0 8D3FA087 
  327B475A 974B82D2 66C2C42D EA3F24F4 A7F9A8B9 E36AD918 61A03B8C 15
  	quit
license udi pid CISCO2911/K9 sn JTV1624T1ED
license accept end user agreement
license boot module c2900 technology-package securityk9
!
!
archive
 log config
  logging enable
  logging size 200
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/VRS/PFV-RT/$H.$T.conf
 write-memory
 time-period 10080
object-group network NET_MLK 
 description :: MILKOM_DATACENTER
 host 85.140.32.177
 host 78.85.14.98
 host 213.87.95.1
!
object-group network NET_VPF 
 description VOTKINSKAYA_PF
 host 88.80.33.14
 host 78.85.13.118
!
object-group network NET_IPF 
 description IZHEVSKAYA_PF
 host 85.140.32.141
 host 78.85.13.117
!
object-group network NET_MPF 
 host 178.47.130.10
 host 5.227.121.127
!
object-group network NET_PFD 
 host 185.6.82.180
!
object-group network NET_IZH_MLK 
 description --IZHMOLOKO--
 host 78.85.13.42
 host 85.140.32.27
 host 31.173.105.54
 host 217.14.195.253
 host 84.201.247.157
!
object-group network NET_PS_PF 
 host 5.227.121.127
 host 46.232.164.108
 host 78.85.13.117
 host 78.85.13.118
 host 78.85.13.119
 host 78.85.14.98
 host 78.85.33.50
 host 85.140.32.141
 host 85.140.32.177
 host 85.140.32.178
 host 88.80.33.14
 host 95.215.208.234
 host 178.47.130.10
 host 178.205.241.114
!
object-group network NET_KOMOSGROUP 
 host 88.80.33.50
 91.240.179.0 255.255.255.0
 host 5.227.124.143
 host 62.141.96.126
 host 84.201.247.190
 host 88.80.33.10
 host 94.25.46.122
!
object-group network NET_DMVPN_NBRS 
 group-object NET_MLK
 group-object NET_VPF
 group-object NET_IPF
 group-object NET_MPF
 group-object NET_PFD
 group-object NET_IZH_MLK
 group-object NET_PS_PF
 group-object NET_KOMOSGROUP
!
object-group network NET_KOMENERGO 
 description :: KOMOS_ENERGO
 host 92.55.54.109
 host 83.143.54.246
 host 77.222.40.133
 host 178.79.148.203
!
object-group network NET_PHK 
 host 46.146.210.68
!
object-group network NET_REMOTE_MANAGERS 
 host 91.146.62.155
 host 213.87.95.1
!
object-group network NET_UPF 
 description :: UDMURTSKAYA_PF
 host 88.80.33.162
 host 212.46.204.74
 host 146.120.104.227
 host 95.215.208.234
!
object-group network NET_RT_VATS 
 host 178.45.249.116
!
object-group network NET_REMOTE_SITES 
 group-object NET_VPF
 group-object NET_UPF
 group-object NET_MPF
 group-object NET_IPF
 group-object NET_KOMENERGO
 group-object NET_KOMOSGROUP
 group-object NET_PHK
 group-object NET_PFD
 group-object NET_IZH_MLK
 group-object NET_RT_VATS
!
object-group network OBJ_BBN_RN_BBN 
 host 85.140.32.104
 host 78.85.13.205
!
object-group network OBJ_BBN_VST_BBN 
 host 85.140.32.103
 host 83.169.220.204
!
object-group network OBJ_IZH_MLK_IZM 
 host 85.140.32.27
 host 78.85.13.42
 host 5.227.126.169
 host 31.173.105.54
 host 217.14.195.253
 host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11 
 91.240.179.0 255.255.255.0
 host 5.227.124.143
 host 78.85.13.93
 host 62.141.96.126
 host 84.201.247.190
 host 88.80.33.50
 host 94.25.46.122
 range 91.240.179.1 91.240.179.254
!
object-group network OBJ_IZH_VST_IZM 
 host 5.227.124.82
 host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44 
 host 212.46.204.74
 host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48 
 host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR 
 host 87.249.239.226
 host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK 
 host 185.62.195.150
 host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK 
 host 31.173.105.62
 host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK 
 host 83.69.126.54
 host 94.180.253.210
 host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS 
 host 31.173.105.66
 host 78.85.13.52
 host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK 
 host 178.47.128.18
 host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM 
 host 31.173.105.58
 host 78.85.13.53
 host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK 
 host 37.113.128.241
 host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ 
 host 78.85.13.94
 host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA 
 host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK 
 host 78.25.80.134
 host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17 
 host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI 
 host 78.85.15.85
 host 84.201.247.24
 host 79.175.36.97
 host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB 
 host 62.168.232.182
 host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56 
 host 83.143.54.246
 host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM 
 host 85.140.32.177
 host 78.85.14.98
 host 213.87.95.1
 host 92.241.255.114
 host 89.175.174.68
!
object-group network OBJ_GLZ_VRS_UPF 
 host 95.215.208.234
 host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF 
 host 85.140.32.141
 host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV 
 host 85.140.32.178
 host 94.181.119.90
 host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF 
 host 78.85.13.118
 host 88.80.33.14
!
object-group network OBJ_MSB_TMA_MSB 
 host 78.138.182.214
!
object-group network OBJ_KIB_TMA_KIB 
 host 78.138.182.126
!
object-group network OBJ_PRM_VRS_MPF 
 host 178.47.130.10
 host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF 
 host 178.205.241.114
 host 46.232.164.108
!
object-group network OBJ_SHM_TMA_SHM 
 host 89.232.91.106
 host 31.173.182.210
!
object-group network OBJ_EVL_TMA_EVL 
 host 89.232.102.166
!
object-group network OBJ_ITL_VST_ITL 
 host 5.227.124.130
 host 78.85.34.99
 host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH 
 host 88.80.33.250
 host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA 
 host 85.140.32.24
 host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB 
 host 78.85.37.88
 host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK 
 host 78.85.19.93
 host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK 
 host 178.161.242.67
!
object-group network OBJ_IZH_KM_S61 
 host 84.201.247.32
 host 88.80.33.194
!
object-group network OBJ_YAN_GKZ_YEL 
 host 77.94.97.222
!
object-group network OBJ_KUN_KMK_B2 
 94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80 
 host 178.161.207.26
 host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9 
 host 178.47.128.98
 host 194.150.90.20
!
object-group network OBJ_KGB_RN_KGB 
 host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH 
 host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI 
 host 78.85.13.167
!
object-group network OBJ_URN_RN_URN 
 host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM 
 host 88.80.32.230
 host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG 
 host 95.215.208.240
 host 146.120.104.235
 host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21 
 host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP 
 host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK 
 host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17 
 host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17 
 85.140.32.64 255.255.255.252
 host 85.140.32.63
 host 85.140.32.68
!
object-group network OBJ_IZH_VRS_AKS 
 host 5.227.124.50
 host 87.249.233.80
!
object-group network OBJ_SPB_KG_SPB 
 host 62.141.114.190
 host 94.72.27.43
!
object-group network OBJ_BRANCHES 
 group-object OBJ_IZH_MLK_IZM
 group-object OBJ_IZH_KG_P11
 group-object OBJ_IZH_VST_IZM
 group-object OBJ_IZH_TK_M44
 group-object OBJ_IZH_TK_M48
 group-object OBJ_IZH_TK_SMR
 group-object OBJ_MSK_KG_MSK
 group-object OBJ_GLZ_MLK_GMK
 group-object OBJ_KZN_MLK_KMK
 group-object OBJ_KEZ_MLK_KZS
 group-object OBJ_PRM_MLK_PHK
 group-object OBJ_SAR_MLK_SRM
 group-object OBJ_CLB_MLK_CMK
 group-object OBJ_BBN_RN_BBN
 group-object OBJ_GLZ_GKZ_GKZ
 group-object OBJ_KIA_RN_KIA
 group-object OBJ_IZH_TZK_TZK
 group-object OBJ_IZH_MK_VS17
 group-object OBJ_IZH_KL_KLI
 group-object OBJ_EKB_KG_EKB
 group-object OBJ_IZH_KEN_VS56
 group-object OBJ_IZH_VRS_IZM
 group-object OBJ_GLZ_VRS_UPF
 group-object OBJ_IZH_VRS_IPF
 group-object OBJ_IZH_VRS_PFV
 group-object OBJ_VOT_VRS_VPF
 group-object OBJ_MSB_TMA_MSB
 group-object OBJ_KIB_TMA_KIB
 group-object OBJ_PRM_VRS_MPF
 group-object OBJ_LAI_VRS_DPF
 group-object OBJ_BBN_VST_BBN
 group-object OBJ_SHM_TMA_SHM
 group-object OBJ_EVL_TMA_EVL
 group-object OBJ_ITL_VST_ITL
 group-object OBJ_MZH_VST_MZH
 group-object OBJ_KIA_VST_KIA
 group-object OBJ_KGB_VST_KBB
 group-object OBJ_SAR_VST_SMK
 group-object OBJ_KNK_VST_KMK
 group-object OBJ_IZH_KM_S61
 group-object OBJ_YAN_GKZ_YEL
 group-object OBJ_KUN_KMK_B2
 group-object OBJ_KUN_KMK_H80
 group-object OBJ_KUN_KMK_CH9
 group-object OBJ_KGB_RN_KGB
 group-object OBJ_NCH_RN_NCH
 group-object OBJ_PRI_RN_PRI
 group-object OBJ_URN_RN_URN
 group-object OBJ_MZH_TK_TKM
 group-object OBJ_GLZ_TK_TKG
 group-object OBJ_IZH_TK_M21
 group-object OBJ_IZH_HLA_PP
 group-object OBJ_IZH_HLA_UHK
 group-object OBJ_IZH_VD_VS17
 group-object OBJ_IZH_KS_H17
 group-object OBJ_IZH_VRS_AKS
 group-object OBJ_SPB_KG_SPB
!
object-group network STATIC_ISP_IP 
 host 78.85.33.50
!
object-group service SVC_ANYCONNECT 
 tcp eq 443
!
object-group service SVC_DNS 
 tcp eq domain
 udp eq domain
!
object-group service SVC_EMAIL 
 tcp eq smtp
 tcp eq 26
 tcp eq 587
 tcp eq pop3
 tcp eq 143
 tcp eq 993
 tcp eq 465
 tcp eq 995
 tcp eq 4431
!
username menshikov privilege 15 secret 5 $1$jKjV$FRCadPiBRpyUc8/VTp5ks.
username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/
username akhmetzyanovrr privilege 15 secret 5 $1$c4VK$32.Jm2pJEy9u0raUvQK/50
!
redundancy
!
!
!
!
!
track 1 ip sla 1 reachability
 delay down 26 up 11
!
track 10 ip sla 10 reachability
 delay down 26 up 11
!
track 110 list boolean and
 object 1
 object 10
!
! 
crypto logging session
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.3.05017-k9.pkg sequence 1
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-linux-64-4.3.05017-k9.pkg sequence 2
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-macosx-i386-4.3.05017-k9.pkg sequence 3
!
crypto isakmp policy 150
 encr aes
 authentication pre-share
 group 2
crypto isakmp key mlk20kom19 address 0.0.0.0         no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
!
crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac 
 mode transport
!
crypto ipsec profile CRYPTO_IPSEC_DMVPN
 description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE--
 set transform-set CRYPTO_TS_DMVPN 
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.8.20.254 255.255.255.128
!
interface Loopback1
 description -== REMOTE SENSOR ==-
 ip address 10.1.72.4 255.255.255.255
!
interface Tunnel1001
 description --DMVPN_SPOKE_26_CLOUD_1--
 ip address 172.30.1.28 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip flow ingress
 ip flow egress
 ip nhrp authentication M_K.Cl01
 ip nhrp map 172.30.1.1 85.140.32.27
 ip nhrp map 172.30.1.2 78.85.13.42
 ip nhrp map multicast 85.140.32.27
 ip nhrp map multicast 78.85.13.42
 ip nhrp network-id 1001
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.1.1
 ip nhrp nhs 172.30.1.2
 ip tcp adjust-mss 1360
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 1001
 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
!
interface Tunnel1002
 description --DMVPN_SPOKE_26_CLOUD_2--
 ip address 172.30.2.28 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip flow ingress
 ip flow egress
 ip nhrp authentication M_K.Cl02
 ip nhrp map 172.30.2.1 5.227.124.143
 ip nhrp map 172.30.2.2 78.85.13.93
 ip nhrp map multicast 5.227.124.143
 ip nhrp map multicast 78.85.13.93
 ip nhrp network-id 1002
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.2.1
 ip nhrp nhs 172.30.2.2
 ip tcp adjust-mss 1360
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 1002
 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 description LOCAL_NETWORK
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.300
 description NETWORK_MANAGEMENT
 encapsulation dot1Q 300
 ip address 10.8.21.252 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 standby version 2
 standby 300 ip 10.8.21.253
 standby 300 timers 5 15
 standby 300 priority 150
 standby 300 preempt delay minimum 30
 standby 300 authentication pfv2017
 standby 300 name NM-HSRP
 standby 300 track 110 decrement 110
!
interface GigabitEthernet0/2.555
 description --BGP_TRANSIT--
 encapsulation dot1Q 555
 ip address 172.30.30.162 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Dialer1
 description LOGICAL_INTERFACE_ISP_RT
 ip address negotiated
 ip access-group ACL_FIREWALL in
 ip access-group ACL_LAN_TO_WAN out
 ip mtu 1492
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname varaks-vols
 ppp chap password 7 133D3C44122F28290D
 ppp pap sent-username varaks-vols password 7 003C38501D78270529
!
router bgp 64525
 bgp router-id 172.30.30.162
 bgp log-neighbor-changes
 bgp graceful-restart
 aggregate-address 10.8.16.0 255.255.240.0
 redistribute connected route-map RM_BGP_REDISTR_CON
 neighbor PG_BGP_OCOD peer-group
 neighbor PG_BGP_OCOD remote-as 64512
 neighbor PG_BGP_OCOD next-hop-self
 neighbor PG_BGP_OCOD soft-reconfiguration inbound
 neighbor PG_BGP_OCOD route-map RM_BGP_TO_HUB out
 neighbor PG_BGP_RCOD peer-group
 neighbor PG_BGP_RCOD remote-as 64513
 neighbor PG_BGP_RCOD next-hop-self
 neighbor PG_BGP_RCOD soft-reconfiguration inbound
 neighbor PG_BGP_RCOD route-map RM_BGP_TO_HUB out
 neighbor PG_BGP_IPF peer-group
 neighbor PG_BGP_IPF remote-as 64526
 neighbor PG_BGP_IPF next-hop-self
 neighbor PG_BGP_IPF soft-reconfiguration inbound
 neighbor PG_BGP_IPF prefix-list PFL_FROM_IPF in
 neighbor PG_BGP_IPF prefix-list PFL_TO_IPF out
 neighbor PG_BGP_VRS_AKS peer-group
 neighbor PG_BGP_VRS_AKS remote-as 64553
 neighbor PG_BGP_VRS_AKS soft-reconfiguration inbound
 neighbor 172.30.1.1 peer-group PG_BGP_OCOD
 neighbor 172.30.1.2 peer-group PG_BGP_OCOD
 neighbor 172.30.1.29 peer-group PG_BGP_IPF
 neighbor 172.30.1.30 peer-group PG_BGP_IPF
 neighbor 172.30.1.74 peer-group PG_BGP_VRS_AKS
 neighbor 172.30.1.75 peer-group PG_BGP_VRS_AKS
 neighbor 172.30.2.1 peer-group PG_BGP_RCOD
 neighbor 172.30.2.2 peer-group PG_BGP_RCOD
 neighbor 172.30.2.29 peer-group PG_BGP_IPF
 neighbor 172.30.2.30 peer-group PG_BGP_IPF
 neighbor 172.30.2.74 peer-group PG_BGP_VRS_AKS
 neighbor 172.30.2.75 peer-group PG_BGP_VRS_AKS
 neighbor 172.30.30.161 remote-as 64525
 neighbor 172.30.30.161 next-hop-self
 neighbor 172.30.30.161 soft-reconfiguration inbound
 neighbor 172.30.30.163 remote-as 64525
 neighbor 172.30.30.163 next-hop-self
 neighbor 172.30.30.163 soft-reconfiguration inbound
 distance bgp 150 150 150
!
ip local pool ANYCONNECT_POOL 10.8.20.129 10.8.20.253
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip flow-export source GigabitEthernet0/2.300
ip flow-export version 5
ip flow-export destination 10.4.0.215 9995
ip flow-export destination 10.4.0.217 9995
ip flow-top-talkers
 top 10
 sort-by bytes
 cache-timeout 20000
!
ip tftp source-interface GigabitEthernet0/2.300
ip nat translation timeout 450
ip nat translation tcp-timeout 300
ip nat translation pptp-timeout 1800
ip nat translation udp-timeout 45
ip nat translation dns-timeout 5
ip nat translation port-timeout tcp 110 60
ip nat translation port-timeout tcp 25 60
ip nat translation port-timeout tcp 80 15
ip nat translation port-timeout udp 5060 180
ip nat translation max-entries all-host 400
ip nat inside source route-map ISP_RT interface Dialer1 overload
ip nat inside source static tcp 10.8.16.222 4431 78.85.33.50 4431 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.252.0 10.8.21.254
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list standard ACL_ACCESS_NET
 permit 192.168.0.0 0.0.3.255
 permit 10.8.16.0 0.0.1.255
 permit 10.8.21.0 0.0.0.255
ip access-list standard ACL_NTP_SERVERS
 permit 172.16.254.62
 deny   any
!
ip access-list extended ACL_FIREWALL
 permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
 permit udp any eq ntp object-group STATIC_ISP_IP
 permit icmp any any unreachable
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 permit icmp any any administratively-prohibited
 permit icmp any any echo
 permit object-group SVC_ANYCONNECT any object-group STATIC_ISP_IP
 permit tcp object-group NET_KOMENERGO object-group STATIC_ISP_IP eq 50001
 permit tcp host 5.227.120.65 object-group STATIC_ISP_IP eq 50001
 permit tcp object-group NET_KOMENERGO object-group STATIC_ISP_IP eq 33822
 permit object-group SVC_EMAIL any object-group STATIC_ISP_IP
 evaluate reflectedtraffic 
 permit tcp host 178.45.249.116 object-group STATIC_ISP_IP
 permit udp host 178.45.249.116 object-group STATIC_ISP_IP
ip access-list extended ACL_LAN_TO_WAN
 permit ip any any reflect reflectedtraffic timeout 300
!
!
ip prefix-list PFL_BGP_REDISTR_CON seq 10 permit 10.0.0.0/8 le 24
ip prefix-list PFL_BGP_REDISTR_CON seq 20 permit 10.8.20.128/25
!
ip prefix-list PFL_FROM_IPF seq 10 permit 172.16.23.0/24
ip prefix-list PFL_FROM_IPF seq 20 permit 10.8.32.0/21
!
ip prefix-list PFL_TO_HUB seq 10 permit 10.8.16.0/20
!
ip prefix-list PFL_TO_IPF seq 10 permit 172.16.3.0/24
ip prefix-list PFL_TO_IPF seq 20 permit 10.8.16.0/20
ip sla 1
 icmp-echo 8.8.8.8 source-interface Dialer1
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 1 life forever start-time now
ip sla 10
 icmp-echo 192.5.5.241 source-interface Dialer1
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 10 life forever start-time now
kron occurrence EveryDay at 1:30 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging trap debugging
logging host 192.168.72.34
!
route-map RM_ROUTE_VIA_ERT permit 10
 match ip address ACL_ROUTE_VIA_ERT
 set ip next-hop verify-availability 192.168.1.38 1 track 11
!
route-map ISP_RT permit 10
 match ip address ACL_ACCESS_NET
 match interface Dialer1
!
route-map RM_BGP_REDISTR_CON permit 10
 match ip address prefix-list PFL_BGP_REDISTR_CON PFL_TO_IPF
!
route-map RM_BGP_TO_HUB permit 10
 match ip address prefix-list PFL_TO_HUB
!
route-map RM_BGP_FROM_HUB permit 10
 set local-preference 1000
!
!
snmp-server community public RO
snmp-server community lmTUEsk6Yvlv RO
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
radius server IZH-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
!
!
control-plane
!
!
 vstack
alias exec q exit
!
line con 0
 logging synchronous
 login authentication CONSOLE
 speed 115200
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 privilege level 15
 logging synchronous
 length 0
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 privilege level 15
 logging synchronous
 transport input ssh
!
scheduler allocate 20000 1000
ntp access-group peer ACL_NTP_SERVERS
ntp master 3
ntp update-calendar
ntp server 172.16.254.62 prefer
!
!
webvpn gateway ANYCONNECT-WEBVPN-GATEWAY
 ip interface GigabitEthernet0/0 port 443
 ssl encryption 3des-sha1
 ssl trustpoint VPNPFV_KOMOS_RU
 logging enable
 inservice
 dtls port 3000
 !
webvpn context ANYCONNECT-WEBVPN
 aaa authentication list sslvpn
 aaa authorization list sslvpn
 gateway ANYCONNECT-WEBVPN-GATEWAY
 !
 ssl authenticate verify all
 inservice
 !
 policy group WEBVPN_POLICY_ADMINISTRATORS
   functions svc-enabled
   svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
   svc default-domain "varaksino.local"
   svc rekey method new-tunnel
   svc dns-server primary 192.168.1.26
   svc dns-server secondary 192.168.72.59
 !
 policy group WEBVPN_POLICY_USERS
   functions svc-enabled
   svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
   svc default-domain "varaksino.local"
   svc rekey method new-tunnel
   svc split include 192.168.72.0 255.255.255.192
   svc dns-server primary 192.168.1.26
   svc dns-server secondary 192.168.72.59
 default-group-policy WEBVPN_POLICY_USERS
!
end