Building configuration...

  
Current configuration : 43575 bytes
!
! Last configuration change at 16:32:20 IZH Wed Jul 20 2022 by akhmetzyanovrr_adm
! NVRAM config last updated at 01:00:26 IZH Thu Jul 28 2022
!
version 15.6
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
service sequence-numbers
!
hostname IZH-KG-P11-RT-1-1
!
boot-start-marker
boot system flash:c3900e-universalk9-mz.SPA.156-3.M6.bin
boot-end-marker
!
!
logging buffered 65536
logging rate-limit 100 except warnings
enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1
!
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Port-channel1.100
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
memory-size iomem 25
clock timezone IZH 4 0
clock calendar-valid
!
!
!
!
!
!
!
!
!
!
!
!
ip flow-cache timeout inactive 60
ip flow-cache timeout active 5
no ip domain lookup
ip domain name komos.ru
ip host VM-KG-NET 10.1.12.70
ip host tftp 10.4.0.214
ip inspect tcp reassembly queue length 128
ip inspect tcp reassembly timeout 10
ip inspect name Internet bgp
ip inspect name Internet dns
ip inspect name Internet ftp
ip inspect name Internet http
ip inspect name Internet ntp
ip inspect name Internet pop3
ip inspect name Internet sip
ip inspect name Internet smtp
ip inspect name Internet ssh
ip inspect name Internet tcp
ip inspect name Internet telnet
ip inspect name Internet udp
ip inspect name Internet pptp
ip inspect name Internet icmp
ip inspect name Internet l2tp
ip inspect name Internet h323
ip inspect name Internet ipsec-msft
ip inspect name Internet isakmp
ip inspect name Internet sip-tls
ip accounting-threshold 100000
ip cef
login on-failure log
login on-success log
no ipv6 cef
!
!
flow exporter NAT_FLOW
 destination 10.4.0.214
 transport udp 2055
!
!
flow monitor NAT_FLOW
 exporter NAT_FLOW
 record netflow-original
!
!
flow monitor TEST
 exporter NAT_FLOW
 record netflow-original
!
parameter-map type inspect global
 log dropped-packets enable
 max-incomplete low 18000
 max-incomplete high 20000
!
multilink bundle-name authenticated
!
vpdn enable
!
!
!
key chain EIGRP_KEY_CHAIN
 key 1
  key-string 7 1212551A42180B167A3E34
no virtual-template subinterface
!
!
license udi pid C3900-SPE250/K9 sn FOC16014KHK
license accept end user agreement
license boot module c3900e technology-package securityk9
!
!
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf
 write-memory
 time-period 10080
object-group service ANY_CONNECT 
 tcp eq 443
 udp eq 443
!
object-group network PART_HTC 
 description nemo
 host 88.99.232.186
 host 46.61.183.9
 host 92.61.17.222
 host 92.55.34.57
!
object-group network PART_SELECTEL 
 host 185.137.232.142
!
object-group network FTP_USERS 
 host 87.249.244.215
 host 78.85.17.101
 host 78.85.37.100
 host 77.245.121.45
 host 89.148.228.140
 host 212.33.246.21
 host 84.201.247.66
 host 91.210.192.253
 host 78.85.24.16
 host 78.85.16.19
 host 78.85.17.47
 host 91.210.192.180
 host 194.79.33.154
 host 78.85.32.117
 host 212.48.53.102
 host 94.181.119.163
 host 146.120.104.227
 host 80.76.238.38
 host 77.41.138.22
 91.240.179.0 255.255.255.0
 host 213.87.94.94
 host 78.85.28.78
 host 86.109.199.218
 host 178.161.170.218
 host 94.181.119.90
 host 78.25.80.122
 host 92.55.34.57
 host 176.9.88.238
 host 78.85.99.241
 94.138.150.0 255.255.255.0
 host 194.150.90.20
 host 94.51.91.50
 group-object PART_HTC
 host 95.213.184.82
 host 185.137.232.142
 host 178.208.83.31
 host 37.46.131.147
 host 5.227.124.141
 host 195.19.101.162
 host 194.150.91.170
 group-object PART_SELECTEL
!
object-group network GRE_TUNNEL 
 host 88.80.33.182
 host 94.138.150.1
 host 178.47.128.98
 host 194.150.91.170
 host 5.227.125.114
 host 91.240.179.150
 host 46.147.130.59
 host 5.227.125.126
!
object-group network IRONPORT_SERVERS 
 host 91.240.179.26
 host 91.240.179.27
!
object-group service L2TP 
 udp eq isakmp
 udp eq non500-isakmp
 udp eq 1701
 tcp eq 1701
 esp
!
object-group network NET_BLACKLIST 
 host 167.160.182.20
!
object-group network OBJ_BBN_RN_BBN 
 host 85.140.32.104
 host 78.85.13.205
!
object-group network OBJ_BBN_VST_BBN 
 host 85.140.32.103
 host 83.169.220.204
!
object-group network OBJ_IZH_MLK_IZM 
 host 85.140.32.27
 host 78.85.13.42
 host 5.227.126.169
 host 31.173.105.54
 host 217.14.195.253
 host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11 
 91.240.179.0 255.255.255.0
 host 5.227.124.143
 host 78.85.13.93
 host 62.141.96.126
 host 84.201.247.190
 host 88.80.33.50
 host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM 
 host 5.227.124.82
 host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44 
 host 212.46.204.74
 host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48 
 host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR 
 host 87.249.239.226
 host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK 
 host 185.62.195.150
 host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK 
 host 31.173.105.62
 host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK 
 host 83.69.126.54
 host 94.180.253.210
 host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS 
 host 31.173.105.66
 host 78.85.13.52
 host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK 
 host 178.47.128.18
 host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM 
 host 31.173.105.58
 host 78.85.13.53
 host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK 
 host 37.113.128.241
 host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ 
 host 78.85.13.94
 host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA 
 host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK 
 host 78.25.80.134
 host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17 
 host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI 
 host 78.85.15.85
 host 84.201.247.24
 host 79.175.36.97
 host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB 
 host 62.168.232.182
 host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56 
 host 83.143.54.246
 host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM 
 host 85.140.32.177
 host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF 
 host 95.215.208.234
 host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF 
 host 85.140.32.141
 host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV 
 host 85.140.32.178
 host 94.181.119.90
 host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF 
 host 78.85.13.118
 host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF 
 host 178.47.130.10
 host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF 
 host 178.205.241.114
 host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL 
 host 5.227.124.130
 host 78.85.34.99
 host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH 
 host 88.80.33.250
 host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA 
 host 85.140.32.24
 host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB 
 host 78.85.37.88
 host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK 
 host 78.85.19.93
 host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK 
 host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM 
 host 89.232.91.106
 host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB 
 host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL 
 host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB 
 host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61 
 host 84.201.247.32
 host 88.80.33.194
 host 5.227.125.109
!
object-group network OBJ_YAN_GKZ_YEL 
 host 77.94.97.222
 host 213.87.197.29
!
object-group network OBJ_KUN_KMK_B2 
 94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80 
 host 178.161.207.26
 host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9 
 host 178.47.128.98
 host 195.69.159.2
!
object-group network OBJ_KGB_RN_KGB 
 host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH 
 host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI 
 host 78.85.13.167
!
object-group network OBJ_URN_RN_URN 
 host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM 
 host 88.80.32.230
 host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG 
 host 95.215.208.240
 host 146.120.104.235
 host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21 
 host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP 
 host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK 
 host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17 
 host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17 
 85.140.32.64 255.255.255.252
 host 85.140.32.63
 host 85.140.32.68
!
object-group network OBJ_IZH_KLS_P20 
 host 5.227.125.114
!
object-group network OBJ_IZH_KI_VOR158 
 host 46.147.130.59
 host 5.227.125.126
!
object-group network OBJ_KIA_RN_TR12 
 host 78.85.13.106
!
object-group network OBJ_KEN_KOTEL 
 host 5.227.120.54
 host 213.87.94.189
 host 93.93.139.222
!
object-group network OBJ_OTHER 
 host 78.85.21.21
 host 78.85.13.165
 host 78.85.13.167
 host 78.85.13.166
 host 78.85.13.205
 host 78.85.13.201
 host 78.85.13.107
 host 78.85.13.106
!
object-group network OBJ_SPB_KG_SPB 
 host 62.141.114.190
 host 94.72.27.43
!
object-group network OBJ_BRANCHES 
 group-object OBJ_IZH_MLK_IZM
 group-object OBJ_IZH_KG_P11
 group-object OBJ_IZH_VST_IZM
 group-object OBJ_IZH_TK_M44
 group-object OBJ_IZH_TK_M48
 group-object OBJ_IZH_TK_SMR
 group-object OBJ_MSK_KG_MSK
 group-object OBJ_GLZ_MLK_GMK
 group-object OBJ_KZN_MLK_KMK
 group-object OBJ_KEZ_MLK_KZS
 group-object OBJ_PRM_MLK_PHK
 group-object OBJ_SAR_MLK_SRM
 group-object OBJ_CLB_MLK_CMK
 group-object OBJ_BBN_RN_BBN
 group-object OBJ_GLZ_GKZ_GKZ
 group-object OBJ_KIA_RN_KIA
 group-object OBJ_IZH_TZK_TZK
 group-object OBJ_IZH_MK_VS17
 group-object OBJ_IZH_KL_KLI
 group-object OBJ_EKB_KG_EKB
 group-object OBJ_IZH_KEN_VS56
 group-object OBJ_IZH_VRS_IZM
 group-object OBJ_GLZ_VRS_UPF
 group-object OBJ_IZH_VRS_IPF
 group-object OBJ_IZH_VRS_PFV
 group-object OBJ_VOT_VRS_VPF
 group-object OBJ_PRM_VRS_MPF
 group-object OBJ_LAI_VRS_DPF
 group-object OBJ_ITL_VST_ITL
 group-object OBJ_MZH_VST_MZH
 group-object OBJ_KIA_VST_KIA
 group-object OBJ_KGB_VST_KBB
 group-object OBJ_SAR_VST_SMK
 group-object OBJ_KNK_VST_KMK
 group-object OBJ_BBN_VST_BBN
 group-object OBJ_SHM_TMA_SHM
 group-object OBJ_MSB_TMA_MSB
 group-object OBJ_EVL_TMA_EVL
 group-object OBJ_KIB_TMA_KIB
 group-object OBJ_IZH_KM_S61
 group-object OBJ_YAN_GKZ_YEL
 group-object OBJ_KUN_KMK_B2
 group-object OBJ_KUN_KMK_H80
 group-object OBJ_KUN_KMK_CH9
 group-object OBJ_KGB_RN_KGB
 group-object OBJ_NCH_RN_NCH
 group-object OBJ_PRI_RN_PRI
 group-object OBJ_URN_RN_URN
 group-object OBJ_MZH_TK_TKM
 group-object OBJ_GLZ_TK_TKG
 group-object OBJ_IZH_TK_M21
 group-object OBJ_IZH_HLA_PP
 group-object OBJ_IZH_HLA_UHK
 group-object OBJ_IZH_VD_VS17
 group-object OBJ_IZH_KS_H17
 group-object OBJ_IZH_KLS_P20
 group-object OBJ_IZH_KI_VOR158
 group-object OBJ_KIA_RN_TR12
 group-object OBJ_KEN_KOTEL
 group-object OBJ_OTHER
 group-object OBJ_SPB_KG_SPB
!
object-group network OBJ_CISCOASA 
 host 91.240.179.62
 host 91.240.179.63
 host 91.240.179.64
!
object-group network OBJ_HELP-CES-KOMOS 
 host 91.240.179.132
 host 91.240.179.133
!
object-group network OBJ_KSMG 
 host 91.240.179.73
 host 91.240.179.74
!
object-group network OBJ_NET_BLACKLIST 
 host 167.160.182.20
!
object-group network OBJ_NET_CISCOASA 
 host 91.240.179.28
 host 91.240.179.29
 host 91.240.179.30
 host 91.240.179.62
 host 91.240.179.63
 host 91.240.179.64
!
object-group network OBJ_PART_SELECTEL 
 host 185.137.232.142
!
object-group network OBJ_PART_HTC 
 host 95.213.184.82
 host 185.137.232.142
 host 178.208.83.31
 host 37.46.131.147
 host 5.227.124.141
 host 195.19.101.162
 host 194.150.91.170
 group-object OBJ_PART_SELECTEL
!
object-group network OBJ_NET_FTP_USERS 
 host 87.249.244.215
 host 78.85.17.101
 host 78.85.37.100
 host 77.245.121.45
 host 89.148.228.140
 host 212.33.246.21
 host 84.201.247.66
 host 91.210.192.253
 host 78.85.24.16
 host 78.85.16.19
 host 78.85.17.47
 host 91.210.192.180
 host 194.79.33.154
 host 78.85.32.117
 host 212.48.53.102
 host 94.181.119.163
 host 146.120.104.227
 host 80.76.238.38
 host 77.41.138.22
 91.240.179.0 255.255.255.0
 host 213.87.94.94
 host 78.85.28.78
 host 86.109.199.218
 host 178.161.170.218
 host 94.181.119.90
 host 78.25.80.122
 host 92.55.34.57
 host 176.9.88.238
 host 78.85.99.241
 94.138.150.0 255.255.255.0
 host 194.150.90.20
 host 94.51.91.50
 group-object OBJ_PART_HTC
 host 95.213.184.82
 host 185.137.232.142
 host 178.208.83.31
 host 37.46.131.147
 host 5.227.124.141
 host 195.19.101.162
 host 194.150.91.170
 group-object OBJ_PART_SELECTEL
!
object-group network OBJ_PART_Goods4Cust 
 description Makarov N
 host 109.236.69.166
 host 195.209.60.66
!
object-group network OBJ_PART_HEADLINE 
 host 87.249.247.80
!
object-group network OBJ_PART_LOGISTIX 
 host 185.185.58.141
!
object-group network OBJ_PART_ROSA 
 description Naydenov
 host 217.114.154.92
!
object-group network OBJ_SRV_IRONPORT 
 host 91.240.179.26
 host 91.240.179.27
!
object-group network OBJ_SRV_SKYPE 
 host 91.240.179.37
 host 91.240.179.38
 host 91.240.179.39
!
object-group service OBJ_SVC_ANY_CONNECT 
 tcp eq 443
 udp eq 443
!
object-group service OBJ_SVC_FTP 
 tcp eq ftp
 tcp eq ftp-data
 tcp range 50000 65535
!
object-group network OBJ_SVC_KSMG 
 host 91.240.179.73
 host 91.240.179.74
!
object-group service OBJ_SVC_L2TP 
 udp eq isakmp
 udp eq non500-isakmp
 udp eq 1701
 tcp eq 1701
 esp
!
object-group service OBJ_SVC_SFB 
 tcp eq 443
 tcp eq 5061
 udp eq domain
 udp eq 3478
!
object-group service OBJ_SVC_VIPole 
 udp range 3000 9000
 tcp eq 37210
 tcp eq 37212
 tcp eq 443
!
object-group network PART_Goods4Cust 
 description Makarov N
 host 109.236.69.166
 host 195.209.60.66
!
object-group network PART_HEADLINE 
 description Nemtyrev
 host 87.249.247.80
!
object-group network PART_PWEB 
 description Zayrinov
 host 185.94.174.137
!
object-group network PART_ROSA 
 description Naydenov
 host 217.114.154.92
!
object-group service SERVICE_FTP 
 tcp eq ftp
 tcp eq ftp-data
 tcp range 50000 65535
!
object-group service SERVICE_L2TP 
 udp eq isakmp
 udp eq non500-isakmp
 udp eq 1701
 tcp eq 1701
 esp
!
object-group service SERVICE_POSTFIX 
 tcp eq www
 tcp eq ftp
 tcp eq ftp-data
 tcp range 22 telnet
 tcp range 1024 65535
 tcp eq 443
!
object-group network SRV_SERVICEBUS 
!
object-group network SRV_SKYPE 
 host 91.240.179.37
 host 91.240.179.38
 host 91.240.179.39
!
object-group network STATIC_ISP_IP 
 host 62.141.96.126
 host 94.25.46.122
 host 91.240.179.127
!
object-group service SVC_SFB 
 tcp eq 443
 tcp eq 5061
 udp eq domain
 udp eq 3478
!
object-group service SVC_VIPole 
 udp range 3000 9000
 tcp eq 37210
 tcp eq 37212
 tcp eq 443
!
username netadmin privilege 15 secret 5 $1$CXvH$yxAGhCkECd7Kdck0iOAtI.
!
redundancy
bfd-template single-hop BFD-KOMOS
 interval min-tx 500 min-rx 500 multiplier 3
!
!
!
!
!
!
! 
!
crypto isakmp policy 20
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key KGp11KuMK2021 address 94.138.150.1   
crypto isakmp key KGp11KuMK2021 address 178.47.128.98  
crypto isakmp key KGP11KLS2021 address 5.227.125.114  
crypto isakmp key KGP11IZHVOR1582022 address 46.147.130.59  
crypto isakmp key KGP11IZHVOR1582022 address 5.227.125.126  
!
!
crypto ipsec transform-set TS_GREIPSEC esp-aes 256 esp-sha-hmac 
 mode transport require
!
crypto ipsec profile GRE_IPSEC
 set transform-set TS_GREIPSEC 
 set pfs group2
!
!
!
!
!
!
!
interface Loopback1
 ip address 91.240.179.127 255.255.255.255
!
interface Loopback111
 description MGM
 ip address 10.111.13.1 255.255.255.255
 ip nat outside
 ip virtual-reassembly in
!
interface Loopback7777
 description TK5705m
 no ip address
!
interface Tunnel111
 description [CORE] iBGP Transit to IZM
 bandwidth 200000
 ip address 172.30.32.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip tcp adjust-mss 1360
 ip ospf mtu-ignore
 keepalive 10 3
 bfd template BFD-KOMOS
 tunnel source Port-channel1.100
 tunnel destination 10.4.254.251
!
interface Tunnel201
 description IZH-KI-VOR158-RT-1-1
 ip address 10.1.50.5 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip tcp adjust-mss 1360
 keepalive 10 3
 bfd interval 300 min_rx 300 multiplier 3
 tunnel source Loopback1
 tunnel destination 46.147.130.59
 tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel202
 description IZH-KI-VOR158-RT-1-2
 ip address 10.1.50.9 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip tcp adjust-mss 1360
 keepalive 10 3
 bfd interval 300 min_rx 300 multiplier 3
 tunnel source Loopback1
 tunnel destination 5.227.125.126
 tunnel protection ipsec profile GRE_IPSEC
!
interface Port-channel1
 description [CORE] SW-1-2
 no ip address
 hold-queue 150 in
!
interface Port-channel1.100
 description REMOTE_MGMT
 encapsulation dot1Q 100
 ip address 10.1.1.2 255.255.255.0
 ip flow ingress
 ip flow egress
!
interface Port-channel1.551
 description --TRANSIT_HSRP--
 encapsulation dot1Q 551
 ip address 10.1.239.18 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in max-fragments 64 max-reassemblies 1024
!
interface Port-channel1.556
 description iBGP KOMOS_AS over ER-Telecom
 encapsulation dot1Q 556
 ip address 172.30.32.14 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 bfd template BFD-KOMOS
!
interface Port-channel1.557
 description iBGP KOMOS_AS over MTS
 encapsulation dot1Q 557
 ip address 172.30.32.18 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 bfd template BFD-KOMOS
!
interface Port-channel1.598
 description --BGP_KG_COD_TRANSIT--
 encapsulation dot1Q 598
 ip address 172.30.30.44 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
!
interface GigabitEthernet0/0
 description [ISP-100M] BEELINE
 bandwidth 100000
 ip address 62.141.96.126 255.255.255.252
 ip access-group ACL_FW_IN in
 no ip proxy-arp
 ip nat outside
 ip inspect Internet out
 ip virtual-reassembly in
 ip virtual-reassembly out max-reassemblies 24
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1
 description [ISP-200M] ROSTELECOM
 bandwidth 100000
 ip address 94.25.46.122 255.255.255.252
 ip access-group ACL_FW_IN in
 no ip proxy-arp
 ip nat outside
 ip inspect Internet out
 ip virtual-reassembly in
 ip virtual-reassembly out max-reassemblies 24
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/2
 bandwidth 100000
 no ip address
 duplex auto
 speed 1000
 channel-group 1
!
interface GigabitEthernet0/3
 no ip address
 duplex auto
 speed 1000
 channel-group 1
!
router ospf 111
 router-id 10.111.13.1
 auto-cost reference-bandwidth 10000
 passive-interface default
 no passive-interface Port-channel1.556
 no passive-interface Port-channel1.557
 no passive-interface Tunnel111
 network 10.111.13.1 0.0.0.0 area 0
 network 172.30.32.0 0.0.0.255 area 0
 bfd all-interfaces
!
router bgp 199014
 bgp log-neighbor-changes
 neighbor PG_IZH-KI-VOR158 peer-group
 neighbor PG_IZH-KI-VOR158 remote-as 64555
 neighbor PG_IZH-KI-VOR158 local-as 64513 no-prepend replace-as
 neighbor PG_KOMOS_AS peer-group
 neighbor PG_KOMOS_AS remote-as 199014
 neighbor PG_KOMOS_AS description iBGP to IZM
 neighbor 10.1.50.2 remote-as 65504
 neighbor 10.1.50.2 local-as 64513 no-prepend replace-as
 neighbor 10.1.50.2 description KGR-KUMK-KUMK
 neighbor 10.1.50.6 peer-group PG_IZH-KI-VOR158
 neighbor 10.1.50.10 peer-group PG_IZH-KI-VOR158
 neighbor 10.111.12.1 remote-as 199014
 neighbor 10.111.12.1 description iBGP to IZM
 neighbor 10.111.12.1 update-source Loopback111
 neighbor 62.141.96.125 remote-as 3216
 neighbor 94.25.46.121 remote-as 12389
 neighbor 172.30.30.46 remote-as 64513
 neighbor 172.30.30.46 description --BGP_WITH_6500--
 neighbor 172.30.31.2 remote-as 65505
 neighbor 172.30.31.2 local-as 64513 no-prepend replace-as
 !
 address-family ipv4
  network 10.1.50.4 mask 255.255.255.252
  network 10.1.50.8 mask 255.255.255.252
  network 62.141.96.124 mask 255.255.255.252
  network 91.240.179.0 mask 255.255.255.128
  network 91.240.179.0 mask 255.255.255.0
  network 91.240.179.0 route-map SET-COMMUNITY
  network 94.25.46.120 mask 255.255.255.252
  neighbor PG_IZH-KI-VOR158 next-hop-self
  neighbor PG_IZH-KI-VOR158 soft-reconfiguration inbound
  neighbor PG_IZH-KI-VOR158 route-map RM_TO_IZH-KI-VOR158 out
  neighbor PG_KOMOS_AS route-map RM_KOMOS_AS in
  neighbor PG_KOMOS_AS route-map RM_KOMOS_AS out
  neighbor 10.1.50.2 activate
  neighbor 10.1.50.2 route-map RM_FROM_KUMK in
  neighbor 10.1.50.2 route-map RM_TO_KUMK out
  neighbor 10.1.50.6 activate
  neighbor 10.1.50.10 activate
  neighbor 10.111.12.1 activate
  neighbor 10.111.12.1 next-hop-self all
  neighbor 10.111.12.1 route-map RM_KOMOS_AS in
  neighbor 10.111.12.1 route-map RM_KOMOS_AS out
  neighbor 62.141.96.125 activate
  neighbor 62.141.96.125 weight 110
  neighbor 62.141.96.125 prefix-list TO-BEELINE out
  neighbor 62.141.96.125 route-map UPLINK-in in
  neighbor 94.25.46.121 activate
  neighbor 94.25.46.121 weight 130
  neighbor 94.25.46.121 prefix-list TO-ROSTELECOM out
  neighbor 94.25.46.121 route-map UPLINK-in in
  neighbor 172.30.30.46 activate
  neighbor 172.30.30.46 next-hop-self all
  neighbor 172.30.30.46 soft-reconfiguration inbound
  neighbor 172.30.30.46 route-map RM_LOCAL_IN in
  neighbor 172.30.30.46 route-map RM_LOCAL_OUT out
  neighbor 172.30.31.2 activate
  neighbor 172.30.31.2 route-map RM_FROM_KUMK in
  neighbor 172.30.31.2 route-map RM_TO_KUMK out
 exit-address-family
 !
 address-family ipv4 multicast
 exit-address-family
!
ip forward-protocol nd
!
ip community-list standard MTS permit 2556024535
no ip http server
ip http authentication local
no ip http secure-server
ip flow-export source Port-channel1.100
ip flow-export version 5
ip flow-export destination 10.4.0.215 9995
ip flow-export destination 10.4.0.217 9995
ip flow-top-talkers
 top 10
 sort-by bytes
 cache-timeout 20000
!
ip tftp source-interface Port-channel1.100
ip nat translation timeout 450
ip nat translation tcp-timeout 300
ip nat translation pptp-timeout 1800
ip nat translation udp-timeout 310
ip nat translation dns-timeout 5
ip nat translation port-timeout tcp 110 60
ip nat translation port-timeout tcp 25 60
ip nat translation port-timeout tcp 80 300
ip nat translation port-timeout tcp 443 300
ip nat translation max-entries all-host 400
ip nat translation max-entries host 192.168.1.100 1000
ip nat translation max-entries host 192.168.2.100 1000
ip nat translation max-entries list 22 150
ip nat translation max-entries host 10.1.12.66 3000
ip nat translation max-entries host 192.168.1.21 1000
ip nat translation max-entries host 10.1.122.227 5000
ip nat translation max-entries host 10.1.19.250 1000
ip nat pool KG-1 91.240.179.50 91.240.179.54 netmask 255.255.255.0
ip nat pool KG-GUEST 91.240.179.55 91.240.179.55 netmask 255.255.255.0
ip nat pool POOL_MAIL_MILKOM 91.240.179.129 91.240.179.129 netmask 255.255.255.252
ip nat pool POOL_MAIL_MILKOM_2 91.240.179.70 91.240.179.70 netmask 255.255.255.252
ip nat pool POOL_HELP_KOMOS 91.240.179.131 91.240.179.131 netmask 255.255.255.0
ip nat pool KAZNACH_RESTRICT 91.240.179.88 91.240.179.88 netmask 255.255.255.0
ip nat pool POOL_OIB 91.240.179.35 91.240.179.35 netmask 255.255.255.0
ip nat inside source list ACL_KAZNACH_RESTRICT pool KAZNACH_RESTRICT overload
ip nat inside source list ACL_NAT_OIB pool POOL_OIB overload
ip nat inside source route-map RM_NAT_GLOBAL_OVERLOAD pool KG-1 overload no-payload
ip nat inside source route-map RM_NAT_HELP_KOMOS pool POOL_HELP_KOMOS overload
ip nat inside source route-map RM_NAT_MAIL_MILKOM pool POOL_MAIL_MILKOM overload
ip nat inside source route-map RM_NAT_MAIL_MILKOM_2 pool POOL_MAIL_MILKOM_2 overload
ip nat inside source route-map RM_NAT_WIRELESS pool KG-GUEST overload no-payload
ip nat inside source static udp 192.168.2.25 514 91.240.179.1 514 extendable
ip nat inside source static tcp 192.168.2.56 3389 91.240.179.1 3389 extendable
ip nat inside source static udp 10.1.12.29 3478 91.240.179.1 3478 extendable
ip nat inside source static tcp 192.168.2.56 5060 91.240.179.1 5060 extendable
ip nat inside source static tcp 10.1.12.29 8080 91.240.179.1 8080 extendable
ip nat inside source static tcp 192.168.2.38 9000 91.240.179.1 9000 extendable
ip nat inside source static tcp 192.168.2.80 1433 91.240.179.2 1433 extendable
ip nat inside source static tcp 192.168.3.143 3389 91.240.179.2 3389 extendable
ip nat inside source static tcp 192.168.2.209 3389 91.240.179.2 3391 extendable
ip nat inside source static tcp 192.168.2.101 3389 91.240.179.2 3392 extendable
ip nat inside source static tcp 10.1.8.15 3389 91.240.179.2 3394 extendable
ip nat inside source static tcp 192.168.2.35 3389 91.240.179.3 3389 extendable
ip nat inside source static tcp 192.168.2.19 3389 91.240.179.4 3389 extendable
ip nat inside source static tcp 192.168.2.72 443 91.240.179.5 443 extendable
ip nat inside source static tcp 192.168.2.72 2195 91.240.179.5 2195 extendable
ip nat inside source static tcp 192.168.2.72 2196 91.240.179.5 2196 extendable
ip nat inside source static tcp 192.168.2.72 5223 91.240.179.5 5223 extendable
ip nat inside source static tcp 192.168.2.34 3389 91.240.179.6 3389 extendable
ip nat inside source static tcp 192.168.2.9 80 91.240.179.7 80 extendable
ip nat inside source static tcp 192.168.2.9 3389 91.240.179.7 3389 extendable
ip nat inside source static tcp 10.1.12.66 80 91.240.179.8 80 extendable
ip nat inside source static tcp 10.1.12.66 443 91.240.179.8 443 extendable
ip nat inside source static tcp 10.1.12.66 22 91.240.179.8 2109 extendable
ip nat inside source static tcp 10.1.12.66 8893 91.240.179.8 8893 extendable
ip nat inside source static tcp 10.1.12.66 8894 91.240.179.8 8894 extendable
ip nat inside source static tcp 192.168.2.21 3389 91.240.179.10 3389 extendable
ip nat inside source static 192.168.2.131 91.240.179.12
ip nat inside source static tcp 192.168.2.3 1433 91.240.179.16 1433 extendable
ip nat inside source static 192.168.2.100 91.240.179.17
ip nat inside source static 192.168.1.81 91.240.179.18
ip nat inside source static 192.168.2.55 91.240.179.19
ip nat inside source static tcp 192.168.2.15 1433 91.240.179.21 1433 extendable
ip nat inside source static tcp 192.168.2.13 1433 91.240.179.22 1433 extendable
ip nat inside source static tcp 192.168.2.27 3389 91.240.179.23 3389 extendable
ip nat inside source static 10.1.24.3 91.240.179.31 no-payload
ip nat inside source static tcp 192.168.2.185 80 91.240.179.33 80 extendable
ip nat inside source static tcp 192.168.2.185 3389 91.240.179.33 3389 extendable
ip nat inside source static tcp 192.168.2.90 8080 91.240.179.34 8080 extendable
ip nat inside source static tcp 10.4.38.2 443 91.240.179.36 443 extendable
ip nat inside source static 10.4.38.2 91.240.179.36
ip nat inside source static 192.168.2.94 91.240.179.42
ip nat inside source static 192.168.2.33 91.240.179.43
ip nat inside source static 192.168.2.39 91.240.179.44
ip nat inside source static tcp 10.1.12.68 80 91.240.179.46 80 extendable
ip nat inside source static tcp 10.1.12.68 443 91.240.179.46 443 extendable
ip nat inside source static 10.4.38.1 91.240.179.48
ip nat inside source static tcp 192.168.2.88 3389 91.240.179.49 3391 extendable
ip nat inside source static tcp 192.168.2.88 8080 91.240.179.49 8080 extendable
ip nat inside source static tcp 192.168.2.88 9099 91.240.179.49 9099 extendable
ip nat inside source static tcp 192.168.2.88 9500 91.240.179.49 9500 extendable
ip nat inside source static 10.1.12.2 91.240.179.57
ip nat inside source static 192.168.3.233 91.240.179.58
ip nat inside source static tcp 192.168.2.45 3389 91.240.179.68 3389 extendable
ip nat inside source static tcp 192.168.2.45 5061 91.240.179.68 5060 extendable
ip nat inside source static 10.1.123.8 91.240.179.70
ip nat inside source static tcp 10.4.0.45 443 91.240.179.72 443 extendable
ip nat inside source static 10.4.38.21 91.240.179.73
ip nat inside source static 10.4.38.22 91.240.179.74
ip nat inside source static 10.4.7.6 91.240.179.129
ip nat inside source static tcp 10.4.0.184 80 91.240.179.131 80 extendable
ip nat inside source static tcp 10.4.0.184 443 91.240.179.131 443 extendable
ip nat inside source static tcp 10.4.0.184 2013 91.240.179.131 2013 extendable
ip nat inside source static 10.4.0.120 91.240.179.133
ip nat inside source static tcp 192.168.3.64 3389 91.240.179.178 4477 extendable
ip nat inside source static tcp 10.1.12.1 80 91.240.179.251 80 extendable
ip nat inside source static tcp 10.1.12.1 443 91.240.179.251 443 extendable
ip route 10.1.12.70 255.255.255.255 10.1.239.22 100 name --DMZ_1--
ip route 10.111.0.11 255.255.255.255 172.30.30.46 name LO_IZM-RT-1-1
ip route 91.240.179.0 255.255.255.0 Null0 254 name KOMOS_PI
ip route 91.240.179.254 255.255.255.255 172.30.30.46 name Lo11_SW-1-1
ip ssh version 2
!
ip access-list standard ACL_ACCESS_NET
 deny   10.1.122.17
 deny   10.1.122.19
 deny   10.1.123.1
 deny   10.1.123.2
 deny   10.1.123.3
 deny   10.1.123.4
 deny   10.1.123.5
 deny   10.1.123.6
 deny   10.1.123.7
 deny   10.1.123.8
 deny   10.1.123.9
 permit 192.168.0.0 0.0.3.255
 permit 10.1.19.0 0.0.0.255
 permit 10.1.4.0 0.0.3.255
 permit 10.1.20.0 0.0.3.255
 permit 10.1.28.0 0.0.0.255
 permit 10.1.8.0 0.0.1.255
 permit 10.1.26.0 0.0.0.255
 permit 10.1.27.0 0.0.0.255
 permit 10.1.122.0 0.0.0.255
 permit 10.1.123.0 0.0.0.255
 permit 10.1.2.0 0.0.1.255
 permit 10.1.249.0 0.0.0.63
 permit 10.1.31.0 0.0.0.255
 permit 10.1.32.0 0.0.0.255
 permit 10.1.39.0 0.0.0.255
ip access-list standard ACL_DMZ_1_NET
 permit 10.1.12.64 0.0.0.31
ip access-list standard ACL_DMZ_NET
 permit 10.1.18.0 0.0.0.255
 permit 10.1.12.0 0.0.0.63
ip access-list standard ACL_KAZNACH_RESTRICT
 permit 10.1.55.0 0.0.0.255
ip access-list standard ACL_NAT_ASAv
 permit 10.1.1.108
 permit 10.1.1.109
ip access-list standard ACL_NAT_HELP_KOMOS
 permit 10.4.0.184
ip access-list standard ACL_NAT_MAIL_MILKOM
 permit 10.4.7.0 0.0.0.7
ip access-list standard ACL_NAT_MAIL_MILKOM_2
 permit 10.1.123.1
 permit 10.1.123.2
 permit 10.1.123.3
 permit 10.1.123.4
 permit 10.1.123.5
 permit 10.1.123.6
 permit 10.1.123.7
 permit 10.1.123.8
 permit 10.1.123.9
ip access-list standard ACL_NAT_MK
 permit 10.14.30.0 0.0.0.255
 permit 10.14.26.0 0.0.0.255
ip access-list standard ACL_NAT_OIB
 permit 10.1.8.7
ip access-list standard ACL_WIRELESS_NET
 permit 10.1.13.0 0.0.0.255
 permit 10.1.34.0 0.0.1.255
 permit 10.1.38.0 0.0.0.255
!
ip access-list extended ACL_FROM_KUMK
 deny   tcp any any eq 445
 permit ip any 10.12.0.0 0.0.255.255
 permit ip host 10.1.50.2 host 10.1.50.1
 permit icmp 10.12.1.0 0.0.0.255 any
 permit icmp 10.12.0.0 0.0.0.255 any
 permit ip 10.12.1.0 0.0.0.255 host 10.1.9.207
 permit ip 10.12.1.0 0.0.0.255 host 192.168.8.137
 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.43
 permit ip 10.12.0.0 0.0.0.255 host 10.4.0.214
 permit ip host 10.12.0.254 any
 permit ip 10.12.0.0 0.0.127.255 10.12.252.0 0.0.3.255
 permit ip 10.12.252.0 0.0.3.255 10.12.0.0 0.0.127.255
 permit ip host 172.30.31.2 host 172.30.31.1
 permit ip host 10.12.252.254 any
 permit tcp any any eq domain
 permit udp any any eq domain
 permit ip any host 10.1.8.14
 permit icmp any any
 permit ip any host 10.1.9.207
 permit ip any host 10.4.0.214
 permit ip 10.12.4.0 0.0.0.255 any
 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.14
 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.15
 permit ip any host 10.4.0.15
 permit ip any host 10.4.0.14
 permit tcp any any eq 8291
ip access-list extended ACL_FW_IN
 permit icmp any any
 permit tcp any object-group STATIC_ISP_IP eq bgp
 permit ip object-group OBJ_BRANCHES 91.240.179.0 0.0.0.255
 permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
 deny   tcp any object-group STATIC_ISP_IP eq 22
 deny   ip object-group OBJ_NET_BLACKLIST any
 permit tcp any host 91.240.179.1 eq 443 2109 3000 8080 9000 9090
 permit udp any host 91.240.179.1 eq 3478 syslog
 permit tcp any host 91.240.179.5 eq 82 www 443 1433 2195 2196 5223
 permit tcp any host 91.240.179.11 eq domain
 permit udp any host 91.240.179.11 eq domain
 permit tcp any host 91.240.179.20 eq 443
 permit udp any host 91.240.179.28 eq non500-isakmp isakmp
 permit tcp any host 91.240.179.31 eq 7789
 permit tcp any host 91.240.179.36 eq www 443
 permit tcp any host 91.240.179.40 eq 443
 permit tcp any host 91.240.179.48 eq www 443
 permit tcp any host 91.240.179.49 eq 8080 9099
 permit tcp any host 91.240.179.57 eq www 443 8082 10001 12001
 permit tcp any host 91.240.179.66 eq 443 pop3 www
 permit tcp any host 91.240.179.68 eq 5060
 permit tcp any host 91.240.179.70 eq smtp www pop3 143 443 587 993 995
 permit tcp any host 91.240.179.129 eq smtp www pop3 143 443 587 993 995
 permit tcp any host 91.240.179.178 eq 4477
 permit tcp any host 91.240.179.251 eq www 443
 permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.2 eq 1433
 permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.5 eq 3395 5671 5672 15672
 permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.1 eq 3389
 permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.49 eq 3391
 permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.68 eq 3389
 permit tcp object-group OBJ_PART_ROSA host 91.240.179.131 eq www 443
 permit tcp object-group OBJ_PART_HTC host 91.240.179.71
 permit object-group OBJ_SVC_VIPole any host 91.240.179.32
 permit object-group OBJ_SVC_SFB any object-group OBJ_SRV_SKYPE
 permit object-group OBJ_SVC_ANY_CONNECT any object-group OBJ_NET_CISCOASA
 permit object-group OBJ_SVC_L2TP any host 91.240.179.28
 permit object-group OBJ_SVC_FTP object-group OBJ_NET_FTP_USERS host 91.240.179.71
 permit tcp any object-group OBJ_SVC_KSMG eq smtp
 permit tcp any object-group OBJ_SRV_IRONPORT eq smtp
ip access-list extended ACL_VTY
 permit ip 10.1.0.0 0.0.255.255 any
 permit ip 10.4.0.0 0.0.255.255 any
 permit ip 10.14.112.0 0.0.15.255 any
 deny   ip any any log
ip access-list extended FIREWALL
 deny   tcp any object-group STATIC_ISP_IP eq 22
 permit tcp any host 91.240.179.31 eq 7789
 permit ip any host 91.240.179.35
 permit tcp 17.0.0.0 0.0.0.255 91.240.179.0 0.0.0.255 eq 5223
 permit tcp any host 91.240.179.36 eq www 443
 permit tcp any host 91.240.179.20 eq 443
 permit tcp any host 91.240.179.48 eq www 443
 permit tcp any host 91.240.179.11 eq domain
 permit udp any host 91.240.179.11 eq domain
 permit ip 17.0.0.0 0.0.0.255 91.240.179.0 0.0.0.255
 permit ip object-group OBJ_BRANCHES 91.240.179.0 0.0.0.255
 permit udp any host 91.240.179.28 eq isakmp
 permit udp any host 91.240.179.28 eq non500-isakmp
 deny   ip object-group NET_BLACKLIST any
 permit tcp any host 91.240.179.5 eq www 443 1433 2195 2196 5223
 permit tcp object-group PART_ROSA host 91.240.179.131 eq www 443
 permit object-group SVC_VIPole any host 91.240.179.32
 permit tcp object-group PART_Goods4Cust host 91.240.179.5 eq 3395 5671 5672 15672
 permit tcp object-group PART_Goods4Cust host 91.240.179.2 eq 1433
 permit gre any host 91.240.179.55
 permit tcp any host 91.240.179.49 eq 8080
 permit tcp any host 91.240.179.49 eq 9099
 permit tcp object-group PART_HEADLINE host 91.240.179.49 eq 3391
 permit tcp any host 91.240.179.1 eq 443
 permit tcp any host 91.240.179.1 eq 3000
 permit tcp any host 91.240.179.5 eq 82
 permit tcp any host 91.240.179.1 eq 8080
 permit tcp any host 91.240.179.1 eq 9090
 permit tcp object-group PART_HEADLINE host 91.240.179.68 eq 3389
 permit tcp object-group PART_HEADLINE host 91.240.179.1 eq 3389
 permit object-group SVC_SFB any object-group SRV_SKYPE
 permit tcp any host 91.240.179.40 eq 443
 permit ip host 178.47.128.98 host 91.240.179.254
 permit gre object-group GRE_TUNNEL host 91.240.179.254
 permit udp object-group GRE_TUNNEL host 91.240.179.254 eq isakmp
 permit ip host 94.138.150.1 host 91.240.179.254
 permit ip object-group GRE_TUNNEL host 91.240.179.127
 permit tcp any host 91.240.179.70 eq smtp www pop3 143 443 587 993 995
 deny   tcp any host 91.240.179.70 eq 3389
 permit tcp any host 91.240.179.129 eq smtp www pop3 143 443 587 993 995
 permit tcp any host 91.240.179.66 eq 443
 permit tcp any host 91.240.179.66 eq pop3
 permit tcp any host 91.240.179.66 eq www
 deny   tcp any host 91.240.179.66 eq 3389
 permit tcp any host 91.240.179.57 eq www 443 8082 10001 12001
 permit ip any host 91.240.179.85
 permit udp any host 91.240.179.1 eq 3478
 permit object-group ANY_CONNECT any host 91.240.179.28
 permit object-group L2TP any host 91.240.179.28
 permit object-group ANY_CONNECT any host 91.240.179.29
 permit object-group ANY_CONNECT any host 91.240.179.30
 permit udp any host 91.240.179.1 eq syslog
 permit icmp any any
 permit tcp any host 91.240.179.178 eq 4477
 permit udp any eq ntp any
 permit tcp any host 91.240.179.1 eq 9000
 permit tcp any host 91.240.179.251 eq www
 permit tcp any host 91.240.179.251 eq 443
 permit tcp any host 91.240.179.1 eq 2109
 permit tcp any any eq bgp
 permit tcp any host 91.240.179.68 eq 5060
 permit tcp any object-group IRONPORT_SERVERS eq smtp
 permit ip host 178.208.83.31 host 91.240.179.71
 permit object-group SERVICE_FTP object-group FTP_USERS host 91.240.179.71
 permit object-group SERVICE_L2TP any host 91.240.179.128
 deny   tcp any 91.240.179.0 0.0.0.31 eq 3389
 permit object-group ANY_CONNECT any object-group OBJ_CISCOASA
 permit tcp any object-group OBJ_KSMG eq smtp
!
!
ip prefix-list Deny_Reserved_Net seq 5 deny 0.0.0.0/8 le 24
ip prefix-list Deny_Reserved_Net seq 10 deny 10.0.0.0/8 le 24
ip prefix-list Deny_Reserved_Net seq 15 deny 100.64.0.0/10 le 24
ip prefix-list Deny_Reserved_Net seq 20 deny 127.0.0.0/8 le 24
ip prefix-list Deny_Reserved_Net seq 25 deny 169.254.0.0/16 le 24
ip prefix-list Deny_Reserved_Net seq 30 deny 172.16.0.0/12 le 24
ip prefix-list Deny_Reserved_Net seq 35 deny 192.0.0.0/24
ip prefix-list Deny_Reserved_Net seq 40 deny 192.0.2.0/24
ip prefix-list Deny_Reserved_Net seq 45 deny 192.168.0.0/16 le 24
ip prefix-list Deny_Reserved_Net seq 50 deny 198.18.0.0/15 le 24
ip prefix-list Deny_Reserved_Net seq 55 deny 198.51.100.0/24
ip prefix-list Deny_Reserved_Net seq 60 deny 203.0.113.0/24
ip prefix-list Deny_Reserved_Net seq 65 deny 240.0.0.0/4 le 24
ip prefix-list Deny_Reserved_Net seq 100 permit 0.0.0.0/0 le 22
!
ip prefix-list PFL_ROUTE_FROM_MLK seq 10 permit 10.4.0.0/14 le 24
ip prefix-list PFL_ROUTE_FROM_MLK seq 20 permit 192.168.0.0/16
ip prefix-list PFL_ROUTE_FROM_MLK seq 30 permit 172.17.100.0/29
ip prefix-list PFL_ROUTE_FROM_MLK seq 40 permit 172.31.31.0/24
ip prefix-list PFL_ROUTE_FROM_MLK seq 50 permit 172.31.35.0/24
!
ip prefix-list PFL_TO_6500 seq 5 permit 10.12.252.0/22
ip prefix-list PFL_TO_6500 seq 10 permit 10.12.0.0/17
ip prefix-list PFL_TO_6500 seq 15 permit 10.14.112.0/20 le 32
ip prefix-list PFL_TO_6500 seq 20 permit 10.1.50.0/24 le 30
ip prefix-list PFL_TO_6500 seq 25 permit 10.111.0.21/32
ip prefix-list PFL_TO_6500 seq 100 deny 0.0.0.0/0 le 32
!
ip prefix-list PL_FROM_KLS seq 10 permit 10.14.100.0/22
!
ip prefix-list PL_FROM_KUMK seq 5 permit 10.12.0.0/16 le 24
ip prefix-list PL_FROM_KUMK seq 10 permit 10.12.252.0/22
!
ip prefix-list PL_KOMOS_AS seq 5 permit 0.0.0.0/0
ip prefix-list PL_KOMOS_AS seq 10 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_LOCAL_IN seq 5 deny 0.0.0.0/0
ip prefix-list PL_LOCAL_IN seq 10 permit 10.0.0.0/8 le 32
ip prefix-list PL_LOCAL_IN seq 15 permit 192.168.0.0/16 le 32
ip prefix-list PL_LOCAL_IN seq 20 permit 172.16.0.0/12 le 32
ip prefix-list PL_LOCAL_IN seq 25 permit 91.240.179.0/24 ge 32
!
ip prefix-list PL_LOCAL_OUT seq 10 permit 10.0.0.0/8 le 32
ip prefix-list PL_LOCAL_OUT seq 15 permit 192.168.0.0/16 le 32
ip prefix-list PL_LOCAL_OUT seq 20 permit 172.16.0.0/12 le 32
ip prefix-list PL_LOCAL_OUT seq 25 permit 91.240.179.0/24 ge 32
!
ip prefix-list PL_TO_IZH-KI-VOR158 seq 5 permit 10.0.0.0/8 le 24
ip prefix-list PL_TO_IZH-KI-VOR158 seq 10 permit 192.168.0.0/16 le 24
ip prefix-list PL_TO_IZH-KI-VOR158 seq 15 permit 172.31.35.0/24
!
ip prefix-list PL_TO_KLS seq 5 permit 10.0.0.0/8 le 24
ip prefix-list PL_TO_KLS seq 10 permit 192.168.0.0/16 le 24
!
ip prefix-list PL_TO_KUMK seq 5 permit 10.1.0.0/16 le 24
ip prefix-list PL_TO_KUMK seq 10 permit 10.4.0.0/16 le 24
!
ip prefix-list TEST_ARR seq 5 permit 91.240.179.243/32
!
ip prefix-list TO-BEELINE seq 5 permit 91.240.179.0/24
ip prefix-list TO-BEELINE seq 10 permit 91.240.179.0/25
!
ip prefix-list TO-ROSTELECOM seq 5 permit 91.240.179.0/24
!
ip prefix-list local seq 5 permit 91.240.179.0/24
kron occurrence EveryDay at 1:00 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging trap debugging
logging origin-id hostname
logging facility local1
logging source-interface Port-channel1.100
logging host 192.168.2.25
logging host 10.4.244.4 transport udp port 515
!
route-map RM_FROM_KUMK permit 10
 match ip address prefix-list PL_FROM_KUMK
!
route-map RM_NAT_MAIL_MILKOM permit 10
 match ip address ACL_NAT_MAIL_MILKOM
!
route-map RM_NAT_GLOBAL_OVERLOAD permit 10
 match ip address ACL_ACCESS_NET ACL_DMZ_NET ACL_DMZ_1_NET ACL_NAT_ASAv ACL_NAT_MK
!
route-map RM_TO_KUMK permit 10
 match ip address prefix-list PL_TO_KUMK
!
route-map RM_LOCAL_OUT permit 10
 match ip address prefix-list PL_LOCAL_OUT
!
route-map MTS-OUT permit 10
 match community 39001:54999
!
route-map RM_TO_IZH-KI-VOR158 permit 10
 match ip address prefix-list PL_TO_IZH-KI-VOR158
!
route-map UPLINK-in permit 10
 match ip address prefix-list Deny_Reserved_Net
 set local-preference 500
!
route-map SET-COMMUNITY permit 10
 set community 2556024535
!
route-map RM_NAT_WIRELESS permit 10
 match ip address ACL_WIRELESS_NET
!
route-map RM_TO_KLS permit 10
 match ip address prefix-list PL_TO_KLS
!
route-map RM_LOCAL_IN permit 10
 match ip address prefix-list PL_LOCAL_IN
!
route-map RM_TEST_SLA permit 10
!
route-map RM_KOMOS_AS permit 10
 match ip address prefix-list PL_KOMOS_AS
!
route-map RM_FROM_KLS permit 10
 match ip address prefix-list PL_FROM_KLS
!
route-map RM_NAT_HELP_KOMOS permit 10
 match ip address ACL_NAT_HELP_KOMOS
!
route-map RM_NAT_MAIL_MILKOM_2 permit 10
 match ip address ACL_NAT_MAIL_MILKOM_2
!
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv 
access-list 11 remark -==NTP CLIENTS==-
access-list 11 permit 10.1.1.0 0.0.0.255
access-list 11 permit 172.168.1.0 0.0.0.3
access-list 11 permit 10.1.25.0 0.0.0.255
access-list 11 deny   any
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
!
control-plane
!
alias exec sib show ip int brief
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
!
line con 0
 logging synchronous
 login authentication CONSOLE
line aux 0
line vty 0 4
 access-class ACL_VTY in vrf-also
 exec-timeout 120 0
 login authentication NPS
 length 0
 transport input ssh
line vty 5 15
 access-class ACL_VTY in vrf-also
 exec-timeout 120 0
 login authentication NPS
 transport input ssh
!
scheduler allocate 20000 1000
ntp source Port-channel1.551
ntp access-group serve 11
ntp master 3
ntp update-calendar
ntp server 10.1.8.1
ntp server 10.1.8.2
!
end