1496 lines
43 KiB
Plaintext
1496 lines
43 KiB
Plaintext
|
Building configuration...
|
||
|
|
|
||
|
|
|
||
|
|
Current configuration : 43575 bytes
|
||
|
|
!
|
||
|
|
! Last configuration change at 16:32:20 IZH Wed Jul 20 2022 by akhmetzyanovrr_adm
|
||
|
|
! NVRAM config last updated at 01:00:26 IZH Thu Jul 28 2022
|
||
|
|
!
|
||
|
|
version 15.6
|
||
|
|
service timestamps debug datetime msec localtime show-timezone year
|
||
|
|
service timestamps log datetime msec localtime show-timezone year
|
||
|
|
no service password-encryption
|
||
|
|
service sequence-numbers
|
||
|
|
!
|
||
|
|
hostname IZH-KG-P11-RT-1-1
|
||
|
|
!
|
||
|
|
boot-start-marker
|
||
|
|
boot system flash:c3900e-universalk9-mz.SPA.156-3.M6.bin
|
||
|
|
boot-end-marker
|
||
|
|
!
|
||
|
|
!
|
||
|
|
logging buffered 65536
|
||
|
|
logging rate-limit 100 except warnings
|
||
|
|
enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1
|
||
|
|
!
|
||
|
|
aaa new-model
|
||
|
|
!
|
||
|
|
!
|
||
|
|
aaa group server radius NPS
|
||
|
|
server name IZH-RDS002
|
||
|
|
server name P11-RDS003
|
||
|
|
ip radius source-interface Port-channel1.100
|
||
|
|
load-balance method least-outstanding
|
||
|
|
!
|
||
|
|
aaa authentication login default group NPS local enable
|
||
|
|
aaa authentication login CONSOLE local group NPS
|
||
|
|
aaa authorization exec default group NPS local if-authenticated
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
aaa session-id common
|
||
|
|
memory-size iomem 25
|
||
|
|
clock timezone IZH 4 0
|
||
|
|
clock calendar-valid
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
ip flow-cache timeout inactive 60
|
||
|
|
ip flow-cache timeout active 5
|
||
|
|
no ip domain lookup
|
||
|
|
ip domain name komos.ru
|
||
|
|
ip host VM-KG-NET 10.1.12.70
|
||
|
|
ip host tftp 10.4.0.214
|
||
|
|
ip inspect tcp reassembly queue length 128
|
||
|
|
ip inspect tcp reassembly timeout 10
|
||
|
|
ip inspect name Internet bgp
|
||
|
|
ip inspect name Internet dns
|
||
|
|
ip inspect name Internet ftp
|
||
|
|
ip inspect name Internet http
|
||
|
|
ip inspect name Internet ntp
|
||
|
|
ip inspect name Internet pop3
|
||
|
|
ip inspect name Internet sip
|
||
|
|
ip inspect name Internet smtp
|
||
|
|
ip inspect name Internet ssh
|
||
|
|
ip inspect name Internet tcp
|
||
|
|
ip inspect name Internet telnet
|
||
|
|
ip inspect name Internet udp
|
||
|
|
ip inspect name Internet pptp
|
||
|
|
ip inspect name Internet icmp
|
||
|
|
ip inspect name Internet l2tp
|
||
|
|
ip inspect name Internet h323
|
||
|
|
ip inspect name Internet ipsec-msft
|
||
|
|
ip inspect name Internet isakmp
|
||
|
|
ip inspect name Internet sip-tls
|
||
|
|
ip accounting-threshold 100000
|
||
|
|
ip cef
|
||
|
|
login on-failure log
|
||
|
|
login on-success log
|
||
|
|
no ipv6 cef
|
||
|
|
!
|
||
|
|
!
|
||
|
|
flow exporter NAT_FLOW
|
||
|
|
destination 10.4.0.214
|
||
|
|
transport udp 2055
|
||
|
|
!
|
||
|
|
!
|
||
|
|
flow monitor NAT_FLOW
|
||
|
|
exporter NAT_FLOW
|
||
|
|
record netflow-original
|
||
|
|
!
|
||
|
|
!
|
||
|
|
flow monitor TEST
|
||
|
|
exporter NAT_FLOW
|
||
|
|
record netflow-original
|
||
|
|
!
|
||
|
|
parameter-map type inspect global
|
||
|
|
log dropped-packets enable
|
||
|
|
max-incomplete low 18000
|
||
|
|
max-incomplete high 20000
|
||
|
|
!
|
||
|
|
multilink bundle-name authenticated
|
||
|
|
!
|
||
|
|
vpdn enable
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
key chain EIGRP_KEY_CHAIN
|
||
|
|
key 1
|
||
|
|
key-string 7 1212551A42180B167A3E34
|
||
|
|
no virtual-template subinterface
|
||
|
|
!
|
||
|
|
!
|
||
|
|
license udi pid C3900-SPE250/K9 sn FOC16014KHK
|
||
|
|
license accept end user agreement
|
||
|
|
license boot module c3900e technology-package securityk9
|
||
|
|
!
|
||
|
|
!
|
||
|
|
archive
|
||
|
|
log config
|
||
|
|
logging enable
|
||
|
|
logging size 900
|
||
|
|
notify syslog contenttype plaintext
|
||
|
|
hidekeys
|
||
|
|
path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf
|
||
|
|
write-memory
|
||
|
|
time-period 10080
|
||
|
|
object-group service ANY_CONNECT
|
||
|
|
tcp eq 443
|
||
|
|
udp eq 443
|
||
|
|
!
|
||
|
|
object-group network PART_HTC
|
||
|
|
description nemo
|
||
|
|
host 88.99.232.186
|
||
|
|
host 46.61.183.9
|
||
|
|
host 92.61.17.222
|
||
|
|
host 92.55.34.57
|
||
|
|
!
|
||
|
|
object-group network PART_SELECTEL
|
||
|
|
host 185.137.232.142
|
||
|
|
!
|
||
|
|
object-group network FTP_USERS
|
||
|
|
host 87.249.244.215
|
||
|
|
host 78.85.17.101
|
||
|
|
host 78.85.37.100
|
||
|
|
host 77.245.121.45
|
||
|
|
host 89.148.228.140
|
||
|
|
host 212.33.246.21
|
||
|
|
host 84.201.247.66
|
||
|
|
host 91.210.192.253
|
||
|
|
host 78.85.24.16
|
||
|
|
host 78.85.16.19
|
||
|
|
host 78.85.17.47
|
||
|
|
host 91.210.192.180
|
||
|
|
host 194.79.33.154
|
||
|
|
host 78.85.32.117
|
||
|
|
host 212.48.53.102
|
||
|
|
host 94.181.119.163
|
||
|
|
host 146.120.104.227
|
||
|
|
host 80.76.238.38
|
||
|
|
host 77.41.138.22
|
||
|
|
91.240.179.0 255.255.255.0
|
||
|
|
host 213.87.94.94
|
||
|
|
host 78.85.28.78
|
||
|
|
host 86.109.199.218
|
||
|
|
host 178.161.170.218
|
||
|
|
host 94.181.119.90
|
||
|
|
host 78.25.80.122
|
||
|
|
host 92.55.34.57
|
||
|
|
host 176.9.88.238
|
||
|
|
host 78.85.99.241
|
||
|
|
94.138.150.0 255.255.255.0
|
||
|
|
host 194.150.90.20
|
||
|
|
host 94.51.91.50
|
||
|
|
group-object PART_HTC
|
||
|
|
host 95.213.184.82
|
||
|
|
host 185.137.232.142
|
||
|
|
host 178.208.83.31
|
||
|
|
host 37.46.131.147
|
||
|
|
host 5.227.124.141
|
||
|
|
host 195.19.101.162
|
||
|
|
host 194.150.91.170
|
||
|
|
group-object PART_SELECTEL
|
||
|
|
!
|
||
|
|
object-group network GRE_TUNNEL
|
||
|
|
host 88.80.33.182
|
||
|
|
host 94.138.150.1
|
||
|
|
host 178.47.128.98
|
||
|
|
host 194.150.91.170
|
||
|
|
host 5.227.125.114
|
||
|
|
host 91.240.179.150
|
||
|
|
host 46.147.130.59
|
||
|
|
host 5.227.125.126
|
||
|
|
!
|
||
|
|
object-group network IRONPORT_SERVERS
|
||
|
|
host 91.240.179.26
|
||
|
|
host 91.240.179.27
|
||
|
|
!
|
||
|
|
object-group service L2TP
|
||
|
|
udp eq isakmp
|
||
|
|
udp eq non500-isakmp
|
||
|
|
udp eq 1701
|
||
|
|
tcp eq 1701
|
||
|
|
esp
|
||
|
|
!
|
||
|
|
object-group network NET_BLACKLIST
|
||
|
|
host 167.160.182.20
|
||
|
|
!
|
||
|
|
object-group network OBJ_BBN_RN_BBN
|
||
|
|
host 85.140.32.104
|
||
|
|
host 78.85.13.205
|
||
|
|
!
|
||
|
|
object-group network OBJ_BBN_VST_BBN
|
||
|
|
host 85.140.32.103
|
||
|
|
host 83.169.220.204
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_MLK_IZM
|
||
|
|
host 85.140.32.27
|
||
|
|
host 78.85.13.42
|
||
|
|
host 5.227.126.169
|
||
|
|
host 31.173.105.54
|
||
|
|
host 217.14.195.253
|
||
|
|
host 85.175.86.74
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KG_P11
|
||
|
|
91.240.179.0 255.255.255.0
|
||
|
|
host 5.227.124.143
|
||
|
|
host 78.85.13.93
|
||
|
|
host 62.141.96.126
|
||
|
|
host 84.201.247.190
|
||
|
|
host 88.80.33.50
|
||
|
|
host 94.25.46.122
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VST_IZM
|
||
|
|
host 5.227.124.82
|
||
|
|
host 78.85.13.38
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_M44
|
||
|
|
host 212.46.204.74
|
||
|
|
host 88.80.33.162
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_M48
|
||
|
|
host 87.249.237.250
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_SMR
|
||
|
|
host 87.249.239.226
|
||
|
|
host 88.80.33.42
|
||
|
|
!
|
||
|
|
object-group network OBJ_MSK_KG_MSK
|
||
|
|
host 185.62.195.150
|
||
|
|
host 185.6.175.101
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_MLK_GMK
|
||
|
|
host 31.173.105.62
|
||
|
|
host 85.140.32.29
|
||
|
|
!
|
||
|
|
object-group network OBJ_KZN_MLK_KMK
|
||
|
|
host 83.69.126.54
|
||
|
|
host 94.180.253.210
|
||
|
|
host 78.138.171.82
|
||
|
|
!
|
||
|
|
object-group network OBJ_KEZ_MLK_KZS
|
||
|
|
host 31.173.105.66
|
||
|
|
host 78.85.13.52
|
||
|
|
host 85.140.32.30
|
||
|
|
!
|
||
|
|
object-group network OBJ_PRM_MLK_PHK
|
||
|
|
host 178.47.128.18
|
||
|
|
host 46.146.210.68
|
||
|
|
!
|
||
|
|
object-group network OBJ_SAR_MLK_SRM
|
||
|
|
host 31.173.105.58
|
||
|
|
host 78.85.13.53
|
||
|
|
host 85.140.32.28
|
||
|
|
!
|
||
|
|
object-group network OBJ_CLB_MLK_CMK
|
||
|
|
host 37.113.128.241
|
||
|
|
host 149.255.6.35
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_GKZ_GKZ
|
||
|
|
host 78.85.13.94
|
||
|
|
host 146.120.104.181
|
||
|
|
!
|
||
|
|
object-group network OBJ_KIA_RN_KIA
|
||
|
|
host 78.85.14.97
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TZK_TZK
|
||
|
|
host 78.25.80.134
|
||
|
|
host 5.227.124.235
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_MK_VS17
|
||
|
|
host 5.227.124.141
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KL_KLI
|
||
|
|
host 78.85.15.85
|
||
|
|
host 84.201.247.24
|
||
|
|
host 79.175.36.97
|
||
|
|
host 84.201.244.235
|
||
|
|
!
|
||
|
|
object-group network OBJ_EKB_KG_EKB
|
||
|
|
host 62.168.232.182
|
||
|
|
host 176.215.14.11
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KEN_VS56
|
||
|
|
host 83.143.54.246
|
||
|
|
host 92.55.54.109
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VRS_IZM
|
||
|
|
host 85.140.32.177
|
||
|
|
host 78.85.14.98
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_VRS_UPF
|
||
|
|
host 95.215.208.234
|
||
|
|
host 78.85.13.119
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VRS_IPF
|
||
|
|
host 85.140.32.141
|
||
|
|
host 78.85.13.117
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VRS_PFV
|
||
|
|
host 85.140.32.178
|
||
|
|
host 94.181.119.90
|
||
|
|
host 78.85.33.50
|
||
|
|
!
|
||
|
|
object-group network OBJ_VOT_VRS_VPF
|
||
|
|
host 78.85.13.118
|
||
|
|
host 88.80.33.14
|
||
|
|
!
|
||
|
|
object-group network OBJ_PRM_VRS_MPF
|
||
|
|
host 178.47.130.10
|
||
|
|
host 5.227.121.127
|
||
|
|
!
|
||
|
|
object-group network OBJ_LAI_VRS_DPF
|
||
|
|
host 178.205.241.114
|
||
|
|
host 46.232.164.108
|
||
|
|
!
|
||
|
|
object-group network OBJ_ITL_VST_ITL
|
||
|
|
host 5.227.124.130
|
||
|
|
host 78.85.34.99
|
||
|
|
host 81.211.13.82
|
||
|
|
!
|
||
|
|
object-group network OBJ_MZH_VST_MZH
|
||
|
|
host 88.80.33.250
|
||
|
|
host 83.169.220.171
|
||
|
|
!
|
||
|
|
object-group network OBJ_KIA_VST_KIA
|
||
|
|
host 85.140.32.24
|
||
|
|
host 188.94.168.238
|
||
|
|
!
|
||
|
|
object-group network OBJ_KGB_VST_KBB
|
||
|
|
host 78.85.37.88
|
||
|
|
host 88.80.33.154
|
||
|
|
!
|
||
|
|
object-group network OBJ_SAR_VST_SMK
|
||
|
|
host 78.85.19.93
|
||
|
|
host 88.80.33.234
|
||
|
|
!
|
||
|
|
object-group network OBJ_KNK_VST_KMK
|
||
|
|
host 178.161.242.67
|
||
|
|
!
|
||
|
|
object-group network OBJ_SHM_TMA_SHM
|
||
|
|
host 89.232.91.106
|
||
|
|
host 31.173.182.210
|
||
|
|
!
|
||
|
|
object-group network OBJ_MSB_TMA_MSB
|
||
|
|
host 78.138.182.214
|
||
|
|
!
|
||
|
|
object-group network OBJ_EVL_TMA_EVL
|
||
|
|
host 89.232.102.166
|
||
|
|
!
|
||
|
|
object-group network OBJ_KIB_TMA_KIB
|
||
|
|
host 78.138.182.126
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KM_S61
|
||
|
|
host 84.201.247.32
|
||
|
|
host 88.80.33.194
|
||
|
|
host 5.227.125.109
|
||
|
|
!
|
||
|
|
object-group network OBJ_YAN_GKZ_YEL
|
||
|
|
host 77.94.97.222
|
||
|
|
host 213.87.197.29
|
||
|
|
!
|
||
|
|
object-group network OBJ_KUN_KMK_B2
|
||
|
|
94.138.150.0 255.255.255.0
|
||
|
|
!
|
||
|
|
object-group network OBJ_KUN_KMK_H80
|
||
|
|
host 178.161.207.26
|
||
|
|
host 77.43.193.88
|
||
|
|
!
|
||
|
|
object-group network OBJ_KUN_KMK_CH9
|
||
|
|
host 178.47.128.98
|
||
|
|
host 195.69.159.2
|
||
|
|
!
|
||
|
|
object-group network OBJ_KGB_RN_KGB
|
||
|
|
host 78.85.13.165
|
||
|
|
!
|
||
|
|
object-group network OBJ_NCH_RN_NCH
|
||
|
|
host 78.85.13.166
|
||
|
|
!
|
||
|
|
object-group network OBJ_PRI_RN_PRI
|
||
|
|
host 78.85.13.167
|
||
|
|
!
|
||
|
|
object-group network OBJ_URN_RN_URN
|
||
|
|
host 78.85.20.49
|
||
|
|
!
|
||
|
|
object-group network OBJ_MZH_TK_TKM
|
||
|
|
host 88.80.32.230
|
||
|
|
host 78.85.35.34
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_TK_TKG
|
||
|
|
host 95.215.208.240
|
||
|
|
host 146.120.104.235
|
||
|
|
host 95.215.208.173
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_M21
|
||
|
|
host 84.201.242.133
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_HLA_PP
|
||
|
|
host 92.61.17.250
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_HLA_UHK
|
||
|
|
host 92.55.7.148
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VD_VS17
|
||
|
|
host 84.201.247.100
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KS_H17
|
||
|
|
85.140.32.64 255.255.255.252
|
||
|
|
host 85.140.32.63
|
||
|
|
host 85.140.32.68
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KLS_P20
|
||
|
|
host 5.227.125.114
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KI_VOR158
|
||
|
|
host 46.147.130.59
|
||
|
|
host 5.227.125.126
|
||
|
|
!
|
||
|
|
object-group network OBJ_KIA_RN_TR12
|
||
|
|
host 78.85.13.106
|
||
|
|
!
|
||
|
|
object-group network OBJ_KEN_KOTEL
|
||
|
|
host 5.227.120.54
|
||
|
|
host 213.87.94.189
|
||
|
|
host 93.93.139.222
|
||
|
|
!
|
||
|
|
object-group network OBJ_OTHER
|
||
|
|
host 78.85.21.21
|
||
|
|
host 78.85.13.165
|
||
|
|
host 78.85.13.167
|
||
|
|
host 78.85.13.166
|
||
|
|
host 78.85.13.205
|
||
|
|
host 78.85.13.201
|
||
|
|
host 78.85.13.107
|
||
|
|
host 78.85.13.106
|
||
|
|
!
|
||
|
|
object-group network OBJ_SPB_KG_SPB
|
||
|
|
host 62.141.114.190
|
||
|
|
host 94.72.27.43
|
||
|
|
!
|
||
|
|
object-group network OBJ_BRANCHES
|
||
|
|
group-object OBJ_IZH_MLK_IZM
|
||
|
|
group-object OBJ_IZH_KG_P11
|
||
|
|
group-object OBJ_IZH_VST_IZM
|
||
|
|
group-object OBJ_IZH_TK_M44
|
||
|
|
group-object OBJ_IZH_TK_M48
|
||
|
|
group-object OBJ_IZH_TK_SMR
|
||
|
|
group-object OBJ_MSK_KG_MSK
|
||
|
|
group-object OBJ_GLZ_MLK_GMK
|
||
|
|
group-object OBJ_KZN_MLK_KMK
|
||
|
|
group-object OBJ_KEZ_MLK_KZS
|
||
|
|
group-object OBJ_PRM_MLK_PHK
|
||
|
|
group-object OBJ_SAR_MLK_SRM
|
||
|
|
group-object OBJ_CLB_MLK_CMK
|
||
|
|
group-object OBJ_BBN_RN_BBN
|
||
|
|
group-object OBJ_GLZ_GKZ_GKZ
|
||
|
|
group-object OBJ_KIA_RN_KIA
|
||
|
|
group-object OBJ_IZH_TZK_TZK
|
||
|
|
group-object OBJ_IZH_MK_VS17
|
||
|
|
group-object OBJ_IZH_KL_KLI
|
||
|
|
group-object OBJ_EKB_KG_EKB
|
||
|
|
group-object OBJ_IZH_KEN_VS56
|
||
|
|
group-object OBJ_IZH_VRS_IZM
|
||
|
|
group-object OBJ_GLZ_VRS_UPF
|
||
|
|
group-object OBJ_IZH_VRS_IPF
|
||
|
|
group-object OBJ_IZH_VRS_PFV
|
||
|
|
group-object OBJ_VOT_VRS_VPF
|
||
|
|
group-object OBJ_PRM_VRS_MPF
|
||
|
|
group-object OBJ_LAI_VRS_DPF
|
||
|
|
group-object OBJ_ITL_VST_ITL
|
||
|
|
group-object OBJ_MZH_VST_MZH
|
||
|
|
group-object OBJ_KIA_VST_KIA
|
||
|
|
group-object OBJ_KGB_VST_KBB
|
||
|
|
group-object OBJ_SAR_VST_SMK
|
||
|
|
group-object OBJ_KNK_VST_KMK
|
||
|
|
group-object OBJ_BBN_VST_BBN
|
||
|
|
group-object OBJ_SHM_TMA_SHM
|
||
|
|
group-object OBJ_MSB_TMA_MSB
|
||
|
|
group-object OBJ_EVL_TMA_EVL
|
||
|
|
group-object OBJ_KIB_TMA_KIB
|
||
|
|
group-object OBJ_IZH_KM_S61
|
||
|
|
group-object OBJ_YAN_GKZ_YEL
|
||
|
|
group-object OBJ_KUN_KMK_B2
|
||
|
|
group-object OBJ_KUN_KMK_H80
|
||
|
|
group-object OBJ_KUN_KMK_CH9
|
||
|
|
group-object OBJ_KGB_RN_KGB
|
||
|
|
group-object OBJ_NCH_RN_NCH
|
||
|
|
group-object OBJ_PRI_RN_PRI
|
||
|
|
group-object OBJ_URN_RN_URN
|
||
|
|
group-object OBJ_MZH_TK_TKM
|
||
|
|
group-object OBJ_GLZ_TK_TKG
|
||
|
|
group-object OBJ_IZH_TK_M21
|
||
|
|
group-object OBJ_IZH_HLA_PP
|
||
|
|
group-object OBJ_IZH_HLA_UHK
|
||
|
|
group-object OBJ_IZH_VD_VS17
|
||
|
|
group-object OBJ_IZH_KS_H17
|
||
|
|
group-object OBJ_IZH_KLS_P20
|
||
|
|
group-object OBJ_IZH_KI_VOR158
|
||
|
|
group-object OBJ_KIA_RN_TR12
|
||
|
|
group-object OBJ_KEN_KOTEL
|
||
|
|
group-object OBJ_OTHER
|
||
|
|
group-object OBJ_SPB_KG_SPB
|
||
|
|
!
|
||
|
|
object-group network OBJ_CISCOASA
|
||
|
|
host 91.240.179.62
|
||
|
|
host 91.240.179.63
|
||
|
|
host 91.240.179.64
|
||
|
|
!
|
||
|
|
object-group network OBJ_HELP-CES-KOMOS
|
||
|
|
host 91.240.179.132
|
||
|
|
host 91.240.179.133
|
||
|
|
!
|
||
|
|
object-group network OBJ_KSMG
|
||
|
|
host 91.240.179.73
|
||
|
|
host 91.240.179.74
|
||
|
|
!
|
||
|
|
object-group network OBJ_NET_BLACKLIST
|
||
|
|
host 167.160.182.20
|
||
|
|
!
|
||
|
|
object-group network OBJ_NET_CISCOASA
|
||
|
|
host 91.240.179.28
|
||
|
|
host 91.240.179.29
|
||
|
|
host 91.240.179.30
|
||
|
|
host 91.240.179.62
|
||
|
|
host 91.240.179.63
|
||
|
|
host 91.240.179.64
|
||
|
|
!
|
||
|
|
object-group network OBJ_PART_SELECTEL
|
||
|
|
host 185.137.232.142
|
||
|
|
!
|
||
|
|
object-group network OBJ_PART_HTC
|
||
|
|
host 95.213.184.82
|
||
|
|
host 185.137.232.142
|
||
|
|
host 178.208.83.31
|
||
|
|
host 37.46.131.147
|
||
|
|
host 5.227.124.141
|
||
|
|
host 195.19.101.162
|
||
|
|
host 194.150.91.170
|
||
|
|
group-object OBJ_PART_SELECTEL
|
||
|
|
!
|
||
|
|
object-group network OBJ_NET_FTP_USERS
|
||
|
|
host 87.249.244.215
|
||
|
|
host 78.85.17.101
|
||
|
|
host 78.85.37.100
|
||
|
|
host 77.245.121.45
|
||
|
|
host 89.148.228.140
|
||
|
|
host 212.33.246.21
|
||
|
|
host 84.201.247.66
|
||
|
|
host 91.210.192.253
|
||
|
|
host 78.85.24.16
|
||
|
|
host 78.85.16.19
|
||
|
|
host 78.85.17.47
|
||
|
|
host 91.210.192.180
|
||
|
|
host 194.79.33.154
|
||
|
|
host 78.85.32.117
|
||
|
|
host 212.48.53.102
|
||
|
|
host 94.181.119.163
|
||
|
|
host 146.120.104.227
|
||
|
|
host 80.76.238.38
|
||
|
|
host 77.41.138.22
|
||
|
|
91.240.179.0 255.255.255.0
|
||
|
|
host 213.87.94.94
|
||
|
|
host 78.85.28.78
|
||
|
|
host 86.109.199.218
|
||
|
|
host 178.161.170.218
|
||
|
|
host 94.181.119.90
|
||
|
|
host 78.25.80.122
|
||
|
|
host 92.55.34.57
|
||
|
|
host 176.9.88.238
|
||
|
|
host 78.85.99.241
|
||
|
|
94.138.150.0 255.255.255.0
|
||
|
|
host 194.150.90.20
|
||
|
|
host 94.51.91.50
|
||
|
|
group-object OBJ_PART_HTC
|
||
|
|
host 95.213.184.82
|
||
|
|
host 185.137.232.142
|
||
|
|
host 178.208.83.31
|
||
|
|
host 37.46.131.147
|
||
|
|
host 5.227.124.141
|
||
|
|
host 195.19.101.162
|
||
|
|
host 194.150.91.170
|
||
|
|
group-object OBJ_PART_SELECTEL
|
||
|
|
!
|
||
|
|
object-group network OBJ_PART_Goods4Cust
|
||
|
|
description Makarov N
|
||
|
|
host 109.236.69.166
|
||
|
|
host 195.209.60.66
|
||
|
|
!
|
||
|
|
object-group network OBJ_PART_HEADLINE
|
||
|
|
host 87.249.247.80
|
||
|
|
!
|
||
|
|
object-group network OBJ_PART_LOGISTIX
|
||
|
|
host 185.185.58.141
|
||
|
|
!
|
||
|
|
object-group network OBJ_PART_ROSA
|
||
|
|
description Naydenov
|
||
|
|
host 217.114.154.92
|
||
|
|
!
|
||
|
|
object-group network OBJ_SRV_IRONPORT
|
||
|
|
host 91.240.179.26
|
||
|
|
host 91.240.179.27
|
||
|
|
!
|
||
|
|
object-group network OBJ_SRV_SKYPE
|
||
|
|
host 91.240.179.37
|
||
|
|
host 91.240.179.38
|
||
|
|
host 91.240.179.39
|
||
|
|
!
|
||
|
|
object-group service OBJ_SVC_ANY_CONNECT
|
||
|
|
tcp eq 443
|
||
|
|
udp eq 443
|
||
|
|
!
|
||
|
|
object-group service OBJ_SVC_FTP
|
||
|
|
tcp eq ftp
|
||
|
|
tcp eq ftp-data
|
||
|
|
tcp range 50000 65535
|
||
|
|
!
|
||
|
|
object-group network OBJ_SVC_KSMG
|
||
|
|
host 91.240.179.73
|
||
|
|
host 91.240.179.74
|
||
|
|
!
|
||
|
|
object-group service OBJ_SVC_L2TP
|
||
|
|
udp eq isakmp
|
||
|
|
udp eq non500-isakmp
|
||
|
|
udp eq 1701
|
||
|
|
tcp eq 1701
|
||
|
|
esp
|
||
|
|
!
|
||
|
|
object-group service OBJ_SVC_SFB
|
||
|
|
tcp eq 443
|
||
|
|
tcp eq 5061
|
||
|
|
udp eq domain
|
||
|
|
udp eq 3478
|
||
|
|
!
|
||
|
|
object-group service OBJ_SVC_VIPole
|
||
|
|
udp range 3000 9000
|
||
|
|
tcp eq 37210
|
||
|
|
tcp eq 37212
|
||
|
|
tcp eq 443
|
||
|
|
!
|
||
|
|
object-group network PART_Goods4Cust
|
||
|
|
description Makarov N
|
||
|
|
host 109.236.69.166
|
||
|
|
host 195.209.60.66
|
||
|
|
!
|
||
|
|
object-group network PART_HEADLINE
|
||
|
|
description Nemtyrev
|
||
|
|
host 87.249.247.80
|
||
|
|
!
|
||
|
|
object-group network PART_PWEB
|
||
|
|
description Zayrinov
|
||
|
|
host 185.94.174.137
|
||
|
|
!
|
||
|
|
object-group network PART_ROSA
|
||
|
|
description Naydenov
|
||
|
|
host 217.114.154.92
|
||
|
|
!
|
||
|
|
object-group service SERVICE_FTP
|
||
|
|
tcp eq ftp
|
||
|
|
tcp eq ftp-data
|
||
|
|
tcp range 50000 65535
|
||
|
|
!
|
||
|
|
object-group service SERVICE_L2TP
|
||
|
|
udp eq isakmp
|
||
|
|
udp eq non500-isakmp
|
||
|
|
udp eq 1701
|
||
|
|
tcp eq 1701
|
||
|
|
esp
|
||
|
|
!
|
||
|
|
object-group service SERVICE_POSTFIX
|
||
|
|
tcp eq www
|
||
|
|
tcp eq ftp
|
||
|
|
tcp eq ftp-data
|
||
|
|
tcp range 22 telnet
|
||
|
|
tcp range 1024 65535
|
||
|
|
tcp eq 443
|
||
|
|
!
|
||
|
|
object-group network SRV_SERVICEBUS
|
||
|
|
!
|
||
|
|
object-group network SRV_SKYPE
|
||
|
|
host 91.240.179.37
|
||
|
|
host 91.240.179.38
|
||
|
|
host 91.240.179.39
|
||
|
|
!
|
||
|
|
object-group network STATIC_ISP_IP
|
||
|
|
host 62.141.96.126
|
||
|
|
host 94.25.46.122
|
||
|
|
host 91.240.179.127
|
||
|
|
!
|
||
|
|
object-group service SVC_SFB
|
||
|
|
tcp eq 443
|
||
|
|
tcp eq 5061
|
||
|
|
udp eq domain
|
||
|
|
udp eq 3478
|
||
|
|
!
|
||
|
|
object-group service SVC_VIPole
|
||
|
|
udp range 3000 9000
|
||
|
|
tcp eq 37210
|
||
|
|
tcp eq 37212
|
||
|
|
tcp eq 443
|
||
|
|
!
|
||
|
|
username netadmin privilege 15 secret 5 $1$CXvH$yxAGhCkECd7Kdck0iOAtI.
|
||
|
|
!
|
||
|
|
redundancy
|
||
|
|
bfd-template single-hop BFD-KOMOS
|
||
|
|
interval min-tx 500 min-rx 500 multiplier 3
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
crypto isakmp policy 20
|
||
|
|
encr aes 256
|
||
|
|
authentication pre-share
|
||
|
|
group 2
|
||
|
|
crypto isakmp key KGp11KuMK2021 address 94.138.150.1
|
||
|
|
crypto isakmp key KGp11KuMK2021 address 178.47.128.98
|
||
|
|
crypto isakmp key KGP11KLS2021 address 5.227.125.114
|
||
|
|
crypto isakmp key KGP11IZHVOR1582022 address 46.147.130.59
|
||
|
|
crypto isakmp key KGP11IZHVOR1582022 address 5.227.125.126
|
||
|
|
!
|
||
|
|
!
|
||
|
|
crypto ipsec transform-set TS_GREIPSEC esp-aes 256 esp-sha-hmac
|
||
|
|
mode transport require
|
||
|
|
!
|
||
|
|
crypto ipsec profile GRE_IPSEC
|
||
|
|
set transform-set TS_GREIPSEC
|
||
|
|
set pfs group2
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
interface Loopback1
|
||
|
|
ip address 91.240.179.127 255.255.255.255
|
||
|
|
!
|
||
|
|
interface Loopback111
|
||
|
|
description MGM
|
||
|
|
ip address 10.111.13.1 255.255.255.255
|
||
|
|
ip nat outside
|
||
|
|
ip virtual-reassembly in
|
||
|
|
!
|
||
|
|
interface Loopback7777
|
||
|
|
description TK5705m
|
||
|
|
no ip address
|
||
|
|
!
|
||
|
|
interface Tunnel111
|
||
|
|
description [CORE] iBGP Transit to IZM
|
||
|
|
bandwidth 200000
|
||
|
|
ip address 172.30.32.22 255.255.255.252
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
ip mtu 1400
|
||
|
|
ip tcp adjust-mss 1360
|
||
|
|
ip ospf mtu-ignore
|
||
|
|
keepalive 10 3
|
||
|
|
bfd template BFD-KOMOS
|
||
|
|
tunnel source Port-channel1.100
|
||
|
|
tunnel destination 10.4.254.251
|
||
|
|
!
|
||
|
|
interface Tunnel201
|
||
|
|
description IZH-KI-VOR158-RT-1-1
|
||
|
|
ip address 10.1.50.5 255.255.255.252
|
||
|
|
no ip redirects
|
||
|
|
ip mtu 1400
|
||
|
|
ip tcp adjust-mss 1360
|
||
|
|
keepalive 10 3
|
||
|
|
bfd interval 300 min_rx 300 multiplier 3
|
||
|
|
tunnel source Loopback1
|
||
|
|
tunnel destination 46.147.130.59
|
||
|
|
tunnel protection ipsec profile GRE_IPSEC
|
||
|
|
!
|
||
|
|
interface Tunnel202
|
||
|
|
description IZH-KI-VOR158-RT-1-2
|
||
|
|
ip address 10.1.50.9 255.255.255.252
|
||
|
|
no ip redirects
|
||
|
|
ip mtu 1400
|
||
|
|
ip tcp adjust-mss 1360
|
||
|
|
keepalive 10 3
|
||
|
|
bfd interval 300 min_rx 300 multiplier 3
|
||
|
|
tunnel source Loopback1
|
||
|
|
tunnel destination 5.227.125.126
|
||
|
|
tunnel protection ipsec profile GRE_IPSEC
|
||
|
|
!
|
||
|
|
interface Port-channel1
|
||
|
|
description [CORE] SW-1-2
|
||
|
|
no ip address
|
||
|
|
hold-queue 150 in
|
||
|
|
!
|
||
|
|
interface Port-channel1.100
|
||
|
|
description REMOTE_MGMT
|
||
|
|
encapsulation dot1Q 100
|
||
|
|
ip address 10.1.1.2 255.255.255.0
|
||
|
|
ip flow ingress
|
||
|
|
ip flow egress
|
||
|
|
!
|
||
|
|
interface Port-channel1.551
|
||
|
|
description --TRANSIT_HSRP--
|
||
|
|
encapsulation dot1Q 551
|
||
|
|
ip address 10.1.239.18 255.255.255.240
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
ip flow ingress
|
||
|
|
ip flow egress
|
||
|
|
ip nat inside
|
||
|
|
ip virtual-reassembly in max-fragments 64 max-reassemblies 1024
|
||
|
|
!
|
||
|
|
interface Port-channel1.556
|
||
|
|
description iBGP KOMOS_AS over ER-Telecom
|
||
|
|
encapsulation dot1Q 556
|
||
|
|
ip address 172.30.32.14 255.255.255.252
|
||
|
|
ip nat outside
|
||
|
|
ip virtual-reassembly in
|
||
|
|
bfd template BFD-KOMOS
|
||
|
|
!
|
||
|
|
interface Port-channel1.557
|
||
|
|
description iBGP KOMOS_AS over MTS
|
||
|
|
encapsulation dot1Q 557
|
||
|
|
ip address 172.30.32.18 255.255.255.252
|
||
|
|
ip nat outside
|
||
|
|
ip virtual-reassembly in
|
||
|
|
bfd template BFD-KOMOS
|
||
|
|
!
|
||
|
|
interface Port-channel1.598
|
||
|
|
description --BGP_KG_COD_TRANSIT--
|
||
|
|
encapsulation dot1Q 598
|
||
|
|
ip address 172.30.30.44 255.255.255.240
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
ip flow ingress
|
||
|
|
ip flow egress
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/0
|
||
|
|
description [ISP-100M] BEELINE
|
||
|
|
bandwidth 100000
|
||
|
|
ip address 62.141.96.126 255.255.255.252
|
||
|
|
ip access-group ACL_FW_IN in
|
||
|
|
no ip proxy-arp
|
||
|
|
ip nat outside
|
||
|
|
ip inspect Internet out
|
||
|
|
ip virtual-reassembly in
|
||
|
|
ip virtual-reassembly out max-reassemblies 24
|
||
|
|
duplex auto
|
||
|
|
speed auto
|
||
|
|
no cdp enable
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/1
|
||
|
|
description [ISP-200M] ROSTELECOM
|
||
|
|
bandwidth 100000
|
||
|
|
ip address 94.25.46.122 255.255.255.252
|
||
|
|
ip access-group ACL_FW_IN in
|
||
|
|
no ip proxy-arp
|
||
|
|
ip nat outside
|
||
|
|
ip inspect Internet out
|
||
|
|
ip virtual-reassembly in
|
||
|
|
ip virtual-reassembly out max-reassemblies 24
|
||
|
|
duplex auto
|
||
|
|
speed auto
|
||
|
|
no cdp enable
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/2
|
||
|
|
bandwidth 100000
|
||
|
|
no ip address
|
||
|
|
duplex auto
|
||
|
|
speed 1000
|
||
|
|
channel-group 1
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/3
|
||
|
|
no ip address
|
||
|
|
duplex auto
|
||
|
|
speed 1000
|
||
|
|
channel-group 1
|
||
|
|
!
|
||
|
|
router ospf 111
|
||
|
|
router-id 10.111.13.1
|
||
|
|
auto-cost reference-bandwidth 10000
|
||
|
|
passive-interface default
|
||
|
|
no passive-interface Port-channel1.556
|
||
|
|
no passive-interface Port-channel1.557
|
||
|
|
no passive-interface Tunnel111
|
||
|
|
network 10.111.13.1 0.0.0.0 area 0
|
||
|
|
network 172.30.32.0 0.0.0.255 area 0
|
||
|
|
bfd all-interfaces
|
||
|
|
!
|
||
|
|
router bgp 199014
|
||
|
|
bgp log-neighbor-changes
|
||
|
|
neighbor PG_IZH-KI-VOR158 peer-group
|
||
|
|
neighbor PG_IZH-KI-VOR158 remote-as 64555
|
||
|
|
neighbor PG_IZH-KI-VOR158 local-as 64513 no-prepend replace-as
|
||
|
|
neighbor PG_KOMOS_AS peer-group
|
||
|
|
neighbor PG_KOMOS_AS remote-as 199014
|
||
|
|
neighbor PG_KOMOS_AS description iBGP to IZM
|
||
|
|
neighbor 10.1.50.2 remote-as 65504
|
||
|
|
neighbor 10.1.50.2 local-as 64513 no-prepend replace-as
|
||
|
|
neighbor 10.1.50.2 description KGR-KUMK-KUMK
|
||
|
|
neighbor 10.1.50.6 peer-group PG_IZH-KI-VOR158
|
||
|
|
neighbor 10.1.50.10 peer-group PG_IZH-KI-VOR158
|
||
|
|
neighbor 10.111.12.1 remote-as 199014
|
||
|
|
neighbor 10.111.12.1 description iBGP to IZM
|
||
|
|
neighbor 10.111.12.1 update-source Loopback111
|
||
|
|
neighbor 62.141.96.125 remote-as 3216
|
||
|
|
neighbor 94.25.46.121 remote-as 12389
|
||
|
|
neighbor 172.30.30.46 remote-as 64513
|
||
|
|
neighbor 172.30.30.46 description --BGP_WITH_6500--
|
||
|
|
neighbor 172.30.31.2 remote-as 65505
|
||
|
|
neighbor 172.30.31.2 local-as 64513 no-prepend replace-as
|
||
|
|
!
|
||
|
|
address-family ipv4
|
||
|
|
network 10.1.50.4 mask 255.255.255.252
|
||
|
|
network 10.1.50.8 mask 255.255.255.252
|
||
|
|
network 62.141.96.124 mask 255.255.255.252
|
||
|
|
network 91.240.179.0 mask 255.255.255.128
|
||
|
|
network 91.240.179.0 mask 255.255.255.0
|
||
|
|
network 91.240.179.0 route-map SET-COMMUNITY
|
||
|
|
network 94.25.46.120 mask 255.255.255.252
|
||
|
|
neighbor PG_IZH-KI-VOR158 next-hop-self
|
||
|
|
neighbor PG_IZH-KI-VOR158 soft-reconfiguration inbound
|
||
|
|
neighbor PG_IZH-KI-VOR158 route-map RM_TO_IZH-KI-VOR158 out
|
||
|
|
neighbor PG_KOMOS_AS route-map RM_KOMOS_AS in
|
||
|
|
neighbor PG_KOMOS_AS route-map RM_KOMOS_AS out
|
||
|
|
neighbor 10.1.50.2 activate
|
||
|
|
neighbor 10.1.50.2 route-map RM_FROM_KUMK in
|
||
|
|
neighbor 10.1.50.2 route-map RM_TO_KUMK out
|
||
|
|
neighbor 10.1.50.6 activate
|
||
|
|
neighbor 10.1.50.10 activate
|
||
|
|
neighbor 10.111.12.1 activate
|
||
|
|
neighbor 10.111.12.1 next-hop-self all
|
||
|
|
neighbor 10.111.12.1 route-map RM_KOMOS_AS in
|
||
|
|
neighbor 10.111.12.1 route-map RM_KOMOS_AS out
|
||
|
|
neighbor 62.141.96.125 activate
|
||
|
|
neighbor 62.141.96.125 weight 110
|
||
|
|
neighbor 62.141.96.125 prefix-list TO-BEELINE out
|
||
|
|
neighbor 62.141.96.125 route-map UPLINK-in in
|
||
|
|
neighbor 94.25.46.121 activate
|
||
|
|
neighbor 94.25.46.121 weight 130
|
||
|
|
neighbor 94.25.46.121 prefix-list TO-ROSTELECOM out
|
||
|
|
neighbor 94.25.46.121 route-map UPLINK-in in
|
||
|
|
neighbor 172.30.30.46 activate
|
||
|
|
neighbor 172.30.30.46 next-hop-self all
|
||
|
|
neighbor 172.30.30.46 soft-reconfiguration inbound
|
||
|
|
neighbor 172.30.30.46 route-map RM_LOCAL_IN in
|
||
|
|
neighbor 172.30.30.46 route-map RM_LOCAL_OUT out
|
||
|
|
neighbor 172.30.31.2 activate
|
||
|
|
neighbor 172.30.31.2 route-map RM_FROM_KUMK in
|
||
|
|
neighbor 172.30.31.2 route-map RM_TO_KUMK out
|
||
|
|
exit-address-family
|
||
|
|
!
|
||
|
|
address-family ipv4 multicast
|
||
|
|
exit-address-family
|
||
|
|
!
|
||
|
|
ip forward-protocol nd
|
||
|
|
!
|
||
|
|
ip community-list standard MTS permit 2556024535
|
||
|
|
no ip http server
|
||
|
|
ip http authentication local
|
||
|
|
no ip http secure-server
|
||
|
|
ip flow-export source Port-channel1.100
|
||
|
|
ip flow-export version 5
|
||
|
|
ip flow-export destination 10.4.0.215 9995
|
||
|
|
ip flow-export destination 10.4.0.217 9995
|
||
|
|
ip flow-top-talkers
|
||
|
|
top 10
|
||
|
|
sort-by bytes
|
||
|
|
cache-timeout 20000
|
||
|
|
!
|
||
|
|
ip tftp source-interface Port-channel1.100
|
||
|
|
ip nat translation timeout 450
|
||
|
|
ip nat translation tcp-timeout 300
|
||
|
|
ip nat translation pptp-timeout 1800
|
||
|
|
ip nat translation udp-timeout 310
|
||
|
|
ip nat translation dns-timeout 5
|
||
|
|
ip nat translation port-timeout tcp 110 60
|
||
|
|
ip nat translation port-timeout tcp 25 60
|
||
|
|
ip nat translation port-timeout tcp 80 300
|
||
|
|
ip nat translation port-timeout tcp 443 300
|
||
|
|
ip nat translation max-entries all-host 400
|
||
|
|
ip nat translation max-entries host 192.168.1.100 1000
|
||
|
|
ip nat translation max-entries host 192.168.2.100 1000
|
||
|
|
ip nat translation max-entries list 22 150
|
||
|
|
ip nat translation max-entries host 10.1.12.66 3000
|
||
|
|
ip nat translation max-entries host 192.168.1.21 1000
|
||
|
|
ip nat translation max-entries host 10.1.122.227 5000
|
||
|
|
ip nat translation max-entries host 10.1.19.250 1000
|
||
|
|
ip nat pool KG-1 91.240.179.50 91.240.179.54 netmask 255.255.255.0
|
||
|
|
ip nat pool KG-GUEST 91.240.179.55 91.240.179.55 netmask 255.255.255.0
|
||
|
|
ip nat pool POOL_MAIL_MILKOM 91.240.179.129 91.240.179.129 netmask 255.255.255.252
|
||
|
|
ip nat pool POOL_MAIL_MILKOM_2 91.240.179.70 91.240.179.70 netmask 255.255.255.252
|
||
|
|
ip nat pool POOL_HELP_KOMOS 91.240.179.131 91.240.179.131 netmask 255.255.255.0
|
||
|
|
ip nat pool KAZNACH_RESTRICT 91.240.179.88 91.240.179.88 netmask 255.255.255.0
|
||
|
|
ip nat pool POOL_OIB 91.240.179.35 91.240.179.35 netmask 255.255.255.0
|
||
|
|
ip nat inside source list ACL_KAZNACH_RESTRICT pool KAZNACH_RESTRICT overload
|
||
|
|
ip nat inside source list ACL_NAT_OIB pool POOL_OIB overload
|
||
|
|
ip nat inside source route-map RM_NAT_GLOBAL_OVERLOAD pool KG-1 overload no-payload
|
||
|
|
ip nat inside source route-map RM_NAT_HELP_KOMOS pool POOL_HELP_KOMOS overload
|
||
|
|
ip nat inside source route-map RM_NAT_MAIL_MILKOM pool POOL_MAIL_MILKOM overload
|
||
|
|
ip nat inside source route-map RM_NAT_MAIL_MILKOM_2 pool POOL_MAIL_MILKOM_2 overload
|
||
|
|
ip nat inside source route-map RM_NAT_WIRELESS pool KG-GUEST overload no-payload
|
||
|
|
ip nat inside source static udp 192.168.2.25 514 91.240.179.1 514 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.56 3389 91.240.179.1 3389 extendable
|
||
|
|
ip nat inside source static udp 10.1.12.29 3478 91.240.179.1 3478 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.56 5060 91.240.179.1 5060 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.29 8080 91.240.179.1 8080 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.38 9000 91.240.179.1 9000 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.80 1433 91.240.179.2 1433 extendable
|
||
|
|
ip nat inside source static tcp 192.168.3.143 3389 91.240.179.2 3389 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.209 3389 91.240.179.2 3391 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.101 3389 91.240.179.2 3392 extendable
|
||
|
|
ip nat inside source static tcp 10.1.8.15 3389 91.240.179.2 3394 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.35 3389 91.240.179.3 3389 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.19 3389 91.240.179.4 3389 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.72 443 91.240.179.5 443 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.72 2195 91.240.179.5 2195 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.72 2196 91.240.179.5 2196 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.72 5223 91.240.179.5 5223 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.34 3389 91.240.179.6 3389 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.9 80 91.240.179.7 80 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.9 3389 91.240.179.7 3389 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.66 80 91.240.179.8 80 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.66 443 91.240.179.8 443 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.66 22 91.240.179.8 2109 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.66 8893 91.240.179.8 8893 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.66 8894 91.240.179.8 8894 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.21 3389 91.240.179.10 3389 extendable
|
||
|
|
ip nat inside source static 192.168.2.131 91.240.179.12
|
||
|
|
ip nat inside source static tcp 192.168.2.3 1433 91.240.179.16 1433 extendable
|
||
|
|
ip nat inside source static 192.168.2.100 91.240.179.17
|
||
|
|
ip nat inside source static 192.168.1.81 91.240.179.18
|
||
|
|
ip nat inside source static 192.168.2.55 91.240.179.19
|
||
|
|
ip nat inside source static tcp 192.168.2.15 1433 91.240.179.21 1433 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.13 1433 91.240.179.22 1433 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.27 3389 91.240.179.23 3389 extendable
|
||
|
|
ip nat inside source static 10.1.24.3 91.240.179.31 no-payload
|
||
|
|
ip nat inside source static tcp 192.168.2.185 80 91.240.179.33 80 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.185 3389 91.240.179.33 3389 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.90 8080 91.240.179.34 8080 extendable
|
||
|
|
ip nat inside source static tcp 10.4.38.2 443 91.240.179.36 443 extendable
|
||
|
|
ip nat inside source static 10.4.38.2 91.240.179.36
|
||
|
|
ip nat inside source static 192.168.2.94 91.240.179.42
|
||
|
|
ip nat inside source static 192.168.2.33 91.240.179.43
|
||
|
|
ip nat inside source static 192.168.2.39 91.240.179.44
|
||
|
|
ip nat inside source static tcp 10.1.12.68 80 91.240.179.46 80 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.68 443 91.240.179.46 443 extendable
|
||
|
|
ip nat inside source static 10.4.38.1 91.240.179.48
|
||
|
|
ip nat inside source static tcp 192.168.2.88 3389 91.240.179.49 3391 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.88 8080 91.240.179.49 8080 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.88 9099 91.240.179.49 9099 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.88 9500 91.240.179.49 9500 extendable
|
||
|
|
ip nat inside source static 10.1.12.2 91.240.179.57
|
||
|
|
ip nat inside source static 192.168.3.233 91.240.179.58
|
||
|
|
ip nat inside source static tcp 192.168.2.45 3389 91.240.179.68 3389 extendable
|
||
|
|
ip nat inside source static tcp 192.168.2.45 5061 91.240.179.68 5060 extendable
|
||
|
|
ip nat inside source static 10.1.123.8 91.240.179.70
|
||
|
|
ip nat inside source static tcp 10.4.0.45 443 91.240.179.72 443 extendable
|
||
|
|
ip nat inside source static 10.4.38.21 91.240.179.73
|
||
|
|
ip nat inside source static 10.4.38.22 91.240.179.74
|
||
|
|
ip nat inside source static 10.4.7.6 91.240.179.129
|
||
|
|
ip nat inside source static tcp 10.4.0.184 80 91.240.179.131 80 extendable
|
||
|
|
ip nat inside source static tcp 10.4.0.184 443 91.240.179.131 443 extendable
|
||
|
|
ip nat inside source static tcp 10.4.0.184 2013 91.240.179.131 2013 extendable
|
||
|
|
ip nat inside source static 10.4.0.120 91.240.179.133
|
||
|
|
ip nat inside source static tcp 192.168.3.64 3389 91.240.179.178 4477 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.1 80 91.240.179.251 80 extendable
|
||
|
|
ip nat inside source static tcp 10.1.12.1 443 91.240.179.251 443 extendable
|
||
|
|
ip route 10.1.12.70 255.255.255.255 10.1.239.22 100 name --DMZ_1--
|
||
|
|
ip route 10.111.0.11 255.255.255.255 172.30.30.46 name LO_IZM-RT-1-1
|
||
|
|
ip route 91.240.179.0 255.255.255.0 Null0 254 name KOMOS_PI
|
||
|
|
ip route 91.240.179.254 255.255.255.255 172.30.30.46 name Lo11_SW-1-1
|
||
|
|
ip ssh version 2
|
||
|
|
!
|
||
|
|
ip access-list standard ACL_ACCESS_NET
|
||
|
|
deny 10.1.122.17
|
||
|
|
deny 10.1.122.19
|
||
|
|
deny 10.1.123.1
|
||
|
|
deny 10.1.123.2
|
||
|
|
deny 10.1.123.3
|
||
|
|
deny 10.1.123.4
|
||
|
|
deny 10.1.123.5
|
||
|
|
deny 10.1.123.6
|
||
|
|
deny 10.1.123.7
|
||
|
|
deny 10.1.123.8
|
||
|
|
deny 10.1.123.9
|
||
|
|
permit 192.168.0.0 0.0.3.255
|
||
|
|
permit 10.1.19.0 0.0.0.255
|
||
|
|
permit 10.1.4.0 0.0.3.255
|
||
|
|
permit 10.1.20.0 0.0.3.255
|
||
|
|
permit 10.1.28.0 0.0.0.255
|
||
|
|
permit 10.1.8.0 0.0.1.255
|
||
|
|
permit 10.1.26.0 0.0.0.255
|
||
|
|
permit 10.1.27.0 0.0.0.255
|
||
|
|
permit 10.1.122.0 0.0.0.255
|
||
|
|
permit 10.1.123.0 0.0.0.255
|
||
|
|
permit 10.1.2.0 0.0.1.255
|
||
|
|
permit 10.1.249.0 0.0.0.63
|
||
|
|
permit 10.1.31.0 0.0.0.255
|
||
|
|
permit 10.1.32.0 0.0.0.255
|
||
|
|
permit 10.1.39.0 0.0.0.255
|
||
|
|
ip access-list standard ACL_DMZ_1_NET
|
||
|
|
permit 10.1.12.64 0.0.0.31
|
||
|
|
ip access-list standard ACL_DMZ_NET
|
||
|
|
permit 10.1.18.0 0.0.0.255
|
||
|
|
permit 10.1.12.0 0.0.0.63
|
||
|
|
ip access-list standard ACL_KAZNACH_RESTRICT
|
||
|
|
permit 10.1.55.0 0.0.0.255
|
||
|
|
ip access-list standard ACL_NAT_ASAv
|
||
|
|
permit 10.1.1.108
|
||
|
|
permit 10.1.1.109
|
||
|
|
ip access-list standard ACL_NAT_HELP_KOMOS
|
||
|
|
permit 10.4.0.184
|
||
|
|
ip access-list standard ACL_NAT_MAIL_MILKOM
|
||
|
|
permit 10.4.7.0 0.0.0.7
|
||
|
|
ip access-list standard ACL_NAT_MAIL_MILKOM_2
|
||
|
|
permit 10.1.123.1
|
||
|
|
permit 10.1.123.2
|
||
|
|
permit 10.1.123.3
|
||
|
|
permit 10.1.123.4
|
||
|
|
permit 10.1.123.5
|
||
|
|
permit 10.1.123.6
|
||
|
|
permit 10.1.123.7
|
||
|
|
permit 10.1.123.8
|
||
|
|
permit 10.1.123.9
|
||
|
|
ip access-list standard ACL_NAT_MK
|
||
|
|
permit 10.14.30.0 0.0.0.255
|
||
|
|
permit 10.14.26.0 0.0.0.255
|
||
|
|
ip access-list standard ACL_NAT_OIB
|
||
|
|
permit 10.1.8.7
|
||
|
|
ip access-list standard ACL_WIRELESS_NET
|
||
|
|
permit 10.1.13.0 0.0.0.255
|
||
|
|
permit 10.1.34.0 0.0.1.255
|
||
|
|
permit 10.1.38.0 0.0.0.255
|
||
|
|
!
|
||
|
|
ip access-list extended ACL_FROM_KUMK
|
||
|
|
deny tcp any any eq 445
|
||
|
|
permit ip any 10.12.0.0 0.0.255.255
|
||
|
|
permit ip host 10.1.50.2 host 10.1.50.1
|
||
|
|
permit icmp 10.12.1.0 0.0.0.255 any
|
||
|
|
permit icmp 10.12.0.0 0.0.0.255 any
|
||
|
|
permit ip 10.12.1.0 0.0.0.255 host 10.1.9.207
|
||
|
|
permit ip 10.12.1.0 0.0.0.255 host 192.168.8.137
|
||
|
|
permit ip 10.12.1.0 0.0.0.255 host 10.4.0.43
|
||
|
|
permit ip 10.12.0.0 0.0.0.255 host 10.4.0.214
|
||
|
|
permit ip host 10.12.0.254 any
|
||
|
|
permit ip 10.12.0.0 0.0.127.255 10.12.252.0 0.0.3.255
|
||
|
|
permit ip 10.12.252.0 0.0.3.255 10.12.0.0 0.0.127.255
|
||
|
|
permit ip host 172.30.31.2 host 172.30.31.1
|
||
|
|
permit ip host 10.12.252.254 any
|
||
|
|
permit tcp any any eq domain
|
||
|
|
permit udp any any eq domain
|
||
|
|
permit ip any host 10.1.8.14
|
||
|
|
permit icmp any any
|
||
|
|
permit ip any host 10.1.9.207
|
||
|
|
permit ip any host 10.4.0.214
|
||
|
|
permit ip 10.12.4.0 0.0.0.255 any
|
||
|
|
permit ip 10.12.1.0 0.0.0.255 host 10.4.0.14
|
||
|
|
permit ip 10.12.1.0 0.0.0.255 host 10.4.0.15
|
||
|
|
permit ip any host 10.4.0.15
|
||
|
|
permit ip any host 10.4.0.14
|
||
|
|
permit tcp any any eq 8291
|
||
|
|
ip access-list extended ACL_FW_IN
|
||
|
|
permit icmp any any
|
||
|
|
permit tcp any object-group STATIC_ISP_IP eq bgp
|
||
|
|
permit ip object-group OBJ_BRANCHES 91.240.179.0 0.0.0.255
|
||
|
|
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
|
||
|
|
deny tcp any object-group STATIC_ISP_IP eq 22
|
||
|
|
deny ip object-group OBJ_NET_BLACKLIST any
|
||
|
|
permit tcp any host 91.240.179.1 eq 443 2109 3000 8080 9000 9090
|
||
|
|
permit udp any host 91.240.179.1 eq 3478 syslog
|
||
|
|
permit tcp any host 91.240.179.5 eq 82 www 443 1433 2195 2196 5223
|
||
|
|
permit tcp any host 91.240.179.11 eq domain
|
||
|
|
permit udp any host 91.240.179.11 eq domain
|
||
|
|
permit tcp any host 91.240.179.20 eq 443
|
||
|
|
permit udp any host 91.240.179.28 eq non500-isakmp isakmp
|
||
|
|
permit tcp any host 91.240.179.31 eq 7789
|
||
|
|
permit tcp any host 91.240.179.36 eq www 443
|
||
|
|
permit tcp any host 91.240.179.40 eq 443
|
||
|
|
permit tcp any host 91.240.179.48 eq www 443
|
||
|
|
permit tcp any host 91.240.179.49 eq 8080 9099
|
||
|
|
permit tcp any host 91.240.179.57 eq www 443 8082 10001 12001
|
||
|
|
permit tcp any host 91.240.179.66 eq 443 pop3 www
|
||
|
|
permit tcp any host 91.240.179.68 eq 5060
|
||
|
|
permit tcp any host 91.240.179.70 eq smtp www pop3 143 443 587 993 995
|
||
|
|
permit tcp any host 91.240.179.129 eq smtp www pop3 143 443 587 993 995
|
||
|
|
permit tcp any host 91.240.179.178 eq 4477
|
||
|
|
permit tcp any host 91.240.179.251 eq www 443
|
||
|
|
permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.2 eq 1433
|
||
|
|
permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.5 eq 3395 5671 5672 15672
|
||
|
|
permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.1 eq 3389
|
||
|
|
permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.49 eq 3391
|
||
|
|
permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.68 eq 3389
|
||
|
|
permit tcp object-group OBJ_PART_ROSA host 91.240.179.131 eq www 443
|
||
|
|
permit tcp object-group OBJ_PART_HTC host 91.240.179.71
|
||
|
|
permit object-group OBJ_SVC_VIPole any host 91.240.179.32
|
||
|
|
permit object-group OBJ_SVC_SFB any object-group OBJ_SRV_SKYPE
|
||
|
|
permit object-group OBJ_SVC_ANY_CONNECT any object-group OBJ_NET_CISCOASA
|
||
|
|
permit object-group OBJ_SVC_L2TP any host 91.240.179.28
|
||
|
|
permit object-group OBJ_SVC_FTP object-group OBJ_NET_FTP_USERS host 91.240.179.71
|
||
|
|
permit tcp any object-group OBJ_SVC_KSMG eq smtp
|
||
|
|
permit tcp any object-group OBJ_SRV_IRONPORT eq smtp
|
||
|
|
ip access-list extended ACL_VTY
|
||
|
|
permit ip 10.1.0.0 0.0.255.255 any
|
||
|
|
permit ip 10.4.0.0 0.0.255.255 any
|
||
|
|
permit ip 10.14.112.0 0.0.15.255 any
|
||
|
|
deny ip any any log
|
||
|
|
ip access-list extended FIREWALL
|
||
|
|
deny tcp any object-group STATIC_ISP_IP eq 22
|
||
|
|
permit tcp any host 91.240.179.31 eq 7789
|
||
|
|
permit ip any host 91.240.179.35
|
||
|
|
permit tcp 17.0.0.0 0.0.0.255 91.240.179.0 0.0.0.255 eq 5223
|
||
|
|
permit tcp any host 91.240.179.36 eq www 443
|
||
|
|
permit tcp any host 91.240.179.20 eq 443
|
||
|
|
permit tcp any host 91.240.179.48 eq www 443
|
||
|
|
permit tcp any host 91.240.179.11 eq domain
|
||
|
|
permit udp any host 91.240.179.11 eq domain
|
||
|
|
permit ip 17.0.0.0 0.0.0.255 91.240.179.0 0.0.0.255
|
||
|
|
permit ip object-group OBJ_BRANCHES 91.240.179.0 0.0.0.255
|
||
|
|
permit udp any host 91.240.179.28 eq isakmp
|
||
|
|
permit udp any host 91.240.179.28 eq non500-isakmp
|
||
|
|
deny ip object-group NET_BLACKLIST any
|
||
|
|
permit tcp any host 91.240.179.5 eq www 443 1433 2195 2196 5223
|
||
|
|
permit tcp object-group PART_ROSA host 91.240.179.131 eq www 443
|
||
|
|
permit object-group SVC_VIPole any host 91.240.179.32
|
||
|
|
permit tcp object-group PART_Goods4Cust host 91.240.179.5 eq 3395 5671 5672 15672
|
||
|
|
permit tcp object-group PART_Goods4Cust host 91.240.179.2 eq 1433
|
||
|
|
permit gre any host 91.240.179.55
|
||
|
|
permit tcp any host 91.240.179.49 eq 8080
|
||
|
|
permit tcp any host 91.240.179.49 eq 9099
|
||
|
|
permit tcp object-group PART_HEADLINE host 91.240.179.49 eq 3391
|
||
|
|
permit tcp any host 91.240.179.1 eq 443
|
||
|
|
permit tcp any host 91.240.179.1 eq 3000
|
||
|
|
permit tcp any host 91.240.179.5 eq 82
|
||
|
|
permit tcp any host 91.240.179.1 eq 8080
|
||
|
|
permit tcp any host 91.240.179.1 eq 9090
|
||
|
|
permit tcp object-group PART_HEADLINE host 91.240.179.68 eq 3389
|
||
|
|
permit tcp object-group PART_HEADLINE host 91.240.179.1 eq 3389
|
||
|
|
permit object-group SVC_SFB any object-group SRV_SKYPE
|
||
|
|
permit tcp any host 91.240.179.40 eq 443
|
||
|
|
permit ip host 178.47.128.98 host 91.240.179.254
|
||
|
|
permit gre object-group GRE_TUNNEL host 91.240.179.254
|
||
|
|
permit udp object-group GRE_TUNNEL host 91.240.179.254 eq isakmp
|
||
|
|
permit ip host 94.138.150.1 host 91.240.179.254
|
||
|
|
permit ip object-group GRE_TUNNEL host 91.240.179.127
|
||
|
|
permit tcp any host 91.240.179.70 eq smtp www pop3 143 443 587 993 995
|
||
|
|
deny tcp any host 91.240.179.70 eq 3389
|
||
|
|
permit tcp any host 91.240.179.129 eq smtp www pop3 143 443 587 993 995
|
||
|
|
permit tcp any host 91.240.179.66 eq 443
|
||
|
|
permit tcp any host 91.240.179.66 eq pop3
|
||
|
|
permit tcp any host 91.240.179.66 eq www
|
||
|
|
deny tcp any host 91.240.179.66 eq 3389
|
||
|
|
permit tcp any host 91.240.179.57 eq www 443 8082 10001 12001
|
||
|
|
permit ip any host 91.240.179.85
|
||
|
|
permit udp any host 91.240.179.1 eq 3478
|
||
|
|
permit object-group ANY_CONNECT any host 91.240.179.28
|
||
|
|
permit object-group L2TP any host 91.240.179.28
|
||
|
|
permit object-group ANY_CONNECT any host 91.240.179.29
|
||
|
|
permit object-group ANY_CONNECT any host 91.240.179.30
|
||
|
|
permit udp any host 91.240.179.1 eq syslog
|
||
|
|
permit icmp any any
|
||
|
|
permit tcp any host 91.240.179.178 eq 4477
|
||
|
|
permit udp any eq ntp any
|
||
|
|
permit tcp any host 91.240.179.1 eq 9000
|
||
|
|
permit tcp any host 91.240.179.251 eq www
|
||
|
|
permit tcp any host 91.240.179.251 eq 443
|
||
|
|
permit tcp any host 91.240.179.1 eq 2109
|
||
|
|
permit tcp any any eq bgp
|
||
|
|
permit tcp any host 91.240.179.68 eq 5060
|
||
|
|
permit tcp any object-group IRONPORT_SERVERS eq smtp
|
||
|
|
permit ip host 178.208.83.31 host 91.240.179.71
|
||
|
|
permit object-group SERVICE_FTP object-group FTP_USERS host 91.240.179.71
|
||
|
|
permit object-group SERVICE_L2TP any host 91.240.179.128
|
||
|
|
deny tcp any 91.240.179.0 0.0.0.31 eq 3389
|
||
|
|
permit object-group ANY_CONNECT any object-group OBJ_CISCOASA
|
||
|
|
permit tcp any object-group OBJ_KSMG eq smtp
|
||
|
|
!
|
||
|
|
!
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 5 deny 0.0.0.0/8 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 10 deny 10.0.0.0/8 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 15 deny 100.64.0.0/10 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 20 deny 127.0.0.0/8 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 25 deny 169.254.0.0/16 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 30 deny 172.16.0.0/12 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 35 deny 192.0.0.0/24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 40 deny 192.0.2.0/24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 45 deny 192.168.0.0/16 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 50 deny 198.18.0.0/15 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 55 deny 198.51.100.0/24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 60 deny 203.0.113.0/24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 65 deny 240.0.0.0/4 le 24
|
||
|
|
ip prefix-list Deny_Reserved_Net seq 100 permit 0.0.0.0/0 le 22
|
||
|
|
!
|
||
|
|
ip prefix-list PFL_ROUTE_FROM_MLK seq 10 permit 10.4.0.0/14 le 24
|
||
|
|
ip prefix-list PFL_ROUTE_FROM_MLK seq 20 permit 192.168.0.0/16
|
||
|
|
ip prefix-list PFL_ROUTE_FROM_MLK seq 30 permit 172.17.100.0/29
|
||
|
|
ip prefix-list PFL_ROUTE_FROM_MLK seq 40 permit 172.31.31.0/24
|
||
|
|
ip prefix-list PFL_ROUTE_FROM_MLK seq 50 permit 172.31.35.0/24
|
||
|
|
!
|
||
|
|
ip prefix-list PFL_TO_6500 seq 5 permit 10.12.252.0/22
|
||
|
|
ip prefix-list PFL_TO_6500 seq 10 permit 10.12.0.0/17
|
||
|
|
ip prefix-list PFL_TO_6500 seq 15 permit 10.14.112.0/20 le 32
|
||
|
|
ip prefix-list PFL_TO_6500 seq 20 permit 10.1.50.0/24 le 30
|
||
|
|
ip prefix-list PFL_TO_6500 seq 25 permit 10.111.0.21/32
|
||
|
|
ip prefix-list PFL_TO_6500 seq 100 deny 0.0.0.0/0 le 32
|
||
|
|
!
|
||
|
|
ip prefix-list PL_FROM_KLS seq 10 permit 10.14.100.0/22
|
||
|
|
!
|
||
|
|
ip prefix-list PL_FROM_KUMK seq 5 permit 10.12.0.0/16 le 24
|
||
|
|
ip prefix-list PL_FROM_KUMK seq 10 permit 10.12.252.0/22
|
||
|
|
!
|
||
|
|
ip prefix-list PL_KOMOS_AS seq 5 permit 0.0.0.0/0
|
||
|
|
ip prefix-list PL_KOMOS_AS seq 10 permit 91.240.179.0/24 le 32
|
||
|
|
!
|
||
|
|
ip prefix-list PL_LOCAL_IN seq 5 deny 0.0.0.0/0
|
||
|
|
ip prefix-list PL_LOCAL_IN seq 10 permit 10.0.0.0/8 le 32
|
||
|
|
ip prefix-list PL_LOCAL_IN seq 15 permit 192.168.0.0/16 le 32
|
||
|
|
ip prefix-list PL_LOCAL_IN seq 20 permit 172.16.0.0/12 le 32
|
||
|
|
ip prefix-list PL_LOCAL_IN seq 25 permit 91.240.179.0/24 ge 32
|
||
|
|
!
|
||
|
|
ip prefix-list PL_LOCAL_OUT seq 10 permit 10.0.0.0/8 le 32
|
||
|
|
ip prefix-list PL_LOCAL_OUT seq 15 permit 192.168.0.0/16 le 32
|
||
|
|
ip prefix-list PL_LOCAL_OUT seq 20 permit 172.16.0.0/12 le 32
|
||
|
|
ip prefix-list PL_LOCAL_OUT seq 25 permit 91.240.179.0/24 ge 32
|
||
|
|
!
|
||
|
|
ip prefix-list PL_TO_IZH-KI-VOR158 seq 5 permit 10.0.0.0/8 le 24
|
||
|
|
ip prefix-list PL_TO_IZH-KI-VOR158 seq 10 permit 192.168.0.0/16 le 24
|
||
|
|
ip prefix-list PL_TO_IZH-KI-VOR158 seq 15 permit 172.31.35.0/24
|
||
|
|
!
|
||
|
|
ip prefix-list PL_TO_KLS seq 5 permit 10.0.0.0/8 le 24
|
||
|
|
ip prefix-list PL_TO_KLS seq 10 permit 192.168.0.0/16 le 24
|
||
|
|
!
|
||
|
|
ip prefix-list PL_TO_KUMK seq 5 permit 10.1.0.0/16 le 24
|
||
|
|
ip prefix-list PL_TO_KUMK seq 10 permit 10.4.0.0/16 le 24
|
||
|
|
!
|
||
|
|
ip prefix-list TEST_ARR seq 5 permit 91.240.179.243/32
|
||
|
|
!
|
||
|
|
ip prefix-list TO-BEELINE seq 5 permit 91.240.179.0/24
|
||
|
|
ip prefix-list TO-BEELINE seq 10 permit 91.240.179.0/25
|
||
|
|
!
|
||
|
|
ip prefix-list TO-ROSTELECOM seq 5 permit 91.240.179.0/24
|
||
|
|
!
|
||
|
|
ip prefix-list local seq 5 permit 91.240.179.0/24
|
||
|
|
kron occurrence EveryDay at 1:00 recurring
|
||
|
|
policy-list SaveBackup
|
||
|
|
!
|
||
|
|
kron policy-list SaveBackup
|
||
|
|
cli write memory
|
||
|
|
!
|
||
|
|
logging trap debugging
|
||
|
|
logging origin-id hostname
|
||
|
|
logging facility local1
|
||
|
|
logging source-interface Port-channel1.100
|
||
|
|
logging host 192.168.2.25
|
||
|
|
logging host 10.4.244.4 transport udp port 515
|
||
|
|
!
|
||
|
|
route-map RM_FROM_KUMK permit 10
|
||
|
|
match ip address prefix-list PL_FROM_KUMK
|
||
|
|
!
|
||
|
|
route-map RM_NAT_MAIL_MILKOM permit 10
|
||
|
|
match ip address ACL_NAT_MAIL_MILKOM
|
||
|
|
!
|
||
|
|
route-map RM_NAT_GLOBAL_OVERLOAD permit 10
|
||
|
|
match ip address ACL_ACCESS_NET ACL_DMZ_NET ACL_DMZ_1_NET ACL_NAT_ASAv ACL_NAT_MK
|
||
|
|
!
|
||
|
|
route-map RM_TO_KUMK permit 10
|
||
|
|
match ip address prefix-list PL_TO_KUMK
|
||
|
|
!
|
||
|
|
route-map RM_LOCAL_OUT permit 10
|
||
|
|
match ip address prefix-list PL_LOCAL_OUT
|
||
|
|
!
|
||
|
|
route-map MTS-OUT permit 10
|
||
|
|
match community 39001:54999
|
||
|
|
!
|
||
|
|
route-map RM_TO_IZH-KI-VOR158 permit 10
|
||
|
|
match ip address prefix-list PL_TO_IZH-KI-VOR158
|
||
|
|
!
|
||
|
|
route-map UPLINK-in permit 10
|
||
|
|
match ip address prefix-list Deny_Reserved_Net
|
||
|
|
set local-preference 500
|
||
|
|
!
|
||
|
|
route-map SET-COMMUNITY permit 10
|
||
|
|
set community 2556024535
|
||
|
|
!
|
||
|
|
route-map RM_NAT_WIRELESS permit 10
|
||
|
|
match ip address ACL_WIRELESS_NET
|
||
|
|
!
|
||
|
|
route-map RM_TO_KLS permit 10
|
||
|
|
match ip address prefix-list PL_TO_KLS
|
||
|
|
!
|
||
|
|
route-map RM_LOCAL_IN permit 10
|
||
|
|
match ip address prefix-list PL_LOCAL_IN
|
||
|
|
!
|
||
|
|
route-map RM_TEST_SLA permit 10
|
||
|
|
!
|
||
|
|
route-map RM_KOMOS_AS permit 10
|
||
|
|
match ip address prefix-list PL_KOMOS_AS
|
||
|
|
!
|
||
|
|
route-map RM_FROM_KLS permit 10
|
||
|
|
match ip address prefix-list PL_FROM_KLS
|
||
|
|
!
|
||
|
|
route-map RM_NAT_HELP_KOMOS permit 10
|
||
|
|
match ip address ACL_NAT_HELP_KOMOS
|
||
|
|
!
|
||
|
|
route-map RM_NAT_MAIL_MILKOM_2 permit 10
|
||
|
|
match ip address ACL_NAT_MAIL_MILKOM_2
|
||
|
|
!
|
||
|
|
!
|
||
|
|
snmp-server community lmTUEsk6Yvlv RO
|
||
|
|
snmp-server host 10.1.122.227 lmTUEsk6Yvlv
|
||
|
|
access-list 11 remark -==NTP CLIENTS==-
|
||
|
|
access-list 11 permit 10.1.1.0 0.0.0.255
|
||
|
|
access-list 11 permit 172.168.1.0 0.0.0.3
|
||
|
|
access-list 11 permit 10.1.25.0 0.0.0.255
|
||
|
|
access-list 11 deny any
|
||
|
|
!
|
||
|
|
radius server IZH-RDS002
|
||
|
|
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
|
||
|
|
timeout 3
|
||
|
|
retransmit 2
|
||
|
|
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
|
||
|
|
!
|
||
|
|
radius server P11-RDS003
|
||
|
|
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
|
||
|
|
timeout 3
|
||
|
|
retransmit 2
|
||
|
|
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
control-plane
|
||
|
|
!
|
||
|
|
alias exec sib show ip int brief
|
||
|
|
privilege exec all level 7 show cdp
|
||
|
|
privilege exec all level 7 show running-config
|
||
|
|
privilege exec all level 7 show configuration
|
||
|
|
privilege exec level 7 show
|
||
|
|
!
|
||
|
|
line con 0
|
||
|
|
logging synchronous
|
||
|
|
login authentication CONSOLE
|
||
|
|
line aux 0
|
||
|
|
line vty 0 4
|
||
|
|
access-class ACL_VTY in vrf-also
|
||
|
|
exec-timeout 120 0
|
||
|
|
login authentication NPS
|
||
|
|
length 0
|
||
|
|
transport input ssh
|
||
|
|
line vty 5 15
|
||
|
|
access-class ACL_VTY in vrf-also
|
||
|
|
exec-timeout 120 0
|
||
|
|
login authentication NPS
|
||
|
|
transport input ssh
|
||
|
|
!
|
||
|
|
scheduler allocate 20000 1000
|
||
|
|
ntp source Port-channel1.551
|
||
|
|
ntp access-group serve 11
|
||
|
|
ntp master 3
|
||
|
|
ntp update-calendar
|
||
|
|
ntp server 10.1.8.1
|
||
|
|
ntp server 10.1.8.2
|
||
|
|
!
|
||
|
|
end
|