1109 lines
34 KiB
Plaintext
1109 lines
34 KiB
Plaintext
|
Building configuration...
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
Current configuration : 34217 bytes
|
||
|
|
!
|
||
|
|
! Last configuration change at 09:02:09 IZH Tue Apr 26 2022 by akhmetzyanovrr_adm
|
||
|
|
! NVRAM config last updated at 01:30:00 IZH Thu Jul 28 2022
|
||
|
|
!
|
||
|
|
version 15.7
|
||
|
|
no service pad
|
||
|
|
service tcp-keepalives-in
|
||
|
|
service tcp-keepalives-out
|
||
|
|
service timestamps debug datetime msec localtime show-timezone year
|
||
|
|
service timestamps log datetime msec localtime show-timezone year
|
||
|
|
service password-encryption
|
||
|
|
service sequence-numbers
|
||
|
|
!
|
||
|
|
hostname IZH-VRS-PFV-RT-1-2
|
||
|
|
!
|
||
|
|
boot-start-marker
|
||
|
|
boot system flash:c2900-universalk9-mz.SPA.157-3.M.bin
|
||
|
|
boot-end-marker
|
||
|
|
!
|
||
|
|
!
|
||
|
|
security authentication failure rate 3 log
|
||
|
|
logging buffered 16386
|
||
|
|
logging rate-limit 100 except warnings
|
||
|
|
logging console critical
|
||
|
|
!
|
||
|
|
aaa new-model
|
||
|
|
!
|
||
|
|
!
|
||
|
|
aaa group server radius NPS
|
||
|
|
server name IZH-RDS002
|
||
|
|
server name P11-RDS003
|
||
|
|
ip radius source-interface GigabitEthernet0/2.300
|
||
|
|
load-balance method least-outstanding
|
||
|
|
!
|
||
|
|
aaa authentication login default local group NPS enable
|
||
|
|
aaa authentication login LOCAL_AUTH local
|
||
|
|
aaa authentication login sslvpn local
|
||
|
|
aaa authentication login CONSOLE local group NPS
|
||
|
|
aaa authorization exec default local group NPS if-authenticated
|
||
|
|
aaa authorization network sslvpn local
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
aaa session-id common
|
||
|
|
clock timezone IZH 4 0
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
no ip source-route
|
||
|
|
no ip gratuitous-arps
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
ip flow-cache timeout inactive 60
|
||
|
|
ip flow-cache timeout active 5
|
||
|
|
no ip bootp server
|
||
|
|
ip domain name komos.ru
|
||
|
|
ip host tftp 10.4.0.214
|
||
|
|
ip name-server 95.215.208.42
|
||
|
|
ip name-server 8.8.8.8
|
||
|
|
ip cef
|
||
|
|
login block-for 60 attempts 3 within 20
|
||
|
|
no ipv6 cef
|
||
|
|
!
|
||
|
|
multilink bundle-name authenticated
|
||
|
|
!
|
||
|
|
vpdn enable
|
||
|
|
!
|
||
|
|
vpdn-group 1
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
crypto pki trustpoint CA_VPNPFV_KOMOS_RU
|
||
|
|
enrollment terminal pem
|
||
|
|
revocation-check none
|
||
|
|
!
|
||
|
|
crypto pki trustpoint VPNPFV_KOMOS_RU
|
||
|
|
enrollment pkcs12
|
||
|
|
revocation-check none
|
||
|
|
rsakeypair VPNPFV_KOMOS_RU
|
||
|
|
!
|
||
|
|
!
|
||
|
|
crypto pki certificate chain CA_VPNPFV_KOMOS_RU
|
||
|
|
certificate ca 01FD6D30FCA3CA51A81BBC640E35032D
|
||
|
|
308205DE 308203C6 A0030201 02021001 FD6D30FC A3CA51A8 1BBC640E 35032D30
|
||
|
|
0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113
|
||
|
|
30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65
|
||
|
|
72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553
|
||
|
|
54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253
|
||
|
|
41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313030
|
||
|
|
32303130 30303030 305A170D 33383031 31383233 35393539 5A308188 310B3009
|
||
|
|
06035504 06130255 53311330 11060355 0408130A 4E657720 4A657273 65793114
|
||
|
|
30120603 55040713 0B4A6572 73657920 43697479 311E301C 06035504 0A131554
|
||
|
|
68652055 53455254 52555354 204E6574 776F726B 312E302C 06035504 03132555
|
||
|
|
53455254 72757374 20525341 20436572 74696669 63617469 6F6E2041 7574686F
|
||
|
|
72697479 30820222 300D0609 2A864886 F70D0101 01050003 82020F00 3082020A
|
||
|
|
02820201 00801265 17360EC3 DB08B3D0 AC570D76 EDCD27D3 4CAD5083 61E2AA20
|
||
|
|
4D092D64 09DCCE89 9FCC3DA9 ECF6CFC1 DCF1D3B1 D67B3728 112B47DA 39C6BC3A
|
||
|
|
19B45FA6 BD7D9DA3 6342B676 F2A93B2B 91F8E26F D0EC1620 90093EE2 E874C918
|
||
|
|
B491D462 64DB7FA3 06F18818 6A90223C BCFE13F0 87147BF6 E41F8ED4 E451C611
|
||
|
|
67460851 CB861454 3FBC33FE 7E6C9CFF 169D18BD 518E35A6 A766C872 67DB2166
|
||
|
|
B1D49B78 03C0503A E8CCF0DC BC9E4CFE AF059635 1F575AB7 FFCEF93D B72CB6F6
|
||
|
|
54DDC8E7 123A4DAE 4C8AB75C 9AB4B720 3DCA7F22 34AE7E3B 68660144 E7014E46
|
||
|
|
539B3360 F794BE53 37907343 F332C353 EFDBAAFE 744E69C7 6B8C6093 DEC4C70C
|
||
|
|
DFE132AE CC933B51 7895678B EE3D56FE 0CD0690F 1B0FF325 266B336D F76E47FA
|
||
|
|
7343E57E 0EA566B1 297C3284 635589C4 0DC19354 301913AC D37D37A7 EB5D3A6C
|
||
|
|
355CDB41 D712DAA9 490BDFD8 808A0993 628EB566 CF2588CD 84B8B13F A4390FD9
|
||
|
|
029EEB12 4C957CF3 6B05A95E 1683CCB8 67E2E813 9DCC5B82 D34CB3ED 5BFFDEE5
|
||
|
|
73AC233B 2D00BF35 55740949 D849581A 7F9236E6 51920EF3 267D1C4D 17BCC9EC
|
||
|
|
4326D0BF 415F40A9 4444F499 E757879E 501F5754 A83EFD74 632FB150 6509E658
|
||
|
|
422E431A 4CB4F025 4759FA04 1E93D426 464A5081 B2DEBE78 B7FC6715 E1C95784
|
||
|
|
1E0F63D6 E962BAD6 5F552EEA 5CC62808 042539B8 0E2BA9F2 4C971C07 3F0D52F5
|
||
|
|
EDEF2F82 0F020301 0001A342 3040301D 0603551D 0E041604 145379BF 5AAA2B4A
|
||
|
|
CF5480E1 D89BC09D F2B20366 CB300E06 03551D0F 0101FF04 04030201 06300F06
|
||
|
|
03551D13 0101FF04 05300301 01FF300D 06092A86 4886F70D 01010C05 00038202
|
||
|
|
01005CD4 7C0DCFF7 017D4199 650C73C5 529FCBF8 CF99067F 1BDA4315 9F9E0255
|
||
|
|
579614F1 523C2787 9428ED1F 3A0137A2 76FC5350 C0849BC6 6B4EBA8C 214FA28E
|
||
|
|
556291F3 6915D8BC 88E3C4AA 0BFDEFA8 E94B552A 06206D55 782919EE 5F305C4B
|
||
|
|
241155FF 249A6E5E 2A2BEE0B 4D9F7FF7 01389414 95430709 FB60A9EE 1CAB128C
|
||
|
|
A09A5EA7 986A596D 8B3F08FB C8D145AF 18156490 120F7328 2EC5E224 4EFC58EC
|
||
|
|
F0F445FE 22B3EB2F 8ED2D945 6105C197 6FA87672 8F8B8C36 AFBF0D05 CE718DE6
|
||
|
|
A66F1F6C A67162C5 D8D08372 0CF16711 890C9C13 4C7234DF BCD571DF AA71DDE1
|
||
|
|
B96C8C3C 125D65DA BD5712B6 436BFFE5 DE4D6611 51CF99AE EC17B6E8 71918CDE
|
||
|
|
49FEDD35 71A21527 941CCF61 E326BB6F A3672521 5DE6DD1D 0B2E681B 3B82AFEC
|
||
|
|
836785D4 985174B1 B9998089 FF7F7819 5C794A60 2E9240AE 4C372A2C C9C762C8
|
||
|
|
0E5DF736 5BCAE025 2501B4DD 1A079C77 003FD0DC D5EC3DD4 FABB3FCC 85D66F7F
|
||
|
|
A92DDFB9 02F7F597 9AB535DA C367B087 4AA9289E 238EFF5C 276BE1B0 4FF307EE
|
||
|
|
002ED459 87CB5241 95EAF447 D7EE6441 557C8D59 0295DD62 9DC2B9EE 5A287484
|
||
|
|
A59BB790 C70C07DF F5893674 32D628C1 B0B00BE0 9C4CC31C D6FCE369 B5474681
|
||
|
|
2FA282AB D3634470 C48DFF2D 33BAAD8F 7BB57088 AE3E19CF 4028D8FC C890BB5D
|
||
|
|
9922F552 E658C51F 883143EE 881DD7C6 8E3C436A 1DA718DE 7D3D16F1 62F9CA90 A8FD
|
||
|
|
quit
|
||
|
|
crypto pki certificate chain VPNPFV_KOMOS_RU
|
||
|
|
certificate 0093FAAC8A0C37F508F5D3C800883BFDB6
|
||
|
|
308206C2 308205AA A0030201 02021100 93FAAC8A 0C37F508 F5D3C800 883BFDB6
|
||
|
|
300D0609 2A864886 F70D0101 0B050030 8195310B 30090603 55040613 02474231
|
||
|
|
1B301906 03550408 13124772 65617465 72204D61 6E636865 73746572 3110300E
|
||
|
|
06035504 07130753 616C666F 72643118 30160603 55040A13 0F536563 7469676F
|
||
|
|
204C696D 69746564 313D303B 06035504 03133453 65637469 676F2052 5341204F
|
||
|
|
7267616E 697A6174 696F6E20 56616C69 64617469 6F6E2053 65637572 65205365
|
||
|
|
72766572 20434130 1E170D32 30303532 31303030 3030305A 170D3231 30363036
|
||
|
|
32333539 35395A30 81BF310B 30090603 55040613 02525531 0F300D06 03550411
|
||
|
|
13063132 37303135 31193017 06035504 08131055 646D7572 74736B61 79612052
|
||
|
|
65737031 0F300D06 03550407 13064D6F 73636F77 31433041 06035504 09133A64
|
||
|
|
2E203220 6B6F7270 2E203120 706F6D2E 20584C49 206B6F6D 2E203120 6574617A
|
||
|
|
6820352C 20756C2E 204E6F76 6F646D69 74726F76 736B6179 61311930 17060355
|
||
|
|
040A1310 4B4F4D4F 53204752 5550502C 204F4F4F 31133011 06035504 030C0A2A
|
||
|
|
2E6B6F6D 6F732E72 75308201 22300D06 092A8648 86F70D01 01010500 0382010F
|
||
|
|
00308201 0A028201 0100A9BC A8041307 C2830836 182F1AD2 C9D774D7 E50702F9
|
||
|
|
60DC1C7B BBD56BD9 398B8CDB F56C4BD7 F6F0C489 EC427A54 B89402D5 B305D795
|
||
|
|
0F52D67A D6F82E80 89650879 4F719B66 21C14B0D 0FABC31E 6FE730EF 71B553C8
|
||
|
|
DBE2A5C4 F069BB0D 3C141AC6 3DA12719 31D1DE66 D34DCCCB 490B0FAA D68C5E15
|
||
|
|
7A9962FD 09E2B17D 74115809 B1ABDE35 323B7E3E 48816379 338849E9 5F906B3E
|
||
|
|
A711DBBC 1C3C76C2 2E5FE73C E67A9249 90347DE7 79623B3D 42D48F61 C745B439
|
||
|
|
54B21C99 9FB93878 F298AB84 53CFF3CC A34C039E 89393DF1 80192065 DCDA3811
|
||
|
|
291251A8 43C27A6D A5119AB1 9BECCF61 B14BE8B9 5822B8E0 07DF763F E688AB56
|
||
|
|
F630725B 040F0C58 86010203 010001A3 8202DF30 8202DB30 1F060355 1D230418
|
||
|
|
30168014 17D9D625 2767F931 C24943D9 3036448C 6CA94FEB 301D0603 551D0E04
|
||
|
|
1604144D 10DBEA91 956D4FC3 2B72ED20 556CFA1E 38927130 0E060355 1D0F0101
|
||
|
|
FF040403 0205A030 0C060355 1D130101 FF040230 00301D06 03551D25 04163014
|
||
|
|
06082B06 01050507 03010608 2B060105 05070302 304A0603 551D2004 43304130
|
||
|
|
35060C2B 06010401 B2310102 01030430 25302306 082B0601 05050702 01161768
|
||
|
|
74747073 3A2F2F73 65637469 676F2E63 6F6D2F43 50533008 06066781 0C010202
|
||
|
|
305A0603 551D1F04 53305130 4FA04DA0 4B864968 7474703A 2F2F6372 6C2E7365
|
||
|
|
63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761 6E697A61 74696F6E
|
||
|
|
56616C69 64617469 6F6E5365 63757265 53657276 65724341 2E63726C 30818A06
|
||
|
|
082B0601 05050701 01047E30 7C305506 082B0601 05050730 02864968 7474703A
|
||
|
|
2F2F6372 742E7365 63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761
|
||
|
|
6E697A61 74696F6E 56616C69 64617469 6F6E5365 63757265 53657276 65724341
|
||
|
|
2E637274 30230608 2B060105 05073001 86176874 74703A2F 2F6F6373 702E7365
|
||
|
|
63746967 6F2E636F 6D301F06 03551D11 04183016 820A2A2E 6B6F6D6F 732E7275
|
||
|
|
82086B6F 6D6F732E 72753082 0104060A 2B060104 01D67902 04020481 F50481F2
|
||
|
|
00F00076 007D3EF2 F88FFF88 556824C2 C0CA9E52 89792BC5 0E78097F 2E6A9768
|
||
|
|
997E22F0 D7000001 7236A9F2 D2000004 03004730 45022100 BACB9772 4718DCE5
|
||
|
|
AFEED323 E69255EB F80BC770 691BC5CC 6ED46DC0 7B943C7A 02206694 07DA794C
|
||
|
|
00D45D62 77AE3C67 551C8579 1809B227 1DB745AD 453697BE 07130076 009420BC
|
||
|
|
1E8ED58D 6C88731F 828B222C 0DD1DA4D 5E6C4F94 3D61DB4E 2F584DA2 C2000001
|
||
|
|
7236A9F3 87000004 03004730 45022100 F36F3BC4 9BA01275 14F2FF66 148551B5
|
||
|
|
C6A70EBE 09A65A0D CCF96BF1 92C2B748 02207971 87B7F2D7 A2E5C871 A2643DCB
|
||
|
|
F9D929BA 8FA907CC B13764C8 087C64E5 E33E300D 06092A86 4886F70D 01010B05
|
||
|
|
00038201 010091BE 0134215B E5683466 47B8CBD4 95E668A9 E30DE2EA A58F0276
|
||
|
|
88F68F0B D5656A80 642FB4C4 633C68E5 FB95144E 185DDB2A 9E796A26 2F0147D8
|
||
|
|
6850CEFC A41D8856 A62E9EBF 907523C5 AB9F25C0 E0556618 2416F912 AE30B0F1
|
||
|
|
C4621BDB AEF3E06F 55FA13E9 F9549290 3AD8617F BCEE2058 4B04A901 4C1E9A18
|
||
|
|
D5FD603C C92178FB 1ABC12E8 84E8F30E 3E08F04F D8544887 460AC53B 78A06E0E
|
||
|
|
27EC0426 2AA9E09D A5EF10C1 1EEA1FA4 CE572F16 9081F5CE 94371A35 35B32B0B
|
||
|
|
DCB1BCD8 A872E24D A7045002 52764CAD F80FAC74 FBF9EF0F DD9F3397 DAE4CE81
|
||
|
|
BB504649 0A2DE226 8E037485 4392319B 7116D45E B8D40724 FC487229 4651A35D
|
||
|
|
0483B01E E61E
|
||
|
|
quit
|
||
|
|
certificate ca 137D539CAA7C31A9A433701968847A8D
|
||
|
|
30820619 30820401 A0030201 02021013 7D539CAA 7C31A9A4 33701968 847A8D30
|
||
|
|
0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113
|
||
|
|
30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65
|
||
|
|
72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553
|
||
|
|
54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253
|
||
|
|
41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313831
|
||
|
|
31303230 30303030 305A170D 33303132 33313233 35393539 5A308195 310B3009
|
||
|
|
06035504 06130247 42311B30 19060355 04081312 47726561 74657220 4D616E63
|
||
|
|
68657374 65723110 300E0603 55040713 0753616C 666F7264 31183016 06035504
|
||
|
|
0A130F53 65637469 676F204C 696D6974 6564313D 303B0603 55040313 34536563
|
||
|
|
7469676F 20525341 204F7267 616E697A 6174696F 6E205661 6C696461 74696F6E
|
||
|
|
20536563 75726520 53657276 65722043 41308201 22300D06 092A8648 86F70D01
|
||
|
|
01010500 0382010F 00308201 0A028201 01009C93 0246454A 524892FC 578DF92D
|
||
|
|
EA53BEB3 2CD5D8A8 A5EC5B69 03C01D10 F65933DE FE0748A8 E88C7A67 4AF1F58D
|
||
|
|
C33766D0 3291F7C4 9D0460C4 B54AE283 8BA7AE26 D45D3A5E F8D11671 BB8ABD71
|
||
|
|
A27DC8CE A26024B0 52A03A45 51DE7893 6C6260F1 E4569CB7 3BF73C55 D8DFD57A
|
||
|
|
317C357F 125170E1 2CBE04AC CBFA4FE1 7C656AC0 40A7D97C A5638419 E1F7CAEF
|
||
|
|
AAB4E858 5AD999E3 26DF8E12 B2B8DC33 B236DA14 1D965842 406E0B22 851C5122
|
||
|
|
AEC4C806 456D92E6 67B71923 E4D8366B 85D07FC7 52E3CFB0 7501E089 B4A8BF8A
|
||
|
|
364EA3E0 6CEB8441 CEA52F48 22139750 62451E09 A5CC9F6C 57704006 DB20E81B
|
||
|
|
D6F3938B A7329EB7 441509D7 AFFD7C01 1CDB0203 010001A3 82016E30 82016A30
|
||
|
|
1F060355 1D230418 30168014 5379BF5A AA2B4ACF 5480E1D8 9BC09DF2 B20366CB
|
||
|
|
301D0603 551D0E04 16041417 D9D62527 67F931C2 4943D930 36448C6C A94FEB30
|
||
|
|
0E060355 1D0F0101 FF040403 02018630 12060355 1D130101 FF040830 060101FF
|
||
|
|
02010030 1D060355 1D250416 30140608 2B060105 05070301 06082B06 01050507
|
||
|
|
0302301B 0603551D 20041430 12300606 04551D20 00300806 0667810C 01020230
|
||
|
|
50060355 1D1F0449 30473045 A043A041 863F6874 74703A2F 2F63726C 2E757365
|
||
|
|
72747275 73742E63 6F6D2F55 53455254 72757374 52534143 65727469 66696361
|
||
|
|
74696F6E 41757468 6F726974 792E6372 6C307606 082B0601 05050701 01046A30
|
||
|
|
68303F06 082B0601 05050730 02863368 7474703A 2F2F6372 742E7573 65727472
|
||
|
|
7573742E 636F6D2F 55534552 54727573 74525341 41646454 72757374 43412E63
|
||
|
|
72743025 06082B06 01050507 30018619 68747470 3A2F2F6F 6373702E 75736572
|
||
|
|
74727573 742E636F 6D300D06 092A8648 86F70D01 010C0500 03820201 004E1340
|
||
|
|
96C9C3E6 6E5BC0E3 BAF417E1 AE091FC9 BFCB0C25 16F27353 B3761AB7 AB4806D6
|
||
|
|
CD007C20 4543456C 165A1B13 61D749BA A402A4AC E8CECE2D C92A74A3 DCDEAEAB
|
||
|
|
D06836F8 91AF3C01 F777D50B CF97ABEB 87E715A8 FA305A61 7120B1C0 43C4B98F
|
||
|
|
6D8A31EB 153624FB 62D50B9C 8FE966BD E6615197 93B61D87 BDB0B56C FEA61129
|
||
|
|
06613431 303D2027 7351D0DE 8583D377 39204696 DAA7C65A 162785B2 CF4E0F4E
|
||
|
|
8C5CBEBE 3800F84B F9727BD4 F27AD7A2 2985D004 BAD3422C 5188522E D13D2467
|
||
|
|
47EC55CC 1BF4CA34 EA26C1DE DDC42189 F6BA7B32 1E8E965E 844538CF 80AA3769
|
||
|
|
8B601774 1548919C 6DF04EA3 77CA1B1C 48FAF9CF 49E85F4F 850AE28F 901BAB70
|
||
|
|
4C9AEBB7 A63FB4AC 5DA45FCF E6D88A96 90F74F26 8160765D 0F247791 B32A319F
|
||
|
|
165AB25D 8C1C29AA 489C8E6F D3784070 DB77ECDD E3D15705 702DE649 98880584
|
||
|
|
62057056 7686394E D3226F1D FE6DF10E B362C43C CBC085B9 611EBAE1 15805994
|
||
|
|
0CAE05BB 8C7F56BE 1CD25ABF 97F26A4C B0C67076 B0908DC1 0B36B911 D8D6285C
|
||
|
|
EA4FFE24 B7180A9B 0CD0C17C 5CFB69BD CCA24DC6 90BCA64D F2B1BAD6 9A675B96
|
||
|
|
0252D082 F9C40A5C 0D28E03F C8FA9595 89D5A4BE 496C40B2 3EA86BB8 D525B2C4
|
||
|
|
FEF1D3D7 E7D6DC43 017630FB 3B8B5DF7 4A897C9A 35BEFCCA F05701F0 8D3FA087
|
||
|
|
327B475A 974B82D2 66C2C42D EA3F24F4 A7F9A8B9 E36AD918 61A03B8C 15
|
||
|
|
quit
|
||
|
|
license udi pid CISCO2911/K9 sn JTV1624T1ED
|
||
|
|
license accept end user agreement
|
||
|
|
license boot module c2900 technology-package securityk9
|
||
|
|
!
|
||
|
|
!
|
||
|
|
archive
|
||
|
|
log config
|
||
|
|
logging enable
|
||
|
|
logging size 200
|
||
|
|
notify syslog contenttype plaintext
|
||
|
|
hidekeys
|
||
|
|
path tftp://tftp/IZH/VRS/PFV-RT/$H.$T.conf
|
||
|
|
write-memory
|
||
|
|
time-period 10080
|
||
|
|
object-group network NET_MLK
|
||
|
|
description :: MILKOM_DATACENTER
|
||
|
|
host 85.140.32.177
|
||
|
|
host 78.85.14.98
|
||
|
|
host 213.87.95.1
|
||
|
|
!
|
||
|
|
object-group network NET_VPF
|
||
|
|
description VOTKINSKAYA_PF
|
||
|
|
host 88.80.33.14
|
||
|
|
host 78.85.13.118
|
||
|
|
!
|
||
|
|
object-group network NET_IPF
|
||
|
|
description IZHEVSKAYA_PF
|
||
|
|
host 85.140.32.141
|
||
|
|
host 78.85.13.117
|
||
|
|
!
|
||
|
|
object-group network NET_MPF
|
||
|
|
host 178.47.130.10
|
||
|
|
host 5.227.121.127
|
||
|
|
!
|
||
|
|
object-group network NET_PFD
|
||
|
|
host 185.6.82.180
|
||
|
|
!
|
||
|
|
object-group network NET_IZH_MLK
|
||
|
|
description --IZHMOLOKO--
|
||
|
|
host 78.85.13.42
|
||
|
|
host 85.140.32.27
|
||
|
|
host 31.173.105.54
|
||
|
|
host 217.14.195.253
|
||
|
|
host 84.201.247.157
|
||
|
|
!
|
||
|
|
object-group network NET_PS_PF
|
||
|
|
host 5.227.121.127
|
||
|
|
host 46.232.164.108
|
||
|
|
host 78.85.13.117
|
||
|
|
host 78.85.13.118
|
||
|
|
host 78.85.13.119
|
||
|
|
host 78.85.14.98
|
||
|
|
host 78.85.33.50
|
||
|
|
host 85.140.32.141
|
||
|
|
host 85.140.32.177
|
||
|
|
host 85.140.32.178
|
||
|
|
host 88.80.33.14
|
||
|
|
host 95.215.208.234
|
||
|
|
host 178.47.130.10
|
||
|
|
host 178.205.241.114
|
||
|
|
!
|
||
|
|
object-group network NET_KOMOSGROUP
|
||
|
|
host 88.80.33.50
|
||
|
|
91.240.179.0 255.255.255.0
|
||
|
|
host 5.227.124.143
|
||
|
|
host 62.141.96.126
|
||
|
|
host 84.201.247.190
|
||
|
|
host 88.80.33.10
|
||
|
|
host 94.25.46.122
|
||
|
|
!
|
||
|
|
object-group network NET_DMVPN_NBRS
|
||
|
|
group-object NET_MLK
|
||
|
|
group-object NET_VPF
|
||
|
|
group-object NET_IPF
|
||
|
|
group-object NET_MPF
|
||
|
|
group-object NET_PFD
|
||
|
|
group-object NET_IZH_MLK
|
||
|
|
group-object NET_PS_PF
|
||
|
|
group-object NET_KOMOSGROUP
|
||
|
|
!
|
||
|
|
object-group network NET_KOMENERGO
|
||
|
|
description :: KOMOS_ENERGO
|
||
|
|
host 92.55.54.109
|
||
|
|
host 83.143.54.246
|
||
|
|
host 77.222.40.133
|
||
|
|
host 178.79.148.203
|
||
|
|
!
|
||
|
|
object-group network NET_PHK
|
||
|
|
host 46.146.210.68
|
||
|
|
!
|
||
|
|
object-group network NET_REMOTE_MANAGERS
|
||
|
|
host 91.146.62.155
|
||
|
|
host 213.87.95.1
|
||
|
|
!
|
||
|
|
object-group network NET_UPF
|
||
|
|
description :: UDMURTSKAYA_PF
|
||
|
|
host 88.80.33.162
|
||
|
|
host 212.46.204.74
|
||
|
|
host 146.120.104.227
|
||
|
|
host 95.215.208.234
|
||
|
|
!
|
||
|
|
object-group network NET_RT_VATS
|
||
|
|
host 178.45.249.116
|
||
|
|
!
|
||
|
|
object-group network NET_REMOTE_SITES
|
||
|
|
group-object NET_VPF
|
||
|
|
group-object NET_UPF
|
||
|
|
group-object NET_MPF
|
||
|
|
group-object NET_IPF
|
||
|
|
group-object NET_KOMENERGO
|
||
|
|
group-object NET_KOMOSGROUP
|
||
|
|
group-object NET_PHK
|
||
|
|
group-object NET_PFD
|
||
|
|
group-object NET_IZH_MLK
|
||
|
|
group-object NET_RT_VATS
|
||
|
|
!
|
||
|
|
object-group network OBJ_BBN_RN_BBN
|
||
|
|
host 85.140.32.104
|
||
|
|
host 78.85.13.205
|
||
|
|
!
|
||
|
|
object-group network OBJ_BBN_VST_BBN
|
||
|
|
host 85.140.32.103
|
||
|
|
host 83.169.220.204
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_MLK_IZM
|
||
|
|
host 85.140.32.27
|
||
|
|
host 78.85.13.42
|
||
|
|
host 5.227.126.169
|
||
|
|
host 31.173.105.54
|
||
|
|
host 217.14.195.253
|
||
|
|
host 85.175.86.74
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KG_P11
|
||
|
|
91.240.179.0 255.255.255.0
|
||
|
|
host 5.227.124.143
|
||
|
|
host 78.85.13.93
|
||
|
|
host 62.141.96.126
|
||
|
|
host 84.201.247.190
|
||
|
|
host 88.80.33.50
|
||
|
|
host 94.25.46.122
|
||
|
|
range 91.240.179.1 91.240.179.254
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VST_IZM
|
||
|
|
host 5.227.124.82
|
||
|
|
host 78.85.13.38
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_M44
|
||
|
|
host 212.46.204.74
|
||
|
|
host 88.80.33.162
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_M48
|
||
|
|
host 87.249.237.250
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_SMR
|
||
|
|
host 87.249.239.226
|
||
|
|
host 88.80.33.42
|
||
|
|
!
|
||
|
|
object-group network OBJ_MSK_KG_MSK
|
||
|
|
host 185.62.195.150
|
||
|
|
host 185.6.175.101
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_MLK_GMK
|
||
|
|
host 31.173.105.62
|
||
|
|
host 85.140.32.29
|
||
|
|
!
|
||
|
|
object-group network OBJ_KZN_MLK_KMK
|
||
|
|
host 83.69.126.54
|
||
|
|
host 94.180.253.210
|
||
|
|
host 78.138.171.82
|
||
|
|
!
|
||
|
|
object-group network OBJ_KEZ_MLK_KZS
|
||
|
|
host 31.173.105.66
|
||
|
|
host 78.85.13.52
|
||
|
|
host 85.140.32.30
|
||
|
|
!
|
||
|
|
object-group network OBJ_PRM_MLK_PHK
|
||
|
|
host 178.47.128.18
|
||
|
|
host 46.146.210.68
|
||
|
|
!
|
||
|
|
object-group network OBJ_SAR_MLK_SRM
|
||
|
|
host 31.173.105.58
|
||
|
|
host 78.85.13.53
|
||
|
|
host 85.140.32.28
|
||
|
|
!
|
||
|
|
object-group network OBJ_CLB_MLK_CMK
|
||
|
|
host 37.113.128.241
|
||
|
|
host 149.255.6.35
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_GKZ_GKZ
|
||
|
|
host 78.85.13.94
|
||
|
|
host 146.120.104.181
|
||
|
|
!
|
||
|
|
object-group network OBJ_KIA_RN_KIA
|
||
|
|
host 78.85.14.97
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TZK_TZK
|
||
|
|
host 78.25.80.134
|
||
|
|
host 5.227.124.235
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_MK_VS17
|
||
|
|
host 5.227.124.141
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KL_KLI
|
||
|
|
host 78.85.15.85
|
||
|
|
host 84.201.247.24
|
||
|
|
host 79.175.36.97
|
||
|
|
host 84.201.244.235
|
||
|
|
!
|
||
|
|
object-group network OBJ_EKB_KG_EKB
|
||
|
|
host 62.168.232.182
|
||
|
|
host 176.215.14.11
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KEN_VS56
|
||
|
|
host 83.143.54.246
|
||
|
|
host 92.55.54.109
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VRS_IZM
|
||
|
|
host 85.140.32.177
|
||
|
|
host 78.85.14.98
|
||
|
|
host 213.87.95.1
|
||
|
|
host 92.241.255.114
|
||
|
|
host 89.175.174.68
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_VRS_UPF
|
||
|
|
host 95.215.208.234
|
||
|
|
host 78.85.13.119
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VRS_IPF
|
||
|
|
host 85.140.32.141
|
||
|
|
host 78.85.13.117
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VRS_PFV
|
||
|
|
host 85.140.32.178
|
||
|
|
host 94.181.119.90
|
||
|
|
host 78.85.33.50
|
||
|
|
!
|
||
|
|
object-group network OBJ_VOT_VRS_VPF
|
||
|
|
host 78.85.13.118
|
||
|
|
host 88.80.33.14
|
||
|
|
!
|
||
|
|
object-group network OBJ_MSB_TMA_MSB
|
||
|
|
host 78.138.182.214
|
||
|
|
!
|
||
|
|
object-group network OBJ_KIB_TMA_KIB
|
||
|
|
host 78.138.182.126
|
||
|
|
!
|
||
|
|
object-group network OBJ_PRM_VRS_MPF
|
||
|
|
host 178.47.130.10
|
||
|
|
host 5.227.121.127
|
||
|
|
!
|
||
|
|
object-group network OBJ_LAI_VRS_DPF
|
||
|
|
host 178.205.241.114
|
||
|
|
host 46.232.164.108
|
||
|
|
!
|
||
|
|
object-group network OBJ_SHM_TMA_SHM
|
||
|
|
host 89.232.91.106
|
||
|
|
host 31.173.182.210
|
||
|
|
!
|
||
|
|
object-group network OBJ_EVL_TMA_EVL
|
||
|
|
host 89.232.102.166
|
||
|
|
!
|
||
|
|
object-group network OBJ_ITL_VST_ITL
|
||
|
|
host 5.227.124.130
|
||
|
|
host 78.85.34.99
|
||
|
|
host 81.211.13.82
|
||
|
|
!
|
||
|
|
object-group network OBJ_MZH_VST_MZH
|
||
|
|
host 88.80.33.250
|
||
|
|
host 83.169.220.171
|
||
|
|
!
|
||
|
|
object-group network OBJ_KIA_VST_KIA
|
||
|
|
host 85.140.32.24
|
||
|
|
host 188.94.168.238
|
||
|
|
!
|
||
|
|
object-group network OBJ_KGB_VST_KBB
|
||
|
|
host 78.85.37.88
|
||
|
|
host 88.80.33.154
|
||
|
|
!
|
||
|
|
object-group network OBJ_SAR_VST_SMK
|
||
|
|
host 78.85.19.93
|
||
|
|
host 88.80.33.234
|
||
|
|
!
|
||
|
|
object-group network OBJ_KNK_VST_KMK
|
||
|
|
host 178.161.242.67
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KM_S61
|
||
|
|
host 84.201.247.32
|
||
|
|
host 88.80.33.194
|
||
|
|
!
|
||
|
|
object-group network OBJ_YAN_GKZ_YEL
|
||
|
|
host 77.94.97.222
|
||
|
|
!
|
||
|
|
object-group network OBJ_KUN_KMK_B2
|
||
|
|
94.138.150.0 255.255.255.0
|
||
|
|
!
|
||
|
|
object-group network OBJ_KUN_KMK_H80
|
||
|
|
host 178.161.207.26
|
||
|
|
host 77.43.193.88
|
||
|
|
!
|
||
|
|
object-group network OBJ_KUN_KMK_CH9
|
||
|
|
host 178.47.128.98
|
||
|
|
host 194.150.90.20
|
||
|
|
!
|
||
|
|
object-group network OBJ_KGB_RN_KGB
|
||
|
|
host 78.85.13.165
|
||
|
|
!
|
||
|
|
object-group network OBJ_NCH_RN_NCH
|
||
|
|
host 78.85.13.166
|
||
|
|
!
|
||
|
|
object-group network OBJ_PRI_RN_PRI
|
||
|
|
host 78.85.13.167
|
||
|
|
!
|
||
|
|
object-group network OBJ_URN_RN_URN
|
||
|
|
host 78.85.20.49
|
||
|
|
!
|
||
|
|
object-group network OBJ_MZH_TK_TKM
|
||
|
|
host 88.80.32.230
|
||
|
|
host 78.85.35.34
|
||
|
|
!
|
||
|
|
object-group network OBJ_GLZ_TK_TKG
|
||
|
|
host 95.215.208.240
|
||
|
|
host 146.120.104.235
|
||
|
|
host 95.215.208.173
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_TK_M21
|
||
|
|
host 84.201.242.133
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_HLA_PP
|
||
|
|
host 92.61.17.250
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_HLA_UHK
|
||
|
|
host 92.55.7.148
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VD_VS17
|
||
|
|
host 84.201.247.100
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_KS_H17
|
||
|
|
85.140.32.64 255.255.255.252
|
||
|
|
host 85.140.32.63
|
||
|
|
host 85.140.32.68
|
||
|
|
!
|
||
|
|
object-group network OBJ_IZH_VRS_AKS
|
||
|
|
host 5.227.124.50
|
||
|
|
host 87.249.233.80
|
||
|
|
!
|
||
|
|
object-group network OBJ_SPB_KG_SPB
|
||
|
|
host 62.141.114.190
|
||
|
|
host 94.72.27.43
|
||
|
|
!
|
||
|
|
object-group network OBJ_BRANCHES
|
||
|
|
group-object OBJ_IZH_MLK_IZM
|
||
|
|
group-object OBJ_IZH_KG_P11
|
||
|
|
group-object OBJ_IZH_VST_IZM
|
||
|
|
group-object OBJ_IZH_TK_M44
|
||
|
|
group-object OBJ_IZH_TK_M48
|
||
|
|
group-object OBJ_IZH_TK_SMR
|
||
|
|
group-object OBJ_MSK_KG_MSK
|
||
|
|
group-object OBJ_GLZ_MLK_GMK
|
||
|
|
group-object OBJ_KZN_MLK_KMK
|
||
|
|
group-object OBJ_KEZ_MLK_KZS
|
||
|
|
group-object OBJ_PRM_MLK_PHK
|
||
|
|
group-object OBJ_SAR_MLK_SRM
|
||
|
|
group-object OBJ_CLB_MLK_CMK
|
||
|
|
group-object OBJ_BBN_RN_BBN
|
||
|
|
group-object OBJ_GLZ_GKZ_GKZ
|
||
|
|
group-object OBJ_KIA_RN_KIA
|
||
|
|
group-object OBJ_IZH_TZK_TZK
|
||
|
|
group-object OBJ_IZH_MK_VS17
|
||
|
|
group-object OBJ_IZH_KL_KLI
|
||
|
|
group-object OBJ_EKB_KG_EKB
|
||
|
|
group-object OBJ_IZH_KEN_VS56
|
||
|
|
group-object OBJ_IZH_VRS_IZM
|
||
|
|
group-object OBJ_GLZ_VRS_UPF
|
||
|
|
group-object OBJ_IZH_VRS_IPF
|
||
|
|
group-object OBJ_IZH_VRS_PFV
|
||
|
|
group-object OBJ_VOT_VRS_VPF
|
||
|
|
group-object OBJ_MSB_TMA_MSB
|
||
|
|
group-object OBJ_KIB_TMA_KIB
|
||
|
|
group-object OBJ_PRM_VRS_MPF
|
||
|
|
group-object OBJ_LAI_VRS_DPF
|
||
|
|
group-object OBJ_BBN_VST_BBN
|
||
|
|
group-object OBJ_SHM_TMA_SHM
|
||
|
|
group-object OBJ_EVL_TMA_EVL
|
||
|
|
group-object OBJ_ITL_VST_ITL
|
||
|
|
group-object OBJ_MZH_VST_MZH
|
||
|
|
group-object OBJ_KIA_VST_KIA
|
||
|
|
group-object OBJ_KGB_VST_KBB
|
||
|
|
group-object OBJ_SAR_VST_SMK
|
||
|
|
group-object OBJ_KNK_VST_KMK
|
||
|
|
group-object OBJ_IZH_KM_S61
|
||
|
|
group-object OBJ_YAN_GKZ_YEL
|
||
|
|
group-object OBJ_KUN_KMK_B2
|
||
|
|
group-object OBJ_KUN_KMK_H80
|
||
|
|
group-object OBJ_KUN_KMK_CH9
|
||
|
|
group-object OBJ_KGB_RN_KGB
|
||
|
|
group-object OBJ_NCH_RN_NCH
|
||
|
|
group-object OBJ_PRI_RN_PRI
|
||
|
|
group-object OBJ_URN_RN_URN
|
||
|
|
group-object OBJ_MZH_TK_TKM
|
||
|
|
group-object OBJ_GLZ_TK_TKG
|
||
|
|
group-object OBJ_IZH_TK_M21
|
||
|
|
group-object OBJ_IZH_HLA_PP
|
||
|
|
group-object OBJ_IZH_HLA_UHK
|
||
|
|
group-object OBJ_IZH_VD_VS17
|
||
|
|
group-object OBJ_IZH_KS_H17
|
||
|
|
group-object OBJ_IZH_VRS_AKS
|
||
|
|
group-object OBJ_SPB_KG_SPB
|
||
|
|
!
|
||
|
|
object-group network STATIC_ISP_IP
|
||
|
|
host 78.85.33.50
|
||
|
|
!
|
||
|
|
object-group service SVC_ANYCONNECT
|
||
|
|
tcp eq 443
|
||
|
|
!
|
||
|
|
object-group service SVC_DNS
|
||
|
|
tcp eq domain
|
||
|
|
udp eq domain
|
||
|
|
!
|
||
|
|
object-group service SVC_EMAIL
|
||
|
|
tcp eq smtp
|
||
|
|
tcp eq 26
|
||
|
|
tcp eq 587
|
||
|
|
tcp eq pop3
|
||
|
|
tcp eq 143
|
||
|
|
tcp eq 993
|
||
|
|
tcp eq 465
|
||
|
|
tcp eq 995
|
||
|
|
tcp eq 4431
|
||
|
|
!
|
||
|
|
username menshikov privilege 15 secret 5 $1$jKjV$FRCadPiBRpyUc8/VTp5ks.
|
||
|
|
username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/
|
||
|
|
username akhmetzyanovrr privilege 15 secret 5 $1$c4VK$32.Jm2pJEy9u0raUvQK/50
|
||
|
|
!
|
||
|
|
redundancy
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
track 1 ip sla 1 reachability
|
||
|
|
delay down 26 up 11
|
||
|
|
!
|
||
|
|
track 10 ip sla 10 reachability
|
||
|
|
delay down 26 up 11
|
||
|
|
!
|
||
|
|
track 110 list boolean and
|
||
|
|
object 1
|
||
|
|
object 10
|
||
|
|
!
|
||
|
|
!
|
||
|
|
crypto logging session
|
||
|
|
!
|
||
|
|
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.3.05017-k9.pkg sequence 1
|
||
|
|
!
|
||
|
|
crypto vpn anyconnect flash0:/webvpn/anyconnect-linux-64-4.3.05017-k9.pkg sequence 2
|
||
|
|
!
|
||
|
|
crypto vpn anyconnect flash0:/webvpn/anyconnect-macosx-i386-4.3.05017-k9.pkg sequence 3
|
||
|
|
!
|
||
|
|
crypto isakmp policy 150
|
||
|
|
encr aes
|
||
|
|
authentication pre-share
|
||
|
|
group 2
|
||
|
|
crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth
|
||
|
|
crypto isakmp keepalive 30
|
||
|
|
crypto isakmp nat keepalive 10
|
||
|
|
!
|
||
|
|
!
|
||
|
|
crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac
|
||
|
|
mode transport
|
||
|
|
!
|
||
|
|
crypto ipsec profile CRYPTO_IPSEC_DMVPN
|
||
|
|
description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE--
|
||
|
|
set transform-set CRYPTO_TS_DMVPN
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
interface Loopback0
|
||
|
|
ip address 10.8.20.254 255.255.255.128
|
||
|
|
!
|
||
|
|
interface Loopback1
|
||
|
|
description -== REMOTE SENSOR ==-
|
||
|
|
ip address 10.1.72.4 255.255.255.255
|
||
|
|
!
|
||
|
|
interface Tunnel1001
|
||
|
|
description --DMVPN_SPOKE_26_CLOUD_1--
|
||
|
|
ip address 172.30.1.28 255.255.255.0
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
ip mtu 1400
|
||
|
|
ip flow ingress
|
||
|
|
ip flow egress
|
||
|
|
ip nhrp authentication M_K.Cl01
|
||
|
|
ip nhrp map 172.30.1.1 85.140.32.27
|
||
|
|
ip nhrp map 172.30.1.2 78.85.13.42
|
||
|
|
ip nhrp map multicast 85.140.32.27
|
||
|
|
ip nhrp map multicast 78.85.13.42
|
||
|
|
ip nhrp network-id 1001
|
||
|
|
ip nhrp holdtime 300
|
||
|
|
ip nhrp nhs 172.30.1.1
|
||
|
|
ip nhrp nhs 172.30.1.2
|
||
|
|
ip tcp adjust-mss 1360
|
||
|
|
tunnel source Dialer1
|
||
|
|
tunnel mode gre multipoint
|
||
|
|
tunnel key 1001
|
||
|
|
tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
|
||
|
|
!
|
||
|
|
interface Tunnel1002
|
||
|
|
description --DMVPN_SPOKE_26_CLOUD_2--
|
||
|
|
ip address 172.30.2.28 255.255.255.0
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
ip mtu 1400
|
||
|
|
ip flow ingress
|
||
|
|
ip flow egress
|
||
|
|
ip nhrp authentication M_K.Cl02
|
||
|
|
ip nhrp map 172.30.2.1 5.227.124.143
|
||
|
|
ip nhrp map 172.30.2.2 78.85.13.93
|
||
|
|
ip nhrp map multicast 5.227.124.143
|
||
|
|
ip nhrp map multicast 78.85.13.93
|
||
|
|
ip nhrp network-id 1002
|
||
|
|
ip nhrp holdtime 300
|
||
|
|
ip nhrp nhs 172.30.2.1
|
||
|
|
ip nhrp nhs 172.30.2.2
|
||
|
|
ip tcp adjust-mss 1360
|
||
|
|
tunnel source Dialer1
|
||
|
|
tunnel mode gre multipoint
|
||
|
|
tunnel key 1002
|
||
|
|
tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
|
||
|
|
!
|
||
|
|
interface Embedded-Service-Engine0/0
|
||
|
|
no ip address
|
||
|
|
shutdown
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/0
|
||
|
|
no ip address
|
||
|
|
duplex auto
|
||
|
|
speed auto
|
||
|
|
pppoe enable group global
|
||
|
|
pppoe-client dial-pool-number 1
|
||
|
|
no cdp enable
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/1
|
||
|
|
no ip address
|
||
|
|
shutdown
|
||
|
|
duplex auto
|
||
|
|
speed auto
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/2
|
||
|
|
description LOCAL_NETWORK
|
||
|
|
no ip address
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
ip nat inside
|
||
|
|
ip virtual-reassembly in
|
||
|
|
duplex auto
|
||
|
|
speed auto
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/2.300
|
||
|
|
description NETWORK_MANAGEMENT
|
||
|
|
encapsulation dot1Q 300
|
||
|
|
ip address 10.8.21.252 255.255.255.0
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
ip nat inside
|
||
|
|
ip virtual-reassembly in
|
||
|
|
standby version 2
|
||
|
|
standby 300 ip 10.8.21.253
|
||
|
|
standby 300 timers 5 15
|
||
|
|
standby 300 priority 150
|
||
|
|
standby 300 preempt delay minimum 30
|
||
|
|
standby 300 authentication pfv2017
|
||
|
|
standby 300 name NM-HSRP
|
||
|
|
standby 300 track 110 decrement 110
|
||
|
|
!
|
||
|
|
interface GigabitEthernet0/2.555
|
||
|
|
description --BGP_TRANSIT--
|
||
|
|
encapsulation dot1Q 555
|
||
|
|
ip address 172.30.30.162 255.255.255.248
|
||
|
|
no ip redirects
|
||
|
|
no ip unreachables
|
||
|
|
no ip proxy-arp
|
||
|
|
!
|
||
|
|
interface Dialer1
|
||
|
|
description LOGICAL_INTERFACE_ISP_RT
|
||
|
|
ip address negotiated
|
||
|
|
ip access-group ACL_FIREWALL in
|
||
|
|
ip access-group ACL_LAN_TO_WAN out
|
||
|
|
ip mtu 1492
|
||
|
|
ip flow ingress
|
||
|
|
ip flow egress
|
||
|
|
ip nat outside
|
||
|
|
ip virtual-reassembly in
|
||
|
|
encapsulation ppp
|
||
|
|
ip tcp adjust-mss 1452
|
||
|
|
dialer pool 1
|
||
|
|
dialer-group 1
|
||
|
|
ppp authentication chap pap callin
|
||
|
|
ppp chap hostname varaks-vols
|
||
|
|
ppp chap password 7 133D3C44122F28290D
|
||
|
|
ppp pap sent-username varaks-vols password 7 003C38501D78270529
|
||
|
|
!
|
||
|
|
router bgp 64525
|
||
|
|
bgp router-id 172.30.30.162
|
||
|
|
bgp log-neighbor-changes
|
||
|
|
bgp graceful-restart
|
||
|
|
aggregate-address 10.8.16.0 255.255.240.0
|
||
|
|
redistribute connected route-map RM_BGP_REDISTR_CON
|
||
|
|
neighbor PG_BGP_OCOD peer-group
|
||
|
|
neighbor PG_BGP_OCOD remote-as 64512
|
||
|
|
neighbor PG_BGP_OCOD next-hop-self
|
||
|
|
neighbor PG_BGP_OCOD soft-reconfiguration inbound
|
||
|
|
neighbor PG_BGP_OCOD route-map RM_BGP_TO_HUB out
|
||
|
|
neighbor PG_BGP_RCOD peer-group
|
||
|
|
neighbor PG_BGP_RCOD remote-as 64513
|
||
|
|
neighbor PG_BGP_RCOD next-hop-self
|
||
|
|
neighbor PG_BGP_RCOD soft-reconfiguration inbound
|
||
|
|
neighbor PG_BGP_RCOD route-map RM_BGP_TO_HUB out
|
||
|
|
neighbor PG_BGP_IPF peer-group
|
||
|
|
neighbor PG_BGP_IPF remote-as 64526
|
||
|
|
neighbor PG_BGP_IPF next-hop-self
|
||
|
|
neighbor PG_BGP_IPF soft-reconfiguration inbound
|
||
|
|
neighbor PG_BGP_IPF prefix-list PFL_FROM_IPF in
|
||
|
|
neighbor PG_BGP_IPF prefix-list PFL_TO_IPF out
|
||
|
|
neighbor PG_BGP_VRS_AKS peer-group
|
||
|
|
neighbor PG_BGP_VRS_AKS remote-as 64553
|
||
|
|
neighbor PG_BGP_VRS_AKS soft-reconfiguration inbound
|
||
|
|
neighbor 172.30.1.1 peer-group PG_BGP_OCOD
|
||
|
|
neighbor 172.30.1.2 peer-group PG_BGP_OCOD
|
||
|
|
neighbor 172.30.1.29 peer-group PG_BGP_IPF
|
||
|
|
neighbor 172.30.1.30 peer-group PG_BGP_IPF
|
||
|
|
neighbor 172.30.1.74 peer-group PG_BGP_VRS_AKS
|
||
|
|
neighbor 172.30.1.75 peer-group PG_BGP_VRS_AKS
|
||
|
|
neighbor 172.30.2.1 peer-group PG_BGP_RCOD
|
||
|
|
neighbor 172.30.2.2 peer-group PG_BGP_RCOD
|
||
|
|
neighbor 172.30.2.29 peer-group PG_BGP_IPF
|
||
|
|
neighbor 172.30.2.30 peer-group PG_BGP_IPF
|
||
|
|
neighbor 172.30.2.74 peer-group PG_BGP_VRS_AKS
|
||
|
|
neighbor 172.30.2.75 peer-group PG_BGP_VRS_AKS
|
||
|
|
neighbor 172.30.30.161 remote-as 64525
|
||
|
|
neighbor 172.30.30.161 next-hop-self
|
||
|
|
neighbor 172.30.30.161 soft-reconfiguration inbound
|
||
|
|
neighbor 172.30.30.163 remote-as 64525
|
||
|
|
neighbor 172.30.30.163 next-hop-self
|
||
|
|
neighbor 172.30.30.163 soft-reconfiguration inbound
|
||
|
|
distance bgp 150 150 150
|
||
|
|
!
|
||
|
|
ip local pool ANYCONNECT_POOL 10.8.20.129 10.8.20.253
|
||
|
|
ip forward-protocol nd
|
||
|
|
!
|
||
|
|
no ip http server
|
||
|
|
no ip http secure-server
|
||
|
|
ip flow-export source GigabitEthernet0/2.300
|
||
|
|
ip flow-export version 5
|
||
|
|
ip flow-export destination 10.4.0.215 9995
|
||
|
|
ip flow-export destination 10.4.0.217 9995
|
||
|
|
ip flow-top-talkers
|
||
|
|
top 10
|
||
|
|
sort-by bytes
|
||
|
|
cache-timeout 20000
|
||
|
|
!
|
||
|
|
ip tftp source-interface GigabitEthernet0/2.300
|
||
|
|
ip nat translation timeout 450
|
||
|
|
ip nat translation tcp-timeout 300
|
||
|
|
ip nat translation pptp-timeout 1800
|
||
|
|
ip nat translation udp-timeout 45
|
||
|
|
ip nat translation dns-timeout 5
|
||
|
|
ip nat translation port-timeout tcp 110 60
|
||
|
|
ip nat translation port-timeout tcp 25 60
|
||
|
|
ip nat translation port-timeout tcp 80 15
|
||
|
|
ip nat translation port-timeout udp 5060 180
|
||
|
|
ip nat translation max-entries all-host 400
|
||
|
|
ip nat inside source route-map ISP_RT interface Dialer1 overload
|
||
|
|
ip nat inside source static tcp 10.8.16.222 4431 78.85.33.50 4431 extendable
|
||
|
|
ip route 0.0.0.0 0.0.0.0 Dialer1
|
||
|
|
ip route 192.168.0.0 255.255.252.0 10.8.21.254
|
||
|
|
ip ssh version 2
|
||
|
|
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
|
||
|
|
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
|
||
|
|
!
|
||
|
|
ip access-list standard ACL_ACCESS_NET
|
||
|
|
permit 192.168.0.0 0.0.3.255
|
||
|
|
permit 10.8.16.0 0.0.1.255
|
||
|
|
permit 10.8.21.0 0.0.0.255
|
||
|
|
ip access-list standard ACL_NTP_SERVERS
|
||
|
|
permit 172.16.254.62
|
||
|
|
deny any
|
||
|
|
!
|
||
|
|
ip access-list extended ACL_FIREWALL
|
||
|
|
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
|
||
|
|
permit udp any eq ntp object-group STATIC_ISP_IP
|
||
|
|
permit icmp any any unreachable
|
||
|
|
permit icmp any any echo-reply
|
||
|
|
permit icmp any any packet-too-big
|
||
|
|
permit icmp any any time-exceeded
|
||
|
|
permit icmp any any traceroute
|
||
|
|
permit icmp any any administratively-prohibited
|
||
|
|
permit icmp any any echo
|
||
|
|
permit object-group SVC_ANYCONNECT any object-group STATIC_ISP_IP
|
||
|
|
permit tcp object-group NET_KOMENERGO object-group STATIC_ISP_IP eq 50001
|
||
|
|
permit tcp host 5.227.120.65 object-group STATIC_ISP_IP eq 50001
|
||
|
|
permit tcp object-group NET_KOMENERGO object-group STATIC_ISP_IP eq 33822
|
||
|
|
permit object-group SVC_EMAIL any object-group STATIC_ISP_IP
|
||
|
|
evaluate reflectedtraffic
|
||
|
|
permit tcp host 178.45.249.116 object-group STATIC_ISP_IP
|
||
|
|
permit udp host 178.45.249.116 object-group STATIC_ISP_IP
|
||
|
|
ip access-list extended ACL_LAN_TO_WAN
|
||
|
|
permit ip any any reflect reflectedtraffic timeout 300
|
||
|
|
!
|
||
|
|
!
|
||
|
|
ip prefix-list PFL_BGP_REDISTR_CON seq 10 permit 10.0.0.0/8 le 24
|
||
|
|
ip prefix-list PFL_BGP_REDISTR_CON seq 20 permit 10.8.20.128/25
|
||
|
|
!
|
||
|
|
ip prefix-list PFL_FROM_IPF seq 10 permit 172.16.23.0/24
|
||
|
|
ip prefix-list PFL_FROM_IPF seq 20 permit 10.8.32.0/21
|
||
|
|
!
|
||
|
|
ip prefix-list PFL_TO_HUB seq 10 permit 10.8.16.0/20
|
||
|
|
!
|
||
|
|
ip prefix-list PFL_TO_IPF seq 10 permit 172.16.3.0/24
|
||
|
|
ip prefix-list PFL_TO_IPF seq 20 permit 10.8.16.0/20
|
||
|
|
ip sla 1
|
||
|
|
icmp-echo 8.8.8.8 source-interface Dialer1
|
||
|
|
threshold 50
|
||
|
|
timeout 2000
|
||
|
|
frequency 3
|
||
|
|
ip sla schedule 1 life forever start-time now
|
||
|
|
ip sla 10
|
||
|
|
icmp-echo 192.5.5.241 source-interface Dialer1
|
||
|
|
threshold 50
|
||
|
|
timeout 2000
|
||
|
|
frequency 3
|
||
|
|
ip sla schedule 10 life forever start-time now
|
||
|
|
kron occurrence EveryDay at 1:30 recurring
|
||
|
|
policy-list SaveBackup
|
||
|
|
!
|
||
|
|
kron policy-list SaveBackup
|
||
|
|
cli write memory
|
||
|
|
!
|
||
|
|
logging trap debugging
|
||
|
|
logging host 192.168.72.34
|
||
|
|
!
|
||
|
|
route-map RM_ROUTE_VIA_ERT permit 10
|
||
|
|
match ip address ACL_ROUTE_VIA_ERT
|
||
|
|
set ip next-hop verify-availability 192.168.1.38 1 track 11
|
||
|
|
!
|
||
|
|
route-map ISP_RT permit 10
|
||
|
|
match ip address ACL_ACCESS_NET
|
||
|
|
match interface Dialer1
|
||
|
|
!
|
||
|
|
route-map RM_BGP_REDISTR_CON permit 10
|
||
|
|
match ip address prefix-list PFL_BGP_REDISTR_CON PFL_TO_IPF
|
||
|
|
!
|
||
|
|
route-map RM_BGP_TO_HUB permit 10
|
||
|
|
match ip address prefix-list PFL_TO_HUB
|
||
|
|
!
|
||
|
|
route-map RM_BGP_FROM_HUB permit 10
|
||
|
|
set local-preference 1000
|
||
|
|
!
|
||
|
|
!
|
||
|
|
snmp-server community public RO
|
||
|
|
snmp-server community lmTUEsk6Yvlv RO
|
||
|
|
!
|
||
|
|
radius server IZH-RDS002
|
||
|
|
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
|
||
|
|
timeout 3
|
||
|
|
retransmit 2
|
||
|
|
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
|
||
|
|
!
|
||
|
|
radius server IZH-RDS003
|
||
|
|
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
|
||
|
|
timeout 3
|
||
|
|
retransmit 2
|
||
|
|
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
|
||
|
|
!
|
||
|
|
!
|
||
|
|
!
|
||
|
|
control-plane
|
||
|
|
!
|
||
|
|
!
|
||
|
|
vstack
|
||
|
|
alias exec q exit
|
||
|
|
!
|
||
|
|
line con 0
|
||
|
|
logging synchronous
|
||
|
|
login authentication CONSOLE
|
||
|
|
speed 115200
|
||
|
|
line aux 0
|
||
|
|
line 2
|
||
|
|
no activation-character
|
||
|
|
no exec
|
||
|
|
transport preferred none
|
||
|
|
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
|
||
|
|
stopbits 1
|
||
|
|
line vty 0 4
|
||
|
|
exec-timeout 120 0
|
||
|
|
privilege level 15
|
||
|
|
logging synchronous
|
||
|
|
length 0
|
||
|
|
transport input ssh
|
||
|
|
line vty 5 15
|
||
|
|
exec-timeout 120 0
|
||
|
|
privilege level 15
|
||
|
|
logging synchronous
|
||
|
|
transport input ssh
|
||
|
|
!
|
||
|
|
scheduler allocate 20000 1000
|
||
|
|
ntp access-group peer ACL_NTP_SERVERS
|
||
|
|
ntp master 3
|
||
|
|
ntp update-calendar
|
||
|
|
ntp server 172.16.254.62 prefer
|
||
|
|
!
|
||
|
|
!
|
||
|
|
webvpn gateway ANYCONNECT-WEBVPN-GATEWAY
|
||
|
|
ip interface GigabitEthernet0/0 port 443
|
||
|
|
ssl encryption 3des-sha1
|
||
|
|
ssl trustpoint VPNPFV_KOMOS_RU
|
||
|
|
logging enable
|
||
|
|
inservice
|
||
|
|
dtls port 3000
|
||
|
|
!
|
||
|
|
webvpn context ANYCONNECT-WEBVPN
|
||
|
|
aaa authentication list sslvpn
|
||
|
|
aaa authorization list sslvpn
|
||
|
|
gateway ANYCONNECT-WEBVPN-GATEWAY
|
||
|
|
!
|
||
|
|
ssl authenticate verify all
|
||
|
|
inservice
|
||
|
|
!
|
||
|
|
policy group WEBVPN_POLICY_ADMINISTRATORS
|
||
|
|
functions svc-enabled
|
||
|
|
svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
|
||
|
|
svc default-domain "varaksino.local"
|
||
|
|
svc rekey method new-tunnel
|
||
|
|
svc dns-server primary 192.168.1.26
|
||
|
|
svc dns-server secondary 192.168.72.59
|
||
|
|
!
|
||
|
|
policy group WEBVPN_POLICY_USERS
|
||
|
|
functions svc-enabled
|
||
|
|
svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
|
||
|
|
svc default-domain "varaksino.local"
|
||
|
|
svc rekey method new-tunnel
|
||
|
|
svc split include 192.168.72.0 255.255.255.192
|
||
|
|
svc dns-server primary 192.168.1.26
|
||
|
|
svc dns-server secondary 192.168.72.59
|
||
|
|
default-group-policy WEBVPN_POLICY_USERS
|
||
|
|
!
|
||
|
|
end
|