pycm1k/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/backup/files/cisco/IZH-MLK-IZM-RT-1-1.txt

1795 lines
54 KiB
Plaintext
Raw Normal View History

first commit
2025-10-31 08:47:26 +04:00
Building configuration...
Current configuration : 54704 bytes
!
! Last configuration change at 14:54:37 SAMT Wed Jul 27 2022 by adm_kapustinal
! NVRAM config last updated at 14:54:38 SAMT Wed Jul 27 2022 by adm_kapustinal
!
version 15.4
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname IZH-MLK-IZM-RT-1-1
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
logging buffered 65536
enable secret 5 $1$QW0D$QYciH.O0GY9GW37Ao2khP1
!
aaa new-model
!
!
aaa group server radius NPS
server name IZH-RDS002
server name P11-RDS003
ip radius source-interface GigabitEthernet0/2.300
load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authentication ppp default local
aaa authorization exec default group NPS local if-authenticated
!
!
!
!
!
aaa session-id common
clock timezone SAMT 4 0
clock calendar-valid
!
!
crypto pki trustpoint TP-self-signed-1393620094
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1393620094
revocation-check none
rsakeypair TP-self-signed-1393620094
!
crypto pki trustpoint GEOTRUST
enrollment terminal pem
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-1393620094
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333933 36323030 3934301E 170D3135 30313032 31353436
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33393336
32303039 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AB01 0C306678 D800981E A071B8E5 BAD877CA 3EA05B1D 3F4D4BB3 98888C61
2774C683 F564E100 B0284F17 E64BECF7 5C37A0C2 5F450AB9 FCE76F3C 355C6213
A0996517 727712D9 0E82CA09 C735E83E 5641ABFC 4B3FC0C8 B341D015 6E1A5F60
027E782D 869D7E46 28BE78C7 5F7BA97E 2A5EE9B9 5C28693A 1255E6DA 9D121C1A
1BA50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14020A66 0B88B3F2 6E048A80 48C0B762 D022D70E 0F301D06
03551D0E 04160414 020A660B 88B3F26E 048A8048 C0B762D0 22D70E0F 300D0609
2A864886 F70D0101 05050003 8181005F B1CB7D90 2E300573 445DEB7E 1117F5DE
F9F7A286 4608E79D F50A82D0 92AD66D7 EF24960C 51939A98 FE64E073 579C740A
C9568D58 1DF5078A 36102592 F5018434 81B3748F 9DAA57BF E88DDC28 6E5D0424
E3904AEC 8D5E870C B3144718 9C7DAEAF 001FE25C 939BF48D 2A7FCF94 85DDFA6E
7630727D 39311D17 18DB7601 70FF74
quit
crypto pki certificate chain GEOTRUST
certificate ca 023A6F
3082044F 30820337 A0030201 02020302 3A6F300D 06092A86 4886F70D 01010B05
00304231 0B300906 03550406 13025553 31163014 06035504 0A130D47 656F5472
75737420 496E632E 311B3019 06035504 03131247 656F5472 75737420 476C6F62
616C2043 41301E17 0D313331 31303532 31333635 305A170D 32323035 32303231
33363530 5A304431 0B300906 03550406 13025553 31163014 06035504 0A130D47
656F5472 75737420 496E632E 311D301B 06035504 03131447 656F5472 75737420
53534C20 4341202D 20473330 82012230 0D06092A 864886F7 0D010101 05000382
010F0030 82010A02 82010100 E3BE7E0A 86A3CF6B 6D3D2BA1 97AD4924 4DD777B9
347908A5 9EA29EDE 4712923D 7EEA1986 B1E84F3D 5FF7D0A7 779A5B1F 0A03B519
53DBA521 9469639D 6A4C910C 1047BE11 FA6C8625 B7AB0468 42380965 F014DA19
9EFA6B0B AB62EF8D A7EF6370 23A8AF81 F3D16E88 6753EC12 A429758A A7F2573D
A2839897 F20A7DD4 E7436E30 78622259 59B87127 45AA0F66 C6553FFA 32172B31
8F46A0FA 69147C9D 9F5AE2EB 334E10A6 B3ED7763 D8C39EF4 DDDF799A 7AD4EEDE
DD9ACCC3 B7A95DCC 113A07BB 6F97A401 2347951F A377FA58 92C6C7D0 BDCF9318
42B77EF7 9E65EAD5 3BCAEDAC C570A1FE D4109AF0 120444AC 1A5B7850 45574C6F
BD80CB81 5C2DB3BC 76A11E65 02030100 01A38201 4A308201 46301F06 03551D23
04183016 8014C07A 98688D89 FBAB0564 0C117DAA 7D65B8CA CC4E301D 0603551D
0E041604 14D26FF7 96F4853F 723C307D 23DA8578 9BA37C5A 7C301206 03551D13
0101FF04 08300601 01FF0201 00300E06 03551D0F 0101FF04 04030201 06303606
03551D1F 042F302D 302BA029 A0278625 68747470 3A2F2F67 312E7379 6D63622E
636F6D2F 63726C73 2F677467 6C6F6261 6C2E6372 6C302F06 082B0601 05050701
01042330 21301F06 082B0601 05050730 01861368 7474703A 2F2F6732 2E73796D
63622E63 6F6D304C 0603551D 20044530 43304106 0A608648 0186F845 01073630
33303106 082B0601 05050702 01162568 7474703A 2F2F7777 772E6765 6F747275
73742E63 6F6D2F72 65736F75 72636573 2F637073 30290603 551D1104 223020A4
1E301C31 1A301806 03550403 13115379 6D616E74 6563504B 492D312D 35333930
0D06092A 864886F7 0D01010B 05000382 010100A0 D4F72CFB 740B7F64 F1CD436A
9F62531C 027C9890 A2EE4F68 D4201A73 123E77B3 50EB72BC EE88BE7F 17EA778F
8361954F 84A1CB32 4F6C21BE D269967D 63BDDC2B A81FD013 8470FEF6 359589F9
A677B046 C8BBB713 F5C96069 D64CFED2 8EEFD360 C18080E1 E7FB8B6F 21794AE0
DCA91BC1 B7FBC349 595CB577 0744D497 FC490089 6F064E01 7019AC2F 11C0E2E6
0F2F864B 8D7BC3B9 A72EF4F1 AC163E39 49519E17 4B4F103A 5BA5A892 6FFDFAD6
0B034D47 565719F3 CB6BF5F3 D6CFB0F5 F5A311D2 20531334 37052C43 5A63DF8D
40D6851E 51E95117 1E0356C9 F130ADE7 9B11A2B9 D031819B 68B1D9E8 F3E6947E
C7AE132F 87EDD025 B068F9DE 085AF329 CCD492
quit
!
!
!
!
!
!
!
!
!
!
!
!
!
ip flow-cache timeout inactive 60
ip flow-cache timeout active 5
no ip domain lookup
ip domain name milkom-komos.ru
ip host tftp 10.4.0.214
ip inspect tcp reassembly queue length 128
ip inspect tcp reassembly timeout 10
ip inspect name Internet tcp router-traffic
ip inspect name Internet udp
ip inspect name Internet icmp router-traffic
ip dhcp-server 10.10.1.254
ip cef
login on-failure log
login on-success log
no ipv6 cef
!
!
flow exporter NAT_FLOW
destination 10.4.0.214
transport udp 2055
!
!
flow monitor NAT_FLOW
exporter NAT_FLOW
record netflow-original
!
!
multilink bundle-name authenticated
!
vpdn enable
vpdn session-limit 5000
!
vpdn-group L2TP_PRIMARY
! Default L2TP VPDN group
description Primary L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
no virtual-template subinterface
cts logging verbose
license udi pid C3900-SPE100/K9 sn FOC18513F2G
license boot module c3900 technology-package securityk9
!
!
archive
log config
logging enable
logging size 900
notify syslog contenttype plaintext
hidekeys
path tftp://tftp/IZH/3925/$H-$T
write-memory
time-period 10080
object-group network GRE_SRC_IP
host 31.173.105.66
host 85.140.32.30
host 78.85.13.52
host 46.146.210.68
host 178.161.175.54
host 83.69.126.54
host 78.138.171.82
host 78.85.13.165
host 185.62.195.150
host 185.6.175.101
host 31.173.105.58
host 85.140.32.28
host 78.85.13.53
host 85.140.32.29
host 31.173.105.62
host 37.113.128.241
host 85.140.32.166
host 31.173.105.46
host 78.85.35.164
host 178.47.128.18
host 94.138.150.1
host 178.47.128.98
host 5.227.125.114
host 82.142.146.70
!
object-group network HEADLINE_IP
host 87.249.247.80
!
object-group network LAINER_TELECOM
host 87.249.224.136
host 87.249.231.218
host 87.249.244.255
!
object-group network OBJ_BBN_RN_BBN
host 85.140.32.104
host 78.85.13.205
!
object-group network OBJ_BBN_VST_BBN
host 85.140.32.103
host 83.169.220.204
!
object-group network OBJ_IZH_MLK_IZM
host 85.140.32.27
host 78.85.13.42
host 5.227.126.169
host 31.173.105.54
host 217.14.195.253
host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11
91.240.179.0 255.255.255.0
host 5.227.124.143
host 78.85.13.93
host 62.141.96.126
host 84.201.247.190
host 88.80.33.50
host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM
host 5.227.124.82
host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44
host 212.46.204.74
host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48
host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR
host 87.249.239.226
host 88.80.33.42
!
object-group network OBJ_MZH_TK_TKM
host 88.80.32.230
host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG
host 95.215.208.240
host 146.120.104.235
host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21
host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP
host 92.61.17.250
!
object-group network OBJ_MSK_KG_MSK
host 185.62.195.150
host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK
host 31.173.105.62
host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK
host 83.69.126.54
host 94.180.253.210
host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS
host 31.173.105.66
host 78.85.13.52
host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK
host 178.47.128.18
host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM
host 31.173.105.58
host 78.85.13.53
host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK
host 37.113.128.241
host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ
host 78.85.13.94
host 146.120.104.181
!
object-group network OBJ_YAN_GKZ_YEL
host 77.94.97.222
host 213.87.197.29
!
object-group network OBJ_KIA_RN_KIA
host 78.85.14.97
!
object-group network OBJ_KGB_RN_KGB
host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH
host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI
host 78.85.13.167
!
object-group network OBJ_URN_RN_URN
host 78.85.20.49
!
object-group network OBJ_IZH_TZK_TZK
host 78.25.80.134
host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17
host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI
host 78.85.15.85
host 84.201.247.24
host 79.175.36.97
host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB
host 62.168.232.182
host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56
host 83.143.54.246
host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM
host 85.140.32.177
host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF
host 95.215.208.234
host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF
host 85.140.32.141
host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV
host 85.140.32.178
host 94.181.119.90
host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF
host 78.85.13.118
host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF
host 178.47.130.10
host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF
host 178.205.241.114
host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL
host 5.227.124.130
host 78.85.34.99
host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH
host 88.80.33.250
host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA
host 85.140.32.24
host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB
host 78.85.37.88
host 88.80.33.154
host 78.85.13.165
!
object-group network OBJ_SAR_VST_SMK
host 78.85.19.93
host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK
host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM
host 89.232.91.106
host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB
host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL
host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB
host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61
host 84.201.247.32
host 88.80.33.194
!
object-group network OBJ_KUN_KMK_B2
94.138.150.0 255.255.255.0
host 178.47.138.134
!
object-group network OBJ_KUN_KMK_H80
host 178.161.207.26
host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9
host 178.47.128.98
host 195.69.159.2
!
object-group network OBJ_IZH_HLA_UHK
host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17
host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17
85.140.32.64 255.255.255.252
host 85.140.32.63
host 85.140.32.68
!
object-group network OBJ_IZH_KLS_P20
host 5.227.125.114
!
object-group network OBJ_IZH_KI_VOR158
host 46.147.130.59
host 5.227.125.126
!
object-group network OBJ_OTHER
host 78.85.21.21
host 78.85.13.165
host 78.85.13.167
host 78.85.13.166
host 78.85.13.205
host 78.85.13.201
host 78.85.13.107
host 78.85.13.106
!
object-group network OBJ_SPB_KG_SPB
host 62.141.114.190
host 94.72.27.43
!
object-group network OBJ_BRANCHES
group-object OBJ_IZH_MLK_IZM
group-object OBJ_IZH_KG_P11
group-object OBJ_IZH_VST_IZM
group-object OBJ_IZH_TK_M44
group-object OBJ_IZH_TK_M48
group-object OBJ_IZH_TK_SMR
group-object OBJ_MZH_TK_TKM
group-object OBJ_GLZ_TK_TKG
group-object OBJ_IZH_TK_M21
group-object OBJ_IZH_HLA_PP
group-object OBJ_MSK_KG_MSK
group-object OBJ_GLZ_MLK_GMK
group-object OBJ_KZN_MLK_KMK
group-object OBJ_KEZ_MLK_KZS
group-object OBJ_PRM_MLK_PHK
group-object OBJ_SAR_MLK_SRM
group-object OBJ_CLB_MLK_CMK
group-object OBJ_GLZ_GKZ_GKZ
group-object OBJ_YAN_GKZ_YEL
group-object OBJ_KIA_RN_KIA
group-object OBJ_BBN_RN_BBN
group-object OBJ_KGB_RN_KGB
group-object OBJ_NCH_RN_NCH
group-object OBJ_PRI_RN_PRI
group-object OBJ_URN_RN_URN
group-object OBJ_IZH_TZK_TZK
group-object OBJ_IZH_MK_VS17
group-object OBJ_IZH_KL_KLI
group-object OBJ_EKB_KG_EKB
group-object OBJ_IZH_KEN_VS56
group-object OBJ_IZH_VRS_IZM
group-object OBJ_GLZ_VRS_UPF
group-object OBJ_IZH_VRS_IPF
group-object OBJ_IZH_VRS_PFV
group-object OBJ_VOT_VRS_VPF
group-object OBJ_PRM_VRS_MPF
group-object OBJ_LAI_VRS_DPF
group-object OBJ_ITL_VST_ITL
group-object OBJ_MZH_VST_MZH
group-object OBJ_KIA_VST_KIA
group-object OBJ_KGB_VST_KBB
group-object OBJ_SAR_VST_SMK
group-object OBJ_KNK_VST_KMK
group-object OBJ_BBN_VST_BBN
group-object OBJ_SHM_TMA_SHM
group-object OBJ_MSB_TMA_MSB
group-object OBJ_EVL_TMA_EVL
group-object OBJ_KIB_TMA_KIB
group-object OBJ_IZH_KM_S61
group-object OBJ_KUN_KMK_B2
group-object OBJ_KUN_KMK_H80
group-object OBJ_KUN_KMK_CH9
group-object OBJ_IZH_HLA_UHK
group-object OBJ_IZH_VD_VS17
group-object OBJ_IZH_KS_H17
group-object OBJ_IZH_KLS_P20
group-object OBJ_IZH_KI_VOR158
group-object OBJ_OTHER
group-object OBJ_SPB_KG_SPB
!
object-group network OBJ_NET_BLACKLIST
host 167.160.182.20
!
object-group network OBJ_NET_CISCOASA
host 91.240.179.28
host 91.240.179.29
host 91.240.179.30
host 91.240.179.62
host 91.240.179.63
host 91.240.179.64
!
object-group network OBJ_PART_SELECTEL
host 185.137.232.142
!
object-group network OBJ_PART_HTC
host 95.213.184.82
host 185.137.232.142
host 178.208.83.31
host 37.46.131.147
host 5.227.124.141
host 195.19.101.162
host 194.150.91.170
group-object OBJ_PART_SELECTEL
!
object-group network OBJ_NET_FTP_USERS
host 87.249.244.215
host 78.85.17.101
host 78.85.37.100
host 77.245.121.45
host 89.148.228.140
host 212.33.246.21
host 84.201.247.66
host 91.210.192.253
host 78.85.24.16
host 78.85.16.19
host 78.85.17.47
host 91.210.192.180
host 194.79.33.154
host 78.85.32.117
host 212.48.53.102
host 94.181.119.163
host 146.120.104.227
host 80.76.238.38
host 77.41.138.22
91.240.179.0 255.255.255.0
host 213.87.94.94
host 78.85.28.78
host 86.109.199.218
host 178.161.170.218
host 94.181.119.90
host 78.25.80.122
host 92.55.34.57
host 176.9.88.238
host 78.85.99.241
94.138.150.0 255.255.255.0
host 194.150.90.20
host 94.51.91.50
group-object OBJ_PART_HTC
host 95.213.184.82
host 185.137.232.142
host 178.208.83.31
host 37.46.131.147
host 5.227.124.141
host 195.19.101.162
host 194.150.91.170
group-object OBJ_PART_SELECTEL
!
object-group network OBJ_PART_Goods4Cust
description Makarov N
host 109.236.69.166
host 195.209.60.66
!
object-group network OBJ_PART_HEADLINE
host 87.249.247.80
!
object-group network OBJ_PART_ROSA
description Naydenov
host 217.114.154.92
!
object-group network OBJ_SRV_IRONPORT
host 91.240.179.26
host 91.240.179.27
!
object-group network OBJ_SRV_SKYPE
host 91.240.179.37
host 91.240.179.38
host 91.240.179.39
!
object-group service OBJ_SVC_ANY_CONNECT
tcp eq 443
udp eq 443
!
object-group service OBJ_SVC_FTP
tcp eq ftp
tcp eq ftp-data
tcp range 50000 65535
!
object-group network OBJ_SVC_KSMG
host 91.240.179.73
host 91.240.179.74
!
object-group service OBJ_SVC_L2TP
udp eq isakmp
udp eq non500-isakmp
udp eq 1701
tcp eq 1701
esp
!
object-group service OBJ_SVC_SFB
tcp eq 443
tcp eq 5061
udp eq domain
udp eq 3478
!
object-group service OBJ_SVC_VIPole
udp range 3000 9000
tcp eq 37210
tcp eq 37212
tcp eq 443
!
object-group service SERVICE_L2TP
udp eq isakmp
udp eq non500-isakmp
udp eq 1701
tcp eq 1701
esp
!
object-group service SERVICE_PPTP
tcp eq 1723
gre
!
object-group network STATIC_ISP_IP
host 217.14.195.253
host 85.175.86.74
!
username netadmin privilege 15 secret 5 $1$CIDn$gX5vG9z8lk1YswXnLsl8c1
!
redundancy
!
!
!
bfd-template single-hop BFD-KOMOS
interval min-tx 500 min-rx 500 multiplier 3
!
!
!
track 1 ip sla 1 reachability
delay down 10 up 5
!
track 2 ip sla 2 reachability
delay down 10 up 5
!
track 3 ip sla 3 reachability
delay down 10 up 5
!
track 4 ip sla 4 reachability
delay down 10 up 5
!
track 5 ip sla 5 reachability
delay down 10 up 5
!
track 6 ip sla 6 reachability
delay down 10 up 5
!
track 10 list boolean or
object 1
object 2
object 3
object 4
object 5
object 6
delay down 5 up 30
!
track 11 ip sla 11 reachability
delay down 10 up 5
!
track 12 ip sla 12 reachability
delay down 10 up 5
!
track 13 ip sla 13 reachability
delay down 10 up 5
!
track 14 ip sla 14 reachability
delay down 10 up 5
!
track 15 ip sla 15 reachability
delay down 10 up 5
!
track 16 ip sla 16 reachability
delay down 10 up 5
!
track 20 list boolean or
object 11
object 12
object 13
object 14
object 15
object 16
delay down 5 up 30
!
track 200 list boolean or
object 202
object 203
delay down 5 up 30
!
track 202 ip sla 202 reachability
delay down 10 up 5
!
track 203 ip sla 203 reachability
!
ip ssh authentication-retries 2
ip ssh version 2
!
class-map match-any CM_QOS_Q2
match dscp cs2 af21 af22 af23
match access-group name ACL_QOS_Q2
class-map match-all CM_QOS_Q3
match dscp cs3 af31 af32 af33
class-map match-all CM_QOS_Q4
match dscp cs4 af41 af42 af43
class-map match-any CM_QOS_IPSEC-ESP
match access-group name ACL_QOS_ESP
!
policy-map PM_TEST_ARR_ADAP
class class-default
shape average 5000000
policy-map PM_QOS_IN
class CM_QOS_Q2
set dscp cs2
policy-map PM_QOS_GLOBAL_OUT
class CM_QOS_IPSEC-ESP
police 80000000
class CM_QOS_Q3
class CM_QOS_Q4
class CM_QOS_Q2
!
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 500
!
crypto isakmp policy 30
encr aes 256
authentication pre-share
group 14
!
crypto isakmp policy 40
encr aes 256
authentication pre-share
group 2
!
crypto isakmp policy 50
encr aes
authentication pre-share
group 2
crypto isakmp key F5BfdOazun4M address 82.142.146.70
crypto isakmp key fjhJSHpUcnqbpGfI address 0.0.0.0 no-xauth
crypto isakmp keepalive 20
!
crypto ipsec security-association replay disable
!
crypto ipsec transform-set L2TP_PRIMARY_TR esp-3des esp-sha-hmac
mode transport
crypto ipsec transform-set tr-3des esp-3des
mode tunnel
crypto ipsec transform-set ipsec-transform esp-3des esp-md5-hmac
mode transport require
crypto ipsec transform-set ipsec-transform-aes esp-aes esp-md5-hmac
mode transport require
crypto ipsec transform-set TS-BEECLOUD esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec transform-set TS_GREIPSEC esp-aes 256 esp-sha-hmac
mode transport require
crypto ipsec df-bit clear
!
crypto ipsec profile GRE_IPSEC
set transform-set TS_GREIPSEC
set pfs group2
!
crypto ipsec profile PF-BEECLOUD
set transform-set TS-BEECLOUD
set pfs group14
!
!
crypto ipsec profile gre-gre-3des
set transform-set ipsec-transform
!
!
crypto dynamic-map L2TP_PRIMARY_DMAP 10
set nat demux
set transform-set L2TP_PRIMARY_TR
!
!
crypto map L2TP_PRIMARY_MAP 10 ipsec-isakmp dynamic L2TP_PRIMARY_DMAP
!
!
!
!
!
interface Loopback111
description MGM
ip address 10.111.12.1 255.255.255.255
ip nat outside
ip virtual-reassembly in
!
interface Tunnel31
description KGR-KUMK-KUMK-RT-1-1
ip address 172.30.31.5 255.255.255.252
ip access-group ACL_FROM_KUMK in
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/1
tunnel destination 94.138.150.1
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel32
description KGR-PRM
ip address 172.30.31.9 255.255.255.252
ip access-group ACL_FROM_KUMK in
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/1
tunnel destination 178.47.128.98
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel45
description KKB-KY-01-SW1
bandwidth 100000
ip address 10.4.50.21 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 5 5
tunnel source GigabitEthernet0/1
tunnel destination 78.85.13.165
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel52
description SRSCL-KY-01-SW1
bandwidth 100000
ip address 10.70.70.118 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 5 5
tunnel source 217.14.195.253
tunnel destination 85.140.32.166
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel54
description KZG-KY-01-SW1
bandwidth 100000
ip address 10.70.70.126 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 217.14.195.253
tunnel destination 31.173.105.46
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel56
description STR-KY-01-SW1
bandwidth 100000
ip address 10.70.70.142 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
load-interval 30
keepalive 5 5
tunnel source 217.14.195.253
tunnel destination 78.85.35.164
tunnel protection ipsec profile gre-gre-3des
service-policy output PM_TEST_ARR_ADAP
!
interface Tunnel101
description IZH-KI-VOR158-RT-1-1
bandwidth 80000
ip address 10.4.50.5 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/1
tunnel destination 46.147.130.59
tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel102
description IZH-KI-VOR158-RT-1-2
bandwidth 96000
ip address 10.4.50.9 255.255.255.252
no ip redirects
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/1
tunnel destination 5.227.125.126
tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel103
description BeeCLOUD
ip address 10.4.50.13 255.255.255.252
no ip redirects
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel destination 82.142.146.70
tunnel protection ipsec profile PF-BEECLOUD
!
interface Tunnel111
description [CORE] iBGP Transit to P11
bandwidth 200000
ip address 172.30.32.21 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip tcp adjust-mss 1360
ip ospf mtu-ignore
keepalive 10 3
bfd template BFD-KOMOS
tunnel source GigabitEthernet0/2.300
tunnel destination 10.1.1.2
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description [ISP-200M] Rostelecom
bandwidth 200000
ip address 85.175.86.74 255.255.255.252
ip access-group ACL_FW_IN in
ip flow ingress
ip flow egress
ip nat outside
ip inspect Internet out
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description [ISP-100M] MarkITT
ip address 217.14.195.253 255.255.255.252
ip access-group FIREWALL in
ip nat outside
ip inspect Internet out
ip virtual-reassembly in
duplex auto
speed auto
service-policy output PM_QOS_GLOBAL_OUT
!
interface GigabitEthernet0/2
no ip address
ip nat inside
ip virtual-reassembly in
media-type sfp
service-policy input PM_QOS_IN
!
interface GigabitEthernet0/2.300
encapsulation dot1Q 300
ip address 10.4.254.251 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.551
description --TRANSIT_HSRP--
encapsulation dot1Q 551
ip address 10.4.239.18 255.255.255.240
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
standby 1 ip 10.4.239.17
standby 1 priority 110
standby 1 preempt
standby 1 track 20 decrement 10
ip policy route-map GLOBAL-ROUTING
!
interface GigabitEthernet0/2.556
description iBGP KOMOS_AS over ER-Telecom
encapsulation dot1Q 556
ip address 172.30.32.13 255.255.255.252
ip nat outside
ip virtual-reassembly in
bfd template BFD-KOMOS
!
interface GigabitEthernet0/2.557
description iBGP KOMOS_AS over MTS
encapsulation dot1Q 557
ip address 172.30.32.17 255.255.255.252
ip nat outside
ip virtual-reassembly in
bfd template BFD-KOMOS
!
interface GigabitEthernet0/2.597
description --BGP_TRANSIT--
encapsulation dot1Q 597
ip address 172.30.30.60 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
bfd interval 50 min_rx 50 multiplier 3
!
interface Virtual-Template1
ip address 10.10.14.254 255.255.255.0
ip mtu 1400
ip nat inside
ip virtual-reassembly in
ip ospf network point-to-point
peer default ip address pool DHCP-L2TP-PRIMARY
no keepalive
ppp encrypt mppe auto
ppp authentication ms-chap-v2
!
router ospf 111
router-id 10.111.12.1
auto-cost reference-bandwidth 10000
passive-interface default
no passive-interface GigabitEthernet0/2.556
no passive-interface GigabitEthernet0/2.557
no passive-interface Tunnel111
network 10.111.12.1 0.0.0.0 area 0
network 172.30.32.0 0.0.0.255 area 0
bfd all-interfaces
!
router bgp 199014
bgp router-id 85.175.86.74
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA local-as 64512 no-prepend replace-as
neighbor PG_IZH-KI-VOR158 peer-group
neighbor PG_IZH-KI-VOR158 remote-as 64555
neighbor PG_IZH-KI-VOR158 local-as 64512 no-prepend replace-as
neighbor PG_MIKROTIK_OTHER peer-group
neighbor PG_MIKROTIK_OTHER remote-as 65503
neighbor PG_MIKROTIK_OTHER local-as 64512 no-prepend replace-as
neighbor 10.4.50.6 peer-group PG_IZH-KI-VOR158
neighbor 10.4.50.10 peer-group PG_IZH-KI-VOR158
neighbor 10.4.50.14 remote-as 64554
neighbor 10.4.50.14 local-as 64512 no-prepend replace-as
neighbor 10.4.50.14 description BEECLOUD
neighbor 10.4.50.22 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 10.70.70.117 peer-group PG_MIKROTIK_OTHER
neighbor 10.70.70.117 description SAR-MLK-SIG-RT-1-1
neighbor 10.70.70.125 peer-group PG_MIKROTIK_OTHER
neighbor 10.70.70.125 description --KEZ_AUTOKOLONNA--
neighbor 10.70.70.141 peer-group PG_MIKROTIK_OTHER
neighbor 10.70.70.141 description STR-KY-01-SW1
neighbor 10.111.13.1 remote-as 199014
neighbor 10.111.13.1 description iBGP to P11
neighbor 10.111.13.1 update-source Loopback111
neighbor 85.175.86.73 remote-as 12389
neighbor 85.175.86.73 description Rostelecom
neighbor 172.30.30.55 remote-as 64512
neighbor 172.30.30.55 description IZH-MLK-IZM-SW-1-1_Huawei
neighbor 172.30.30.62 remote-as 64512
neighbor 172.30.30.62 description --IZH-MLK-IZM-SW-1-1--
neighbor 172.30.31.6 remote-as 65504
neighbor 172.30.31.6 local-as 64512 no-prepend replace-as
neighbor 172.30.31.6 description KGR-KUMK-KUMK-RT-1-1
neighbor 172.30.31.10 remote-as 65505
neighbor 172.30.31.10 local-as 64512 no-prepend replace-as
neighbor 172.30.31.10 description KGR-KUMK-PRM-RT-1-1
!
address-family ipv4
network 10.4.50.4 mask 255.255.255.252
network 10.4.50.8 mask 255.255.255.252
network 10.4.50.20 mask 255.255.255.252
network 10.70.70.116 mask 255.255.255.252
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA prefix-list PFL_FROM_RUSSIAN_NIVA in
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA prefix-list PFL_TO_RUSSIAN_NIVA out
neighbor PG_IZH-KI-VOR158 next-hop-self
neighbor PG_IZH-KI-VOR158 soft-reconfiguration inbound
neighbor PG_IZH-KI-VOR158 route-map RM_TO_IZH-KI-VOR158 out
neighbor PG_MIKROTIK_OTHER next-hop-self
neighbor PG_MIKROTIK_OTHER soft-reconfiguration inbound
neighbor PG_MIKROTIK_OTHER route-map RM_MIKROT_OTHER_OUT out
neighbor 10.4.50.6 activate
neighbor 10.4.50.10 activate
neighbor 10.4.50.14 activate
neighbor 10.4.50.14 soft-reconfiguration inbound
neighbor 10.4.50.14 route-map RM_FROM_BEECLOUD in
neighbor 10.4.50.14 route-map RM_TO_BEECLOUD out
neighbor 10.4.50.22 activate
neighbor 10.70.70.117 activate
neighbor 10.70.70.125 activate
neighbor 10.70.70.141 activate
neighbor 10.111.13.1 activate
neighbor 10.111.13.1 next-hop-self all
neighbor 10.111.13.1 route-map RM_KOMOS_AS in
neighbor 10.111.13.1 route-map RM_KOMOS_AS out
neighbor 85.175.86.73 activate
neighbor 85.175.86.73 route-map RM_ROSTELECOM_IN in
neighbor 85.175.86.73 route-map RM_ROSTELECOM_OUT out
neighbor 172.30.30.55 activate
neighbor 172.30.30.55 soft-reconfiguration inbound
neighbor 172.30.30.55 route-map RM_LOCAL_IN in
neighbor 172.30.30.55 route-map RM_LOCAL_OUT out
neighbor 172.30.30.62 activate
neighbor 172.30.30.62 soft-reconfiguration inbound
neighbor 172.30.30.62 route-map RM_LOCAL_IN in
neighbor 172.30.30.62 route-map RM_LOCAL_OUT out
neighbor 172.30.31.6 activate
neighbor 172.30.31.6 route-map RM_FROM_KUMK in
neighbor 172.30.31.6 route-map RM_TO_KUMK out
neighbor 172.30.31.10 activate
neighbor 172.30.31.10 route-map RM_FROM_KUMK in
neighbor 172.30.31.10 route-map RM_TO_KUMK out
distance bgp 150 150 150
exit-address-family
!
ip local policy route-map PBR_LP
ip local pool DHCP-L2TP-PRIMARY 10.10.14.21 10.10.14.253
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip flow-export source GigabitEthernet0/2.300
ip flow-export version 5
ip flow-export destination 10.4.0.215 9995
ip flow-export destination 10.4.0.217 9995
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 20000
!
ip nat translation timeout 450
ip nat translation tcp-timeout 300
ip nat translation pptp-timeout 1800
ip nat translation udp-timeout 310
ip nat translation dns-timeout 5
ip nat translation routemap-entry-timeout 300
ip nat translation icmp-timeout 10
ip nat translation port-timeout tcp 110 60
ip nat translation port-timeout tcp 25 60
ip nat translation port-timeout tcp 80 300
ip nat translation port-timeout tcp 443 300
ip nat translation port-timeout udp 5060 300
ip nat translation max-entries all-host 400
ip nat translation max-entries host 10.4.7.5 400
ip nat translation max-entries host 10.4.7.4 400
ip nat translation max-entries host 10.4.7.6 400
ip nat translation max-entries host 192.168.8.71 400
ip nat translation max-entries host 192.168.8.72 400
ip nat translation max-entries host 10.4.38.1 1000
ip nat translation max-entries host 192.168.8.73 400
ip nat translation max-entries host 192.168.8.74 400
ip nat translation max-entries host 192.168.8.75 400
ip nat translation max-entries host 192.168.8.77 400
ip nat translation max-entries host 10.4.0.172 1000
ip nat translation max-entries host 192.168.8.163 400
ip nat pool NAT_FTP4 192.168.8.138 192.168.8.138 netmask 255.255.255.0 type rotary
ip nat inside source route-map ISP_MARK interface GigabitEthernet0/1 overload
ip nat inside source route-map ISP_RT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.8.225 4443 85.175.86.74 4443 extendable
ip nat inside source static tcp 192.168.8.225 4443 85.175.86.74 4444 extendable
ip nat inside source static tcp 10.4.38.2 80 91.240.179.36 80 extendable
ip nat inside source static tcp 10.4.38.2 443 91.240.179.36 443 extendable
ip nat inside source static 10.4.38.1 91.240.179.48
ip nat inside source static 10.4.38.21 91.240.179.73
ip nat inside source static 10.4.38.22 91.240.179.74
ip nat inside source static 10.4.0.184 91.240.179.131
ip nat inside source static 10.4.0.120 91.240.179.133
ip nat inside source static 10.4.8.8 91.240.179.240
ip nat inside source static tcp 10.4.0.9 21 217.14.195.253 21 extendable
ip nat inside source static tcp 10.4.7.12 25 217.14.195.253 25 extendable
ip nat inside source static tcp 10.4.7.12 110 217.14.195.253 110 extendable
ip nat inside source static tcp 10.4.7.12 143 217.14.195.253 143 extendable
ip nat inside source static tcp 10.4.0.172 443 217.14.195.253 443 extendable
ip nat inside source static tcp 10.4.7.12 993 217.14.195.253 993 extendable
ip nat inside source static tcp 10.4.0.178 3389 217.14.195.253 3389 extendable
ip nat inside source static tcp 192.168.8.29 1194 217.14.195.253 3394 extendable
ip nat inside source static tcp 192.168.8.225 4443 217.14.195.253 4443 extendable
ip nat inside source static tcp 192.168.8.225 4443 217.14.195.253 4444 extendable
ip nat inside source static tcp 192.168.8.228 3389 217.14.195.253 4446 extendable
ip nat inside source static tcp 192.168.8.177 3389 217.14.195.253 4494 extendable
ip nat inside source static tcp 192.168.9.100 7010 217.14.195.253 7010 extendable
ip nat inside source static tcp 192.168.9.100 7011 217.14.195.253 7011 extendable
ip nat inside source static tcp 192.168.9.101 7020 217.14.195.253 7020 extendable
ip nat inside source static tcp 192.168.9.101 7021 217.14.195.253 7021 extendable
ip nat inside source static tcp 192.168.9.102 7030 217.14.195.253 7030 extendable
ip nat inside source static tcp 192.168.9.102 7031 217.14.195.253 7031 extendable
ip nat inside source static tcp 192.168.9.103 7040 217.14.195.253 7040 extendable
ip nat inside source static tcp 192.168.9.103 7041 217.14.195.253 7041 extendable
ip nat inside source static tcp 192.168.9.104 7050 217.14.195.253 7050 extendable
ip nat inside source static tcp 192.168.9.104 7051 217.14.195.253 7051 extendable
ip nat inside source static tcp 192.168.9.105 7060 217.14.195.253 7060 extendable
ip nat inside source static tcp 192.168.9.105 7061 217.14.195.253 7061 extendable
ip nat inside source static tcp 172.30.35.254 7789 217.14.195.253 7789 extendable
ip nat inside source static tcp 172.17.100.1 8081 217.14.195.253 8081 extendable
ip nat inside source static tcp 172.17.100.1 8082 217.14.195.253 8082 extendable
ip nat inside source static tcp 172.17.100.5 8081 217.14.195.253 8087 extendable
ip nat inside source static tcp 172.17.100.5 8082 217.14.195.253 8088 extendable
ip nat inside source static tcp 10.4.7.17 22 217.14.195.253 8089 extendable
ip nat inside source static tcp 10.4.7.17 80 217.14.195.253 8090 extendable
ip nat inside source static tcp 10.4.7.17 8081 217.14.195.253 8091 extendable
ip nat inside source static tcp 10.4.7.17 8082 217.14.195.253 8092 extendable
ip nat inside source static tcp 192.168.8.176 3389 217.14.195.253 56548 extendable
ip nat inside source static tcp 192.168.8.159 3389 217.14.195.253 56549 extendable
ip nat inside source static tcp 192.168.8.138 21 217.14.195.253 58000 extendable
ip nat inside source static tcp 192.168.8.187 3389 217.14.195.253 59136 extendable
ip nat inside destination list ACL_FTP4 pool NAT_FTP4
ip route 0.0.0.0 0.0.0.0 217.14.195.254 90 name --MARK--
ip route 0.0.0.0 0.0.0.0 85.175.86.73 100 name --RT--
ip route 5.227.125.126 255.255.255.255 78.85.13.1
ip route 10.15.72.0 255.255.255.0 10.4.50.14
ip route 10.111.0.21 255.255.255.255 172.30.30.62 name LO-P11-RT-1-1
ip route 91.240.179.0 255.255.255.0 Null0 254 name KOMOS_PI
ip route 172.30.35.254 255.255.255.255 10.4.239.22 200 name --MIKROTIK_VPN--
ip route 192.168.8.225 255.255.255.255 10.4.239.22 100 name VREMENNO!!!!!!
ip route 192.168.101.152 255.255.255.248 10.70.70.141 200 name --STROYLANDIYA_SARAPUL--
!
ip access-list standard ACL_NAT_ATERISK
permit 172.17.100.1
permit 172.17.100.5
ip access-list standard ACL_NAT_PET_PRODACTION
permit 10.4.37.1
ip access-list standard ACL_NAT_SRV
permit 10.4.3.0 0.0.0.255
permit 10.4.6.0 0.0.0.255
ip access-list standard ACL_NAT_Wi-Fi
permit 10.4.32.0 0.0.0.255
permit 10.4.35.0 0.0.0.255
permit 10.4.255.0 0.0.0.255
permit 10.4.252.0 0.0.0.255
ip access-list standard NOBEL_USERS
permit 10.5.208.0 0.0.7.255
!
ip access-list extended ACL_CREATIO
permit ip host 10.4.0.123 any
ip access-list extended ACL_EXCHANGE_KG
permit ip host 10.4.38.3 any
ip access-list extended ACL_FOR_LP_MARK
permit ip host 217.14.195.253 any
ip access-list extended ACL_FOR_LP_RT
permit ip host 78.85.13.95 any
permit gre host 78.85.13.95 any
permit esp host 78.85.13.95 any
ip access-list extended ACL_FROM_KUMK
deny tcp any any eq 445
permit ip host 172.30.31.10 host 172.30.31.9
permit ip host 172.30.31.6 host 172.30.31.5
permit icmp 10.12.1.0 0.0.0.255 any
permit icmp 10.12.0.0 0.0.0.255 any
permit ip 10.12.1.0 0.0.0.255 10.1.9.0 0.0.0.255
permit ip 10.12.1.0 0.0.0.255 host 10.1.9.207
permit ip 10.12.1.0 0.0.0.255 host 192.168.8.137
permit ip 10.12.1.0 0.0.0.255 host 10.4.0.43
permit ip 10.12.0.0 0.0.0.255 10.4.0.0 0.0.0.255
permit ip host 10.12.0.254 any
permit ip 10.12.0.0 0.0.127.255 10.12.252.0 0.0.3.255
permit ip 10.12.252.0 0.0.3.255 10.12.252.0 0.0.3.255
permit ip host 10.12.252.254 any
permit tcp any any eq domain
permit udp any any eq domain
remark kg-p11-app001.komos-group.ru
permit ip any host 10.1.8.14
permit ip 10.12.4.0 0.0.3.255 10.1.19.0 0.0.0.255
permit icmp any any
permit ip any host 10.1.9.207
permit ip any host 10.4.0.214
permit ip 10.12.4.0 0.0.0.255 any
permit tcp any any eq 8291
ip access-list extended ACL_FTP4
permit tcp any any range 58600 58900
ip access-list extended ACL_FW_IN
permit tcp any object-group STATIC_ISP_IP eq 4444
permit icmp any any
permit tcp any object-group STATIC_ISP_IP eq bgp
permit ip object-group OBJ_BRANCHES 91.240.179.0 0.0.0.255
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
deny tcp any object-group STATIC_ISP_IP eq 22
deny ip object-group OBJ_NET_BLACKLIST any
permit tcp any host 91.240.179.1 eq 443 2109 3000 8080 9000 9090
permit udp any host 91.240.179.1 eq 3478 syslog
permit tcp any host 91.240.179.5 eq 82 www 443 1433 2195 2196 5223
permit tcp any host 91.240.179.11 eq domain
permit udp any host 91.240.179.11 eq domain
permit tcp any host 91.240.179.20 eq 443
permit udp any host 91.240.179.28 eq non500-isakmp isakmp
permit tcp any host 91.240.179.31 eq 7789
permit tcp any host 91.240.179.36 eq www 443
permit tcp any host 91.240.179.40 eq 443
permit tcp any host 91.240.179.48 eq www 443
permit tcp any host 91.240.179.49 eq 8080 9099
permit tcp any host 91.240.179.57 eq www 443 8082 10001 12001
permit tcp any host 91.240.179.66 eq 443 pop3 www
permit tcp any host 91.240.179.68 eq 5060
permit tcp any host 91.240.179.70 eq smtp www pop3 143 443 587 993 995
permit tcp any host 91.240.179.129 eq smtp www pop3 143 443 587 993 995
permit tcp any host 91.240.179.178 eq 4477
permit tcp any host 91.240.179.251 eq www 443
permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.2 eq 1433
permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.5 eq 3395 5671 5672 15672
permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.1 eq 3389
permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.49 eq 3391
permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.68 eq 3389
permit tcp object-group OBJ_PART_ROSA host 91.240.179.131 eq www 443
permit tcp object-group OBJ_PART_HTC host 91.240.179.71
permit object-group OBJ_SVC_VIPole any host 91.240.179.32
permit object-group OBJ_SVC_SFB any object-group OBJ_SRV_SKYPE
permit object-group OBJ_SVC_ANY_CONNECT any object-group OBJ_NET_CISCOASA
permit object-group OBJ_SVC_L2TP any host 91.240.179.28
permit object-group OBJ_SVC_FTP object-group OBJ_NET_FTP_USERS host 91.240.179.71
permit tcp any object-group OBJ_SVC_KSMG eq smtp
permit tcp any object-group OBJ_SRV_IRONPORT eq smtp
ip access-list extended ACL_NAT_PRODACTION
permit tcp host 10.4.39.1 any eq 443
permit ip host 10.4.38.1 any
permit ip host 10.4.38.2 any
permit ip host 10.4.39.65 any
permit ip 10.4.39.64 0.0.0.63 any
ip access-list extended ACL_QOS_ESP
permit esp any any
deny ip any any
ip access-list extended ACL_QOS_Q2
permit tcp any any eq www 443
permit tcp any any eq www 443 8443
ip access-list extended ACL_RM_ROUTE_MARK_OUT
permit ip host 10.4.0.9 any
permit ip host 10.4.7.12 any
permit ip host 10.4.0.172 any
permit ip host 10.4.0.178 any
permit ip host 192.168.8.29 any
permit ip host 192.168.8.228 any
permit ip host 192.168.8.177 any
permit ip host 192.168.9.100 any
permit ip host 192.168.9.101 any
permit ip host 192.168.9.102 any
permit ip host 192.168.9.103 any
permit ip host 192.168.9.104 any
permit ip host 192.168.9.105 any
permit ip host 172.30.35.254 any
permit ip host 172.17.100.1 any
permit ip host 172.17.100.5 any
permit ip host 10.4.7.17 any
permit ip host 192.168.8.176 any
permit ip host 192.168.8.159 any
permit ip host 192.168.8.138 any
permit ip host 192.168.8.187 any
permit ip host 192.168.8.226 any
permit ip 192.168.8.0 0.0.0.255 any
remark RTO-372
permit ip host 10.4.8.80 any
ip access-list extended ACL_TEST_ESR-10
permit ip host 91.240.179.240 any
permit ip host 10.4.8.8 any
ip access-list extended ACL_VTY
permit ip 10.1.0.0 0.0.255.255 any
permit ip 10.4.0.0 0.0.255.255 any
permit ip 10.14.112.0 0.0.15.255 any
deny ip any any log
ip access-list extended FIREWALL
deny tcp any object-group STATIC_ISP_IP eq 22
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
permit ip object-group GRE_SRC_IP object-group STATIC_ISP_IP
permit tcp any object-group STATIC_ISP_IP eq 5599 7010 7011 7020 7021 7030 7031 7040
permit tcp any object-group STATIC_ISP_IP eq 7041 7050 7051 7060 7061 7789 8585 29713
permit tcp any object-group STATIC_ISP_IP eq 15971 38129 38411 38412 38511 39661 43611 50155 50569 50683
permit tcp any object-group STATIC_ISP_IP eq 50690 50718 50783 51891 56543 56548 56549 59136 59991 61751
permit tcp any object-group STATIC_ISP_IP eq 4494
permit tcp any object-group STATIC_ISP_IP eq 3394
deny tcp any host 217.14.195.253 eq 443
permit tcp object-group LAINER_TELECOM object-group STATIC_ISP_IP range 8081 8092
permit tcp any object-group STATIC_ISP_IP range 58600 58900
permit udp any object-group STATIC_ISP_IP range 10000 20000
permit object-group SERVICE_L2TP any object-group STATIC_ISP_IP
permit tcp any object-group STATIC_ISP_IP eq ftp smtp www pop3 143 443 993 2109 4443 4444
permit tcp any object-group STATIC_ISP_IP eq 2253 58000
permit tcp object-group HEADLINE_IP object-group STATIC_ISP_IP eq 4446
permit icmp any object-group STATIC_ISP_IP
deny tcp any any eq 22
ip access-list extended LOCAL_TRAFFIC
permit ip any 192.168.0.0 0.0.255.255
permit ip any 10.0.0.0 0.255.255.255
permit ip any 172.16.0.0 0.15.255.255
!
!
ip prefix-list PFL_FROM_RUSSIAN_NIVA seq 10 permit 10.5.192.0/19
!
ip prefix-list PFL_OSPF_FILTER seq 10 deny 10.0.0.0/14 le 32
ip prefix-list PFL_OSPF_FILTER seq 20 deny 10.8.0.0/13 le 32
ip prefix-list PFL_OSPF_FILTER seq 30 deny 10.16.0.0/12 le 32
ip prefix-list PFL_OSPF_FILTER seq 100 permit 0.0.0.0/0 le 24
!
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 10 permit 10.4.0.0/16
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 20 permit 192.168.8.0/24
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 25 permit 10.1.0.0/16
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 30 permit 192.168.0.0/22
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 35 permit 10.14.112.0/20
!
ip prefix-list PL_BOGON seq 5 permit 0.0.0.0/8 le 32
ip prefix-list PL_BOGON seq 10 permit 10.0.0.0/8 le 32
ip prefix-list PL_BOGON seq 15 permit 100.64.0.0/10 le 32
ip prefix-list PL_BOGON seq 20 permit 127.0.0.0/8 le 32
ip prefix-list PL_BOGON seq 25 permit 169.254.0.0/16 le 32
ip prefix-list PL_BOGON seq 30 permit 172.16.0.0/12 le 32
ip prefix-list PL_BOGON seq 35 permit 192.0.0.0/24 le 32
ip prefix-list PL_BOGON seq 40 permit 192.0.2.0/24 le 32
ip prefix-list PL_BOGON seq 45 permit 192.168.0.0/16 le 32
ip prefix-list PL_BOGON seq 50 permit 192.18.0.0/15 le 32
ip prefix-list PL_BOGON seq 55 permit 198.18.0.0/15 le 32
ip prefix-list PL_BOGON seq 60 permit 198.51.100.0/24 le 32
ip prefix-list PL_BOGON seq 65 permit 203.0.113.0/24 le 32
ip prefix-list PL_BOGON seq 70 permit 240.0.0.0/4 le 32
!
ip prefix-list PL_FROM_BEECLOUD seq 5 permit 10.100.0.0/24 le 25
ip prefix-list PL_FROM_BEECLOUD seq 10 permit 10.101.0.0/20 le 24
!
ip prefix-list PL_FROM_KLS seq 10 permit 10.14.100.0/22
!
ip prefix-list PL_FROM_KUMK seq 5 permit 10.12.0.0/16 le 24
ip prefix-list PL_FROM_KUMK seq 10 permit 10.12.252.0/22
!
ip prefix-list PL_KOMOS_AS seq 5 permit 0.0.0.0/0
ip prefix-list PL_KOMOS_AS seq 10 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_LOCAL_IN seq 5 deny 0.0.0.0/0
ip prefix-list PL_LOCAL_IN seq 10 permit 10.0.0.0/8 le 32
ip prefix-list PL_LOCAL_IN seq 15 permit 192.168.0.0/16 le 32
ip prefix-list PL_LOCAL_IN seq 20 permit 172.31.35.0/24
ip prefix-list PL_LOCAL_IN seq 25 permit 172.31.31.0/24
ip prefix-list PL_LOCAL_IN seq 30 permit 172.16.0.0/12 le 32
ip prefix-list PL_LOCAL_IN seq 35 permit 91.240.179.243/32
ip prefix-list PL_LOCAL_IN seq 40 permit 91.240.179.131/32
ip prefix-list PL_LOCAL_IN seq 50 permit 91.240.179.0/24 ge 32
!
ip prefix-list PL_LOCAL_OUT seq 5 permit 10.0.0.0/8 le 32
ip prefix-list PL_LOCAL_OUT seq 10 permit 192.168.0.0/16 le 32
ip prefix-list PL_LOCAL_OUT seq 15 permit 172.16.0.0/12 le 32
ip prefix-list PL_LOCAL_OUT seq 20 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_MIKROT_OTHER_OUT seq 1 permit 10.0.0.0/8 le 32
ip prefix-list PL_MIKROT_OTHER_OUT seq 2 permit 192.168.0.0/16 le 32
ip prefix-list PL_MIKROT_OTHER_OUT seq 5 permit 10.4.0.0/16
ip prefix-list PL_MIKROT_OTHER_OUT seq 10 permit 10.1.0.0/16
ip prefix-list PL_MIKROT_OTHER_OUT seq 15 permit 192.168.0.0/22
ip prefix-list PL_MIKROT_OTHER_OUT seq 20 permit 192.168.8.0/24
!
ip prefix-list PL_ROSTELECOM_IN seq 5 permit 0.0.0.0/0
ip prefix-list PL_ROSTELECOM_IN seq 6 permit 0.0.0.0/0 le 22
ip prefix-list PL_ROSTELECOM_IN seq 10 deny 0.0.0.0/0 le 32
!
ip prefix-list PL_ROSTELECOM_OUT seq 5 permit 91.240.179.0/24
!
ip prefix-list PL_TO_BEECLOUD seq 5 permit 10.0.0.0/8 le 24
!
ip prefix-list PL_TO_IZH-KI-VOR158 seq 5 permit 10.0.0.0/8 le 24
ip prefix-list PL_TO_IZH-KI-VOR158 seq 10 permit 192.168.0.0/16 le 24
ip prefix-list PL_TO_IZH-KI-VOR158 seq 15 permit 172.31.35.0/24
!
ip prefix-list PL_TO_KUMK seq 5 permit 10.1.0.0/16 le 24
ip prefix-list PL_TO_KUMK seq 10 permit 10.4.0.0/16 le 24
ip sla 1
icmp-echo 8.8.8.8 source-ip 78.85.13.95
threshold 2000
timeout 3000
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.4.4 source-ip 78.85.13.95
threshold 2000
timeout 3000
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 77.88.8.8 source-ip 78.85.13.95
threshold 2000
timeout 3000
frequency 10
ip sla schedule 3 life forever start-time now
ip sla 4
icmp-echo 77.88.8.1 source-ip 78.85.13.95
threshold 2000
timeout 3000
frequency 10
ip sla schedule 4 life forever start-time now
ip sla 5
icmp-echo 77.88.8.88 source-ip 78.85.13.95
threshold 2000
timeout 3000
frequency 10
ip sla schedule 5 life forever start-time now
ip sla 6
icmp-echo 77.88.8.2 source-ip 78.85.13.95
threshold 2000
timeout 3000
frequency 10
ip sla schedule 6 life forever start-time now
ip sla 11
icmp-echo 8.8.8.8 source-ip 217.14.195.253
threshold 2000
timeout 3000
frequency 10
ip sla schedule 11 life forever start-time now
ip sla 12
icmp-echo 8.8.4.4 source-ip 217.14.195.253
threshold 2000
timeout 3000
frequency 10
ip sla schedule 12 life forever start-time now
ip sla 13
icmp-echo 77.88.8.8 source-ip 217.14.195.253
threshold 2000
timeout 3000
frequency 10
ip sla schedule 13 life forever start-time now
ip sla 14
icmp-echo 77.88.8.1 source-ip 217.14.195.253
threshold 2000
timeout 3000
frequency 10
ip sla schedule 14 life forever start-time now
ip sla 15
icmp-echo 77.88.8.88 source-ip 217.14.195.253
threshold 2000
timeout 3000
frequency 10
ip sla schedule 15 life forever start-time now
ip sla 16
icmp-echo 77.88.8.2 source-ip 217.14.195.253
threshold 2000
timeout 3000
frequency 10
ip sla schedule 16 life forever start-time now
ip sla 202
icmp-echo 1.1.1.1 source-ip 85.175.86.74
threshold 2000
timeout 3000
frequency 10
ip sla schedule 202 life forever start-time now
ip sla 203
icmp-echo 8.8.8.8 source-ip 85.175.86.74
threshold 2000
timeout 3000
frequency 10
ip sla schedule 203 life forever start-time now
logging origin-id hostname
logging facility local2
logging source-interface GigabitEthernet0/2.300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
!
route-map ISP_MARK permit 10
match ip address 20 21 22 23 24 25 26 27 28 29 30 40 41 42 43 44 45 ACL_NAT_Wi-Fi ACL_NAT_PET_PRODACTION ACL_NAT_ATERISK ACL_NAT_PRODACTION NOBEL_USERS ACL_NAT_SRV
match interface GigabitEthernet0/1
!
route-map PBR_LP deny 10
match ip address LOCAL_TRAFFIC
!
route-map PBR_LP permit 20
match ip address ACL_FOR_LP_RT
set ip next-hop 78.85.13.1
!
route-map PBR_LP permit 30
match ip address ACL_FOR_LP_MARK
set ip next-hop 217.14.195.254
!
route-map RM_ROSTELECOM_IN deny 5
match ip address prefix-list PL_BOGON
!
route-map RM_ROSTELECOM_IN permit 10
match ip address prefix-list PL_ROSTELECOM_IN
match track 200
set local-preference 300
!
route-map RM_ROSTELECOM_IN permit 20
match ip address prefix-list PL_ROSTELECOM_IN
set local-preference 200
!
route-map EIGRP_PUB_RM permit 10
description --publish_subnet_to_eigrp--
match ip address 99
!
route-map RM_FROM_KUMK permit 10
match ip address prefix-list PL_FROM_KUMK
!
route-map ISP_RT permit 10
match ip address 20 21 22 23 24 25 26 27 28 29 30 40 41 42 43 44 45 ACL_NAT_Wi-Fi ACL_NAT_PET_PRODACTION ACL_NAT_ATERISK ACL_NAT_PRODACTION NOBEL_USERS ACL_NAT_SRV
match interface GigabitEthernet0/0
!
route-map RM_TO_BEECLOUD permit 10
match ip address prefix-list PL_TO_BEECLOUD
set as-path prepend 64512 64512
!
route-map RM_FROM_BEECLOUD permit 10
match ip address prefix-list PL_FROM_BEECLOUD
set as-path prepend 64554 64554
!
route-map RM_LOCAL_OUT permit 10
match ip address prefix-list PL_LOCAL_OUT
!
route-map RM_TO_KUMK permit 10
match ip address prefix-list PL_TO_KUMK
!
route-map RM_TO_IZH-KI-VOR158 permit 10
match ip address prefix-list PL_TO_IZH-KI-VOR158
!
route-map REDIST_EIGRP_TO_OSPF_AREA_1 permit 10
match ip address 98
!
route-map RM_ROSTELECOM_OUT permit 10
match ip address prefix-list PL_ROSTELECOM_OUT
set as-path prepend 199014 199014 199014
!
route-map RM_MIKROT_OTHER_OUT permit 10
match ip address prefix-list PL_MIKROT_OTHER_OUT
!
route-map PPTP-VIA-MARK permit 10
match ip address LOCAL_TRAFFIC
!
route-map PPTP-VIA-MARK permit 20
set ip next-hop 217.14.195.254
!
route-map RM_LOCAL_IN permit 10
match ip address prefix-list PL_LOCAL_IN
!
route-map RM_KOMOS_AS permit 10
match ip address prefix-list PL_KOMOS_AS
!
route-map RM_FROM_KLS permit 10
match ip address prefix-list PL_FROM_KLS
!
route-map GLOBAL-ROUTING permit 5
match ip address ACL_RM_ROUTE_MARK_OUT
set ip next-hop 217.14.195.254
!
route-map GLOBAL-ROUTING permit 10
match ip address ACL_CREATIO
set ip next-hop 78.85.13.1
!
route-map GLOBAL-ROUTING permit 20
match ip address ACL_EXCHANGE_KG
set ip next-hop 78.85.13.1
!
route-map GLOBAL-ROUTING permit 25
description TEST_VKTEAMS
match ip address ACL_TEST_ESR-10
set ip next-hop 172.30.32.14
!
route-map GLOBAL-ROUTING permit 100
!
!
snmp-server community lmTUEsk6Yvlv RO
access-list 5 permit 10.2.1.245
access-list 20 permit 10.4.0.249
access-list 20 remark -===NET USER 0===-
access-list 20 permit 192.168.0.0 0.0.3.255
access-list 21 remark -===NET PRINTDEVICE 1===-
access-list 21 permit 192.168.4.0 0.0.0.255
access-list 22 remark -===NET USER 5===-
access-list 22 permit 192.168.5.0 0.0.0.255
access-list 23 remark -===NET SERVER 6===-
access-list 23 permit 192.168.6.0 0.0.0.255
access-list 24 remark -===NET SERVER 7===-
access-list 24 permit 192.168.7.0 0.0.0.255
access-list 25 deny 192.168.8.120
access-list 25 remark -===NET SERVER 8===-
access-list 25 permit 192.168.8.0 0.0.0.255
access-list 26 remark -===NET SERVER 9===-
access-list 26 permit 192.168.9.0 0.0.0.255
access-list 27 remark -===NET KIP===-
access-list 27 permit 192.168.110.0 0.0.0.255
access-list 28 remark -===NET SERVER 150===-
access-list 28 permit 192.168.150.0 0.0.0.255
access-list 29 remark -===NET_VPN===-
access-list 29 permit 172.30.34.0 0.0.1.255
access-list 30 remark -===NET VPN===-
access-list 30 permit 10.10.14.0 0.0.0.255
access-list 34 permit 10.4.7.12
access-list 34 remark =-izh-msx001=-
access-list 34 permit 192.168.1.5
access-list 40 permit 10.4.8.0 0.0.7.255
access-list 40 permit 10.4.16.0 0.0.7.255
access-list 41 deny 10.4.0.90
access-list 41 deny 10.4.0.102
access-list 41 deny 10.4.0.241
access-list 41 remark -=ServerNetNew=-
access-list 41 permit 10.4.0.0 0.0.3.255
access-list 42 remark -=WifiUserNetNew=-
access-list 42 permit 10.4.32.0 0.0.0.255
access-list 44 remark -=ServProcContNet=-
access-list 44 permit 10.4.36.0 0.0.0.255
access-list 45 remark -=ServMailNet=-
access-list 45 permit 10.4.7.0 0.0.0.15
access-list 98 deny 192.168.8.120
access-list 98 remark --REDIST_EIGRP_OSPF_AREA_1--
access-list 98 permit 192.168.0.0 0.0.3.255
access-list 98 permit 192.168.8.0 0.0.0.255
access-list 99 remark --LIST_TO_REDISTR_IN_EIGRP--
access-list 99 permit 10.2.1.0 0.0.0.255
!
radius server IZH-RDS002
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
!
control-plane
!
!
no vstack
alias exec sib sh ip int brief
!
line con 0
logging synchronous
login authentication CONSOLE
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class ACL_VTY in vrf-also
exec-timeout 120 0
logging synchronous
rotary 1
transport input ssh
line vty 5 15
access-class ACL_VTY in vrf-also
exec-timeout 120 0
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp server 10.4.0.1
ntp server 10.4.0.2
event manager applet --MARK_UP--
event track 20 state up
action 001 cli command "enable"
action 002 cli command "conf t"
action 003 cli command "interface GigabitEthernet0/1"
action 004 cli command "ip nat outside"
action 005 cli command "end"
action 006 cli command "clear ip nat translation *"
action 007 syslog msg "MARK is UP"
event manager applet --MARK_DOWN--
event track 20 state down
action 001 cli command "enable"
action 002 cli command "conf t"
action 003 cli command "interface GigabitEthernet0/1"
action 004 cli command "no ip nat outside"
action 005 cli command "end"
action 006 cli command "clear ip nat translation *"
action 007 syslog msg "MARK is DOWN"
!
event manager history size events 20
end
Reference in New Issue Copy Permalink