ansible/backup/files/eltex/10.111.56.2.txt

hostname MSK-MLK-NOV2-RT-1-2

ip firewall sessions counters
object-group service OBJ_SVC_SSH
  port-range 22
exit
object-group service OBJ_SVC_VPN
  port-range 500
  port-range 4500
exit

object-group network OBJ_NET_IZH_KG_P11
  description "IZH-KG-P11_nets"
  ip prefix 91.240.179.0/24
  ip prefix 5.227.124.143/32
  ip prefix 78.85.13.93/32
  ip prefix 62.141.96.126/32
  ip prefix 84.201.247.190/32
  ip prefix 88.80.33.50/32
  ip prefix 94.25.46.122/32
exit
object-group network OBJ_NET_IZH_MLK_IZM
  description "IZH-MLK-IZM_nets"
  ip prefix 91.240.179.0/24
  ip prefix 85.140.32.27/32
  ip prefix 78.85.13.42/32
  ip prefix 5.227.126.169/32
  ip prefix 31.173.105.54/32
  ip prefix 217.14.195.253/32
  ip prefix 85.175.86.74/32
exit
object-group network OBJ_NET_ADM_MGMT
  description "Admins Net for MGMT and Routing"
  ip prefix 10.110.0.0/24
  ip prefix 10.4.0.214/32
  ip prefix 10.1.19.0/24
  ip prefix 10.14.117.0/24
  ip prefix 172.30.1.0/24
  ip prefix 172.30.2.0/24
exit
object-group network OBJ_NET_NAT_USERS
  ip prefix 10.14.104.0/21
exit

syslog max-files 3
syslog file-size 1024
syslog file tmpsys:syslog/syslog
  severity info
exit

username admin
  password encrypted $6$pFzbQmya2cYltOhG$4NUtxJ1WkXRaqlhtpjfgSYAqlMsMpUZluPDvVFYQTVlNht8vsUpZgCLv7Xe/VRdD7XfRakVmVzrOWj4ZdtU4V.
  privilege 1
exit
username remote
  password encrypted $6$pFzbQmya2cYltOhG$4NUtxJ1WkXRaqlhtpjfgSYAqlMsMpUZluPDvVFYQTVlNht8vsUpZgCLv7Xe/VRdD7XfRakVmVzrOWj4ZdtU4V.
exit
username netadmin
  password encrypted $6$qQ9DjGu5Ho3PsG1P$kFSYXz6vF15o8dO9siAha7hTiTtA159xVUA9BSVGM3wgsSEKeAyGQK5HZKyIkplOhc3f4eXjUoDrdc.YxlLhn1
  privilege 15
exit
username techsuppport
  password encrypted $6$qQ9DjGu5Ho3PsG1P$kFSYXz6vF15o8dO9siAha7hTiTtA159xVUA9BSVGM3wgsSEKeAyGQK5HZKyIkplOhc3f4eXjUoDrdc.YxlLhn1
exit
enable password encrypted $6$AfOE17s2nl/CyvEy$6iroAkDn996cy.hfE69WQHuCyKZVsrLNff9Zpdtg4j/7GUDnUaNehPe/Ej5hxuJrLTHYe109dqurFYAVni3ue1 privilege 15
aaa authentication mode break
aaa authentication login CONSOLE local radius
aaa authentication login SSH radius local
aaa authentication enable default radius enable
radius-server host 10.1.122.248
  key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9
  source-interface loopback 1
exit
radius-server host 10.4.0.248
  key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9
  source-interface loopback 1
exit
line console
  login authentication CONSOLE
exit
line ssh
  login authentication SSH
exit

system jumbo-frames
system config-confirm timeout 120

no spanning-tree

security zone LAN
exit
security zone WAN
exit
security zone VPN
exit

route-map RM_BGP_OUT
  rule 1
    description "Universal_MGMT_Loopback"
    match ip address 10.111.0.0/16 le 32
  exit
  rule 10
    description "MSK-NOV2_PREFIX"
    match ip address 10.14.104.0/21
  exit
exit
router bgp 64556
  timers keepalive 10
  timers holdtime 30
  peer-group PG_BGP_IZM
    remote-as 64512
    timers keepalive 10
    timers holdtime 30
    timers error-wait 120 180
    graceful-restart timeout 120
    route-map RM_BGP_OUT out
  exit
  peer-group PG_BGP_P11
    remote-as 64513
    timers keepalive 10
    timers holdtime 30
    timers error-wait 120 180
    graceful-restart
    graceful-restart timeout 120
    route-map RM_BGP_OUT out
  exit
  neighbor 172.30.1.1
    peer-group PG_BGP_IZM
    address-family ipv4 unicast
      enable
    exit
    enable
  exit
  neighbor 172.30.1.2
    peer-group PG_BGP_IZM
    address-family ipv4 unicast
      enable
    exit
    enable
  exit
  neighbor 172.30.2.1
    peer-group PG_BGP_P11
    address-family ipv4 unicast
      enable
    exit
    enable
  exit
  neighbor 172.30.2.2
    peer-group PG_BGP_P11
    address-family ipv4 unicast
      enable
    exit
    enable
  exit
  address-family ipv4 unicast
    network 10.14.104.0/21
    network 10.111.56.2/32
  exit
  enable
exit


interface port-channel 1
  description "[KU]_SW-1-1"
  mtu 9100
exit
interface port-channel 1.2
  description "Users"
  security-zone LAN
  ip address 10.14.105.253/24
  ip helper-address 10.4.0.5
  ip helper-address 10.1.8.5
  vrrp id 1
  vrrp ip 10.14.105.254/32
  vrrp group 1
  vrrp version 3
  vrrp
exit
interface port-channel 1.150
  description "WIFI"
  security-zone LAN
  ip address 10.14.107.253/24
  ip helper-address 10.4.0.5
  ip helper-address 10.1.8.5
  ip helper-address vrrp-group 1
  vrrp id 2
  vrrp ip 10.14.107.254/32
  vrrp group 1
  vrrp version 3
  vrrp
exit
interface port-channel 1.300
  description "MGM"
  security-zone LAN
  ip address 10.14.104.253/25
  vrrp id 30
  vrrp ip 10.14.104.254/32
  vrrp group 1
  vrrp version 3
  vrrp
exit
interface port-channel 1.301
  description "WIFI_MGM_Ubiquity"
  security-zone LAN
  ip address 10.14.106.125/25
  ip helper-address 10.4.0.5
  ip helper-address 10.1.8.5
  ip helper-address vrrp-group 1
  vrrp id 4
  vrrp ip 10.14.106.126/32
  vrrp group 1
  vrrp version 3
  vrrp
exit
interface port-channel 1.305
  description "WIFI_MGM_Eltex"
  security-zone LAN
  ip address 10.14.106.253/25
  ip helper-address 10.4.0.5
  ip helper-address 10.1.8.5
  ip helper-address vrrp-group 1
  vrrp id 5
  vrrp ip 10.14.106.254/32
  vrrp group 1
  vrrp version 3
  vrrp
exit
interface port-channel 1.350
  description "VOIP"
  security-zone LAN
  ip address 10.14.104.125/25
  ip helper-address 10.4.0.5
  ip helper-address 10.1.8.5
  ip helper-address vrrp-group 1
  vrrp id 6
  vrrp ip 10.14.104.126/32
  vrrp group 1
  vrrp version 3
  vrrp
exit
interface port-channel 1.555
  description "Transit_RT-1-1_RT-1-2"
  security-zone LAN
  ip address 172.31.16.2/29
exit
interface gigabitethernet 1/0/5
  description "[KU]_Po1_SW-1-1"
  mode switchport
  mtu 9100
  channel-group 1 mode auto
exit
interface gigabitethernet 1/0/6
  description "[KU]_Po1_SW-1-1"
  mode switchport
  mtu 9100
  channel-group 1 mode auto
exit
interface gigabitethernet 1/0/7
  description "[ISP-xxM]_Rosfon_ISP_A"
  security-zone WAN
  ip address 91.240.179.238/24
exit
interface gigabitethernet 1/0/8
  description "[ISP-xxM]_WAN_ISP_B"
  mtu 9100
  security-zone WAN
exit
interface loopback 1
  description "MGMT_IP"
  ip address 10.111.56.2/32
exit
tunnel gre 101
  key 1001
  mtu 1400
  multipoint
  security-zone VPN
  local interface gigabitethernet 1/0/7
  ip address 172.30.1.77/24
  ip tcp adjust-mss 1360
  ip nhrp authentication encrypted B18B2823930318AA
  ip nhrp holding-time 300
  ip nhrp map 172.30.1.1 85.140.32.27
  ip nhrp map 172.30.1.2 78.85.13.42
  ip nhrp nhs 172.30.1.1/24
  ip nhrp nhs 172.30.1.2/24
  ip nhrp ipsec IPSEC_VPN_HUB static
  ip nhrp ipsec IPSEC_VPN_SPOKE dynamic
  ip nhrp multicast nhs
  ip nhrp enable
  enable
exit
tunnel gre 102
  key 1002
  mtu 1400
  multipoint
  security-zone VPN
  local interface gigabitethernet 1/0/7
  ip address 172.30.2.77/24
  ip tcp adjust-mss 1360
  ip nhrp authentication encrypted B18B2823930318A9
  ip nhrp holding-time 300
  ip nhrp map 172.30.2.1 5.227.124.143
  ip nhrp map 172.30.2.2 78.85.13.93
  ip nhrp nhs 172.30.2.1/24
  ip nhrp nhs 172.30.2.2/24
  ip nhrp ipsec IPSEC_VPN_HUB static
  ip nhrp ipsec IPSEC_VPN_SPOKE dynamic
  ip nhrp multicast nhs
  ip nhrp enable
  enable
exit

snmp-server
snmp-server contact "INVENTAR_NUMBER"
snmp-server location "MSK, Novodmitrovskaya,2 , kor2, et4"
snmp-server community lmTUEsk6Yvlv  ro

security zone-pair WAN self
  rule 10
    description "permit_any_from_P11"
    action permit
    match source-address OBJ_NET_IZH_KG_P11
    enable
  exit
  rule 20
    description "permit_any_from_IZM"
    action permit
    match source-address OBJ_NET_IZH_MLK_IZM
    enable
  exit
exit
security zone-pair LAN VPN
  rule 10
    description "permit_any"
    action permit
    enable
  exit
exit
security zone-pair VPN LAN
  rule 10
    description "permit_any"
    action permit
    enable
  exit
exit
security zone-pair VPN self
  rule 1
    description "TEST_ANY"
    action permit
    enable
  exit
  rule 10
    description "permit_icmp"
    action permit
    match protocol icmp
    enable
  exit
  rule 20
    description "permit_admins"
    action permit
    match source-address OBJ_NET_ADM_MGMT
    enable
  exit
exit
security zone-pair LAN WAN
  rule 10
    description "permit_any"
    action permit
    enable
  exit
exit

security ike proposal IKE_PROP
  encryption algorithm aes128
  dh-group 2
exit

security ike policy IKE_POL
  lifetime seconds 86400
  pre-shared-key ascii-text encrypted 91B8083FE00447F6D804
  proposal IKE_PROP
exit

security ike gateway IKE_GW_HUB
  ike-policy IKE_POL
  local address 91.240.179.238
  local network 91.240.179.238/32 protocol gre 
  remote address any
  remote network 78.85.13.42/32 protocol gre 
  remote network 85.140.32.27/32 protocol gre 
  remote network 5.227.124.143/32 protocol gre 
  remote network 78.85.13.93/32 protocol gre 
  mode policy-based
exit

security ike gateway IKE_GW_SPOKE
  ike-policy IKE_POL
  local address 91.240.179.238
  local network 91.240.179.238/32 protocol gre 
  remote address any
  remote network any protocol gre 
  mode policy-based
exit

security ipsec proposal IPSEC_PROP
  encryption algorithm aes128
exit

security ipsec policy IPSEC_POL_HUB
  proposal IPSEC_PROP
exit

security ipsec vpn IPSEC_VPN_HUB
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway IKE_GW_HUB
  ike ipsec-policy IPSEC_POL_HUB
  enable
exit

security ipsec vpn IPSEC_VPN_SPOKE
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway IKE_GW_SPOKE
  ike ipsec-policy IPSEC_POL_HUB
  enable
exit

security passwords min-length 5
security passwords numeric-count 1
security passwords upper-case 1
security passwords history 0
security passwords default-expired
nat source
  ruleset SNAT
    to zone WAN
    rule 10
      match source-address OBJ_NET_NAT_USERS
      action source-nat interface
      enable
    exit
  exit
exit

ip route 0.0.0.0/0 91.240.179.254
ip route 10.14.104.0/21 blackhole 254

ip ssh server
ip ssh authentication algorithm md5 disable
ip ssh authentication algorithm md5-96 disable
ip ssh authentication algorithm ripemd160 disable
ip ssh authentication algorithm sha1 disable
ip ssh authentication algorithm sha1-96 disable
ip ssh encryption algorithm aes128 disable
ip ssh encryption algorithm aes128ctr disable
ip ssh encryption algorithm aes192 disable
ip ssh encryption algorithm aes192ctr disable
ip ssh encryption algorithm arcfour disable
ip ssh encryption algorithm arcfour128 disable
ip ssh encryption algorithm arcfour256 disable
ip ssh encryption algorithm blowfish disable
ip ssh encryption algorithm cast128 disable
ip ssh key-exchange algorithm dh-group-exchange-sha1 disable
ip ssh key-exchange algorithm dh-group1-sha1 disable
ip ssh key-exchange algorithm dh-group14-sha1 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp256 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp384 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp521 disable

clock timezone gmt +4

ntp enable
ntp server 91.240.179.254
  prefer
  minpoll 4
exit
ntp server 10.1.8.1
  minpoll 4
exit
ntp server 10.4.0.1
  minpoll 4
exit
first commit 2025-10-31 08:47:26 +04:00			`hostname MSK-MLK-NOV2-RT-1-2`

			`ip firewall sessions counters`
			`object-group service OBJ_SVC_SSH`
			`port-range 22`
			`exit`
			`object-group service OBJ_SVC_VPN`
			`port-range 500`
			`port-range 4500`
			`exit`

			`object-group network OBJ_NET_IZH_KG_P11`
			`description "IZH-KG-P11_nets"`
			`ip prefix 91.240.179.0/24`
			`ip prefix 5.227.124.143/32`
			`ip prefix 78.85.13.93/32`
			`ip prefix 62.141.96.126/32`
			`ip prefix 84.201.247.190/32`
			`ip prefix 88.80.33.50/32`
			`ip prefix 94.25.46.122/32`
			`exit`
			`object-group network OBJ_NET_IZH_MLK_IZM`
			`description "IZH-MLK-IZM_nets"`
			`ip prefix 91.240.179.0/24`
			`ip prefix 85.140.32.27/32`
			`ip prefix 78.85.13.42/32`
			`ip prefix 5.227.126.169/32`
			`ip prefix 31.173.105.54/32`
			`ip prefix 217.14.195.253/32`
			`ip prefix 85.175.86.74/32`
			`exit`
			`object-group network OBJ_NET_ADM_MGMT`
			`description "Admins Net for MGMT and Routing"`
			`ip prefix 10.110.0.0/24`
			`ip prefix 10.4.0.214/32`
			`ip prefix 10.1.19.0/24`
			`ip prefix 10.14.117.0/24`
			`ip prefix 172.30.1.0/24`
			`ip prefix 172.30.2.0/24`
			`exit`
			`object-group network OBJ_NET_NAT_USERS`
			`ip prefix 10.14.104.0/21`
			`exit`

			`syslog max-files 3`
			`syslog file-size 1024`
			`syslog file tmpsys:syslog/syslog`
			`severity info`
			`exit`

			`username admin`
			`password encrypted $6$pFzbQmya2cYltOhG$4NUtxJ1WkXRaqlhtpjfgSYAqlMsMpUZluPDvVFYQTVlNht8vsUpZgCLv7Xe/VRdD7XfRakVmVzrOWj4ZdtU4V.`
			`privilege 1`
			`exit`
			`username remote`
			`password encrypted $6$pFzbQmya2cYltOhG$4NUtxJ1WkXRaqlhtpjfgSYAqlMsMpUZluPDvVFYQTVlNht8vsUpZgCLv7Xe/VRdD7XfRakVmVzrOWj4ZdtU4V.`
			`exit`
			`username netadmin`
			`password encrypted $6$qQ9DjGu5Ho3PsG1P$kFSYXz6vF15o8dO9siAha7hTiTtA159xVUA9BSVGM3wgsSEKeAyGQK5HZKyIkplOhc3f4eXjUoDrdc.YxlLhn1`
			`privilege 15`
			`exit`
			`username techsuppport`
			`password encrypted $6$qQ9DjGu5Ho3PsG1P$kFSYXz6vF15o8dO9siAha7hTiTtA159xVUA9BSVGM3wgsSEKeAyGQK5HZKyIkplOhc3f4eXjUoDrdc.YxlLhn1`
			`exit`
			`enable password encrypted $6$AfOE17s2nl/CyvEy$6iroAkDn996cy.hfE69WQHuCyKZVsrLNff9Zpdtg4j/7GUDnUaNehPe/Ej5hxuJrLTHYe109dqurFYAVni3ue1 privilege 15`
			`aaa authentication mode break`
			`aaa authentication login CONSOLE local radius`
			`aaa authentication login SSH radius local`
			`aaa authentication enable default radius enable`
			`radius-server host 10.1.122.248`
			`key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9`
			`source-interface loopback 1`
			`exit`
			`radius-server host 10.4.0.248`
			`key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9`
			`source-interface loopback 1`
			`exit`
			`line console`
			`login authentication CONSOLE`
			`exit`
			`line ssh`
			`login authentication SSH`
			`exit`

			`system jumbo-frames`
			`system config-confirm timeout 120`

			`no spanning-tree`

			`security zone LAN`
			`exit`
			`security zone WAN`
			`exit`
			`security zone VPN`
			`exit`

			`route-map RM_BGP_OUT`
			`rule 1`
			`description "Universal_MGMT_Loopback"`
			`match ip address 10.111.0.0/16 le 32`
			`exit`
			`rule 10`
			`description "MSK-NOV2_PREFIX"`
			`match ip address 10.14.104.0/21`
			`exit`
			`exit`
			`router bgp 64556`
			`timers keepalive 10`
			`timers holdtime 30`
			`peer-group PG_BGP_IZM`
			`remote-as 64512`
			`timers keepalive 10`
			`timers holdtime 30`
			`timers error-wait 120 180`
			`graceful-restart timeout 120`
			`route-map RM_BGP_OUT out`
			`exit`
			`peer-group PG_BGP_P11`
			`remote-as 64513`
			`timers keepalive 10`
			`timers holdtime 30`
			`timers error-wait 120 180`
			`graceful-restart`
			`graceful-restart timeout 120`
			`route-map RM_BGP_OUT out`
			`exit`
			`neighbor 172.30.1.1`
			`peer-group PG_BGP_IZM`
			`address-family ipv4 unicast`
			`enable`
			`exit`
			`enable`
			`exit`
			`neighbor 172.30.1.2`
			`peer-group PG_BGP_IZM`
			`address-family ipv4 unicast`
			`enable`
			`exit`
			`enable`
			`exit`
			`neighbor 172.30.2.1`
			`peer-group PG_BGP_P11`
			`address-family ipv4 unicast`
			`enable`
			`exit`
			`enable`
			`exit`
			`neighbor 172.30.2.2`
			`peer-group PG_BGP_P11`
			`address-family ipv4 unicast`
			`enable`
			`exit`
			`enable`
			`exit`
			`address-family ipv4 unicast`
			`network 10.14.104.0/21`
			`network 10.111.56.2/32`
			`exit`
			`enable`
			`exit`


			`interface port-channel 1`
			`description "[KU]_SW-1-1"`
			`mtu 9100`
			`exit`
			`interface port-channel 1.2`
			`description "Users"`
			`security-zone LAN`
			`ip address 10.14.105.253/24`
			`ip helper-address 10.4.0.5`
			`ip helper-address 10.1.8.5`
			`vrrp id 1`
			`vrrp ip 10.14.105.254/32`
			`vrrp group 1`
			`vrrp version 3`
			`vrrp`
			`exit`
			`interface port-channel 1.150`
			`description "WIFI"`
			`security-zone LAN`
			`ip address 10.14.107.253/24`
			`ip helper-address 10.4.0.5`
			`ip helper-address 10.1.8.5`
			`ip helper-address vrrp-group 1`
			`vrrp id 2`
			`vrrp ip 10.14.107.254/32`
			`vrrp group 1`
			`vrrp version 3`
			`vrrp`
			`exit`
			`interface port-channel 1.300`
			`description "MGM"`
			`security-zone LAN`
			`ip address 10.14.104.253/25`
			`vrrp id 30`
			`vrrp ip 10.14.104.254/32`
			`vrrp group 1`
			`vrrp version 3`
			`vrrp`
			`exit`
			`interface port-channel 1.301`
			`description "WIFI_MGM_Ubiquity"`
			`security-zone LAN`
			`ip address 10.14.106.125/25`
			`ip helper-address 10.4.0.5`
			`ip helper-address 10.1.8.5`
			`ip helper-address vrrp-group 1`
			`vrrp id 4`
			`vrrp ip 10.14.106.126/32`
			`vrrp group 1`
			`vrrp version 3`
			`vrrp`
			`exit`
			`interface port-channel 1.305`
			`description "WIFI_MGM_Eltex"`
			`security-zone LAN`
			`ip address 10.14.106.253/25`
			`ip helper-address 10.4.0.5`
			`ip helper-address 10.1.8.5`
			`ip helper-address vrrp-group 1`
			`vrrp id 5`
			`vrrp ip 10.14.106.254/32`
			`vrrp group 1`
			`vrrp version 3`
			`vrrp`
			`exit`
			`interface port-channel 1.350`
			`description "VOIP"`
			`security-zone LAN`
			`ip address 10.14.104.125/25`
			`ip helper-address 10.4.0.5`
			`ip helper-address 10.1.8.5`
			`ip helper-address vrrp-group 1`
			`vrrp id 6`
			`vrrp ip 10.14.104.126/32`
			`vrrp group 1`
			`vrrp version 3`
			`vrrp`
			`exit`
			`interface port-channel 1.555`
			`description "Transit_RT-1-1_RT-1-2"`
			`security-zone LAN`
			`ip address 172.31.16.2/29`
			`exit`
			`interface gigabitethernet 1/0/5`
			`description "[KU]_Po1_SW-1-1"`
			`mode switchport`
			`mtu 9100`
			`channel-group 1 mode auto`
			`exit`
			`interface gigabitethernet 1/0/6`
			`description "[KU]_Po1_SW-1-1"`
			`mode switchport`
			`mtu 9100`
			`channel-group 1 mode auto`
			`exit`
			`interface gigabitethernet 1/0/7`
			`description "[ISP-xxM]_Rosfon_ISP_A"`
			`security-zone WAN`
			`ip address 91.240.179.238/24`
			`exit`
			`interface gigabitethernet 1/0/8`
			`description "[ISP-xxM]_WAN_ISP_B"`
			`mtu 9100`
			`security-zone WAN`
			`exit`
			`interface loopback 1`
			`description "MGMT_IP"`
			`ip address 10.111.56.2/32`
			`exit`
			`tunnel gre 101`
			`key 1001`
			`mtu 1400`
			`multipoint`
			`security-zone VPN`
			`local interface gigabitethernet 1/0/7`
			`ip address 172.30.1.77/24`
			`ip tcp adjust-mss 1360`
			`ip nhrp authentication encrypted B18B2823930318AA`
			`ip nhrp holding-time 300`
			`ip nhrp map 172.30.1.1 85.140.32.27`
			`ip nhrp map 172.30.1.2 78.85.13.42`
			`ip nhrp nhs 172.30.1.1/24`
			`ip nhrp nhs 172.30.1.2/24`
			`ip nhrp ipsec IPSEC_VPN_HUB static`
			`ip nhrp ipsec IPSEC_VPN_SPOKE dynamic`
			`ip nhrp multicast nhs`
			`ip nhrp enable`
			`enable`
			`exit`
			`tunnel gre 102`
			`key 1002`
			`mtu 1400`
			`multipoint`
			`security-zone VPN`
			`local interface gigabitethernet 1/0/7`
			`ip address 172.30.2.77/24`
			`ip tcp adjust-mss 1360`
			`ip nhrp authentication encrypted B18B2823930318A9`
			`ip nhrp holding-time 300`
			`ip nhrp map 172.30.2.1 5.227.124.143`
			`ip nhrp map 172.30.2.2 78.85.13.93`
			`ip nhrp nhs 172.30.2.1/24`
			`ip nhrp nhs 172.30.2.2/24`
			`ip nhrp ipsec IPSEC_VPN_HUB static`
			`ip nhrp ipsec IPSEC_VPN_SPOKE dynamic`
			`ip nhrp multicast nhs`
			`ip nhrp enable`
			`enable`
			`exit`

			`snmp-server`
			`snmp-server contact "INVENTAR_NUMBER"`
			`snmp-server location "MSK, Novodmitrovskaya,2 , kor2, et4"`
			`snmp-server community lmTUEsk6Yvlv ro`

			`security zone-pair WAN self`
			`rule 10`
			`description "permit_any_from_P11"`
			`action permit`
			`match source-address OBJ_NET_IZH_KG_P11`
			`enable`
			`exit`
			`rule 20`
			`description "permit_any_from_IZM"`
			`action permit`
			`match source-address OBJ_NET_IZH_MLK_IZM`
			`enable`
			`exit`
			`exit`
			`security zone-pair LAN VPN`
			`rule 10`
			`description "permit_any"`
			`action permit`
			`enable`
			`exit`
			`exit`
			`security zone-pair VPN LAN`
			`rule 10`
			`description "permit_any"`
			`action permit`
			`enable`
			`exit`
			`exit`
			`security zone-pair VPN self`
			`rule 1`
			`description "TEST_ANY"`
			`action permit`
			`enable`
			`exit`
			`rule 10`
			`description "permit_icmp"`
			`action permit`
			`match protocol icmp`
			`enable`
			`exit`
			`rule 20`
			`description "permit_admins"`
			`action permit`
			`match source-address OBJ_NET_ADM_MGMT`
			`enable`
			`exit`
			`exit`
			`security zone-pair LAN WAN`
			`rule 10`
			`description "permit_any"`
			`action permit`
			`enable`
			`exit`
			`exit`

			`security ike proposal IKE_PROP`
			`encryption algorithm aes128`
			`dh-group 2`
			`exit`

			`security ike policy IKE_POL`
			`lifetime seconds 86400`
			`pre-shared-key ascii-text encrypted 91B8083FE00447F6D804`
			`proposal IKE_PROP`
			`exit`

			`security ike gateway IKE_GW_HUB`
			`ike-policy IKE_POL`
			`local address 91.240.179.238`
			`local network 91.240.179.238/32 protocol gre`
			`remote address any`
			`remote network 78.85.13.42/32 protocol gre`
			`remote network 85.140.32.27/32 protocol gre`
			`remote network 5.227.124.143/32 protocol gre`
			`remote network 78.85.13.93/32 protocol gre`
			`mode policy-based`
			`exit`

			`security ike gateway IKE_GW_SPOKE`
			`ike-policy IKE_POL`
			`local address 91.240.179.238`
			`local network 91.240.179.238/32 protocol gre`
			`remote address any`
			`remote network any protocol gre`
			`mode policy-based`
			`exit`

			`security ipsec proposal IPSEC_PROP`
			`encryption algorithm aes128`
			`exit`

			`security ipsec policy IPSEC_POL_HUB`
			`proposal IPSEC_PROP`
			`exit`

			`security ipsec vpn IPSEC_VPN_HUB`
			`mode ike`
			`type transport`
			`ike establish-tunnel route`
			`ike gateway IKE_GW_HUB`
			`ike ipsec-policy IPSEC_POL_HUB`
			`enable`
			`exit`

			`security ipsec vpn IPSEC_VPN_SPOKE`
			`mode ike`
			`type transport`
			`ike establish-tunnel route`
			`ike gateway IKE_GW_SPOKE`
			`ike ipsec-policy IPSEC_POL_HUB`
			`enable`
			`exit`

			`security passwords min-length 5`
			`security passwords numeric-count 1`
			`security passwords upper-case 1`
			`security passwords history 0`
			`security passwords default-expired`
			`nat source`
			`ruleset SNAT`
			`to zone WAN`
			`rule 10`
			`match source-address OBJ_NET_NAT_USERS`
			`action source-nat interface`
			`enable`
			`exit`
			`exit`
			`exit`

			`ip route 0.0.0.0/0 91.240.179.254`
			`ip route 10.14.104.0/21 blackhole 254`

			`ip ssh server`
			`ip ssh authentication algorithm md5 disable`
			`ip ssh authentication algorithm md5-96 disable`
			`ip ssh authentication algorithm ripemd160 disable`
			`ip ssh authentication algorithm sha1 disable`
			`ip ssh authentication algorithm sha1-96 disable`
			`ip ssh encryption algorithm aes128 disable`
			`ip ssh encryption algorithm aes128ctr disable`
			`ip ssh encryption algorithm aes192 disable`
			`ip ssh encryption algorithm aes192ctr disable`
			`ip ssh encryption algorithm arcfour disable`
			`ip ssh encryption algorithm arcfour128 disable`
			`ip ssh encryption algorithm arcfour256 disable`
			`ip ssh encryption algorithm blowfish disable`
			`ip ssh encryption algorithm cast128 disable`
			`ip ssh key-exchange algorithm dh-group-exchange-sha1 disable`
			`ip ssh key-exchange algorithm dh-group1-sha1 disable`
			`ip ssh key-exchange algorithm dh-group14-sha1 disable`
			`ip ssh key-exchange algorithm ecdh-sha2-nistp256 disable`
			`ip ssh key-exchange algorithm ecdh-sha2-nistp384 disable`
			`ip ssh key-exchange algorithm ecdh-sha2-nistp521 disable`

			`clock timezone gmt +4`

			`ntp enable`
			`ntp server 91.240.179.254`
			`prefer`
			`minpoll 4`
			`exit`
			`ntp server 10.1.8.1`
			`minpoll 4`
			`exit`
			`ntp server 10.4.0.1`
			`minpoll 4`
			`exit`