pycm1k/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/backup/files/eltex/10.14.112.250.txt

370 lines
7.5 KiB
Plaintext
Raw Normal View History

first commit
2025-10-31 08:47:26 +04:00
esr-10# sh run
ip firewall sessions counters
object-group service ssh
port-range 22
exit
object-group service dhcp_server
port-range 67
exit
object-group service dhcp_client
port-range 68
exit
object-group service ntp
port-range 123
exit
object-group service OBJ_SVC_VPN
port-range 500
port-range 4500
exit
object-group network OBJ_NET_STATIC_IP
ip prefix 91.240.179.240/32
exit
object-group network OBJ_NET_USERS
ip prefix 10.99.0.0/24
exit
syslog max-files 3
syslog file-size 512
syslog sequence-numbers
syslog file tmpsys:syslog/default
severity info
exit
syslog file tmpsys:syslog/syslog
severity info
exit
username admin
password encrypted $6$UWb.ZOkNM8ON58/F$YmUxwngy50F9A1s.pckLMJ1Uoe.ZvjmTYTo4ULSYSqoBgdH7Znlb9vmiyv3L4waomDYncyzH1T1M8Tm0wVXoA.
exit
username techsupport
password encrypted $6$MRHOnalF2IZoZ9ki$H38x5vfi52u3yn4KSpkK5LTCI/UfRg2vfqFh6F29/53V4d8LcnQAAjRegqhRRXdeuE2Z.n4lgm7aej3eMng6F1
exit
aaa authentication mode break
aaa authentication login CONSOLE radius local
aaa authentication login SSH radius local
aaa authentication enable default radius enable
radius-server host 10.4.0.248
key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9
exit
line console
login authentication CONSOLE
exit
line ssh
login authentication SSH
exit
tech-support login enable
system jumbo-frames
system config-confirm timeout 120
boot host auto-config
boot host auto-update
vlan 2
exit
no spanning-tree
security zone LAN
exit
security zone WAN
exit
security zone VPN
exit
route-map RM_BGP_OUT
rule 10
exit
exit
router bgp 64556
peer-group PG_BGP_P11
remote-as 64513
graceful-restart
route-map RM_BGP_OUT out
exit
neighbor 172.30.2.1
peer-group PG_BGP_P11
address-family ipv4 unicast
enable
exit
enable
exit
neighbor 172.30.2.2
peer-group PG_BGP_P11
address-family ipv4 unicast
enable
exit
enable
exit
address-family ipv4 unicast
network 10.99.0.0/24
exit
enable
exit
interface gigabitethernet 1/0/1.1100
description "WAN"
security-zone WAN
ip address 91.240.179.240/24
exit
interface gigabitethernet 1/0/2
mode switchport
exit
interface gigabitethernet 1/0/3
mode switchport
exit
interface gigabitethernet 1/0/4
security-zone LAN
ip address 10.99.0.254/24
exit
interface gigabitethernet 1/0/5
mode switchport
exit
interface gigabitethernet 1/0/6
mode switchport
switchport access vlan 2
exit
interface loopback 8
ip address 1.1.1.1/32
ip address 10.255.99.1/32
exit
tunnel gre 1
key 1001
mtu 1400
multipoint
security-zone VPN
local address 91.240.179.240
ip address 172.30.1.76/24
ip tcp adjust-mss 1360
ip nhrp authentication encrypted B18B2823930318AA
ip nhrp holding-time 300
ip nhrp map 172.30.1.2 78.85.13.42
ip nhrp map 172.30.1.1 85.140.32.27
ip nhrp nhs 172.30.1.1/24
ip nhrp nhs 172.30.1.2/24
ip nhrp ipsec IPSEC_VPN_HUB static
ip nhrp ipsec IPSEC_VPN_SPOKE dynamic
ip nhrp multicast nhs
ip nhrp enable
enable
exit
tunnel gre 2
key 1002
mtu 1400
multipoint
security-zone VPN
local address 91.240.179.240
ip address 172.30.2.76/24
ip tcp adjust-mss 1360
ip nhrp authentication encrypted B18B2823930318A9
ip nhrp holding-time 300
ip nhrp map 172.30.2.1 5.227.124.143
ip nhrp map 172.30.2.2 78.85.13.93
ip nhrp nhs 172.30.2.1/24
ip nhrp nhs 172.30.2.2/24
ip nhrp ipsec IPSEC_VPN_HUB static
ip nhrp ipsec IPSEC_VPN_SPOKE dynamic
ip nhrp multicast nhs
ip nhrp enable
enable
exit
snmp-server
snmp-server community "lmTUEsk6Yvlv" ro
security zone-pair LAN WAN
rule 10
description "ANY"
action permit
enable
exit
exit
security zone-pair LAN VPN
rule 10
description "ANY"
action permit
enable
exit
exit
security zone-pair VPN LAN
rule 10
description "ANY"
action permit
enable
exit
exit
security zone-pair LAN self
rule 1
action permit
enable
exit
rule 2
exit
exit
security zone-pair WAN self
rule 1
description "GRE"
action permit
match protocol gre
enable
exit
rule 2
description "ISAKMP"
action permit
match protocol udp
match destination-port OBJ_SVC_VPN
enable
exit
rule 3
description "ESP"
action permit
match protocol esp
enable
exit
rule 10
description "ICMP"
action permit
match protocol icmp
enable
exit
exit
security zone-pair VPN self
rule 10
description "ANY"
action permit
enable
exit
exit
security ike proposal IKE_PROP_1
encryption algorithm aes128
dh-group 2
exit
security ike policy IKE_POL_1
pre-shared-key ascii-text encrypted 91B8083FE00447F6D804
proposal IKE_PROP_1
exit
security ike gateway IKE_GW_HUB
ike-policy IKE_POL_1
local address 91.240.179.240
local network 91.240.179.240/32 protocol gre
remote address any
remote network 78.85.13.42/32 protocol gre
remote network 85.140.32.27/32 protocol gre
remote network 5.227.124.143/32 protocol gre
remote network 78.85.13.93/32 protocol gre
mode policy-based
exit
security ike gateway IKE_GW_SPOKE
ike-policy IKE_POL_1
local address 91.240.179.240
local network 91.240.179.240/32 protocol gre
remote address any
remote network any protocol gre
mode policy-based
exit
security ipsec proposal IPSEC_PROP_1
encryption algorithm aes128
exit
security ipsec policy IPSEC_POL_HUB_1
proposal IPSEC_PROP_1
exit
security ipsec vpn IPSEC_VPN_HUB
mode ike
ike establish-tunnel route
ike gateway IKE_GW_HUB
ike ipsec-policy IPSEC_POL_HUB_1
enable
exit
security ipsec vpn IPSEC_VPN_SPOKE
mode ike
ike establish-tunnel route
ike gateway IKE_GW_SPOKE
ike ipsec-policy IPSEC_POL_HUB_1
enable
exit
security passwords default-expired
nat source
ruleset SNAT
to zone WAN
rule 10
match source-address OBJ_NET_USERS
action source-nat interface
enable
exit
exit
exit
ip dhcp-server pool lan-pool
network 192.168.1.0/24
address-range 192.168.1.2-192.168.1.254
default-router 192.168.1.1
exit
ip route 0.0.0.0/0 91.240.179.254
ip route 10.99.0.0/24 blackhole 254
ip route 9.9.9.9/32 91.240.179.254 track 1 name track_route
ip sla logging level error
ip sla
ip sla logging
ip sla test 1
icmp-echo 8.8.8.8 source-ip 91.240.179.240
exit
ip sla test 2
icmp-echo 10.255.99.1 source-ip 10.99.0.254
exit
ip sla schedule 1 life forever start-time now
ip sla schedule 2 life forever start-time now
ip ssh server
ip ssh authentication algorithm md5 disable
ip ssh authentication algorithm md5-96 disable
ip ssh authentication algorithm ripemd160 disable
ip ssh authentication algorithm sha1 disable
ip ssh authentication algorithm sha1-96 disable
ip ssh encryption algorithm aes128 disable
ip ssh encryption algorithm aes128ctr disable
ip ssh encryption algorithm aes192 disable
ip ssh encryption algorithm aes192ctr disable
ip ssh encryption algorithm arcfour disable
ip ssh encryption algorithm arcfour128 disable
ip ssh encryption algorithm arcfour256 disable
ip ssh encryption algorithm blowfish disable
ip ssh encryption algorithm cast128 disable
ip ssh key-exchange algorithm dh-group-exchange-sha1 disable
ip ssh key-exchange algorithm dh-group1-sha1 disable
ip ssh key-exchange algorithm dh-group14-sha1 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp256 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp384 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp521 disable
clock timezone gmt +4
ntp enable
ntp broadcast-client enable
ntp server 10.1.8.2
minpoll 4
exit
ntp server 10.1.8.1
minpoll 4
exit
track 1
track sla test 1
track sla test 2
exit
esr-10#
Reference in New Issue Copy Permalink