Building configuration... Current configuration : 53237 bytes ! ! Last configuration change at 07:54:40 GLZ Tue May 31 2022 by beltukov ! NVRAM config last updated at 01:30:01 GLZ Thu Jul 28 2022 ! version 15.7 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption service sequence-numbers ! hostname GLZ-VRS-UPF-RT-1-2 ! boot-start-marker boot system flash:c2900-universalk9-mz.SPA.157-3.M.bin boot-end-marker ! ! security authentication failure rate 3 log logging buffered 16386 logging rate-limit 100 except warnings logging console critical ! aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip radius source-interface GigabitEthernet0/2.311 load-balance method least-outstanding ! aaa authentication login default local group NPS enable aaa authentication login LOCAL_AUTH local aaa authentication login sslvpn local aaa authentication login CONSOLE local group NPS aaa authorization exec default local group NPS if-authenticated aaa authorization network sslvpn local ! aaa attribute list ANYCONNECT_RDP attribute type user-vpn-group "WEBVPN_POLICY_RDP" ! aaa attribute list ANYCONNECT_FULL attribute type user-vpn-group "WEBVPN_POLICY_FULL" ! aaa attribute list ANYCONNECT_FULL_SIP attribute type user-vpn-group "WEBVPN_POLICY_FULL_SIP" ! aaa attribute list ANYCONNECT_ADMIN attribute type user-vpn-group "WEBVPN_POLICY_ADMIN" ! ! ! ! ! aaa session-id common clock timezone GLZ 4 0 ! ! ! ! ! ! no ip source-route no ip gratuitous-arps ! ! ! ! ! ! ip flow-cache timeout inactive 60 ip flow-cache timeout active 5 no ip bootp server ip domain timeout 2 ip domain name udmpf.local ip host tftp 10.4.0.214 ip name-server 8.8.8.8 ip name-server 78.85.0.1 ip name-server 78.85.1.1 ip inspect tcp reassembly queue length 128 ip inspect tcp reassembly timeout 10 ip inspect name INTERNET tcp router-traffic ip inspect name INTERNET udp router-traffic ip inspect name INTERNET icmp router-traffic ip cef login block-for 60 attempts 3 within 20 no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! cts logging verbose ! crypto pki trustpoint CA_VPNUPF_KOMOS_RU enrollment terminal pem revocation-check none ! crypto pki trustpoint VPNUPF_KOMOS_RU enrollment pkcs12 revocation-check none rsakeypair VPNUPF_KOMOS_RU ! crypto pki trustpoint UDMPF_RU_2022 enrollment pkcs12 revocation-check crl rsakeypair UDMPF_RU_2022 ! crypto pki trustpoint UDMPF_RU_2022-rrr1 revocation-check crl ! ! crypto pki certificate chain CA_VPNUPF_KOMOS_RU certificate ca 01FD6D30FCA3CA51A81BBC640E35032D 308205DE 308203C6 A0030201 02021001 FD6D30FC A3CA51A8 1BBC640E 35032D30 0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113 30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65 72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553 54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253 41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313030 32303130 30303030 305A170D 33383031 31383233 35393539 5A308188 310B3009 06035504 06130255 53311330 11060355 0408130A 4E657720 4A657273 65793114 30120603 55040713 0B4A6572 73657920 43697479 311E301C 06035504 0A131554 68652055 53455254 52555354 204E6574 776F726B 312E302C 06035504 03132555 53455254 72757374 20525341 20436572 74696669 63617469 6F6E2041 7574686F 72697479 30820222 300D0609 2A864886 F70D0101 01050003 82020F00 3082020A 02820201 00801265 17360EC3 DB08B3D0 AC570D76 EDCD27D3 4CAD5083 61E2AA20 4D092D64 09DCCE89 9FCC3DA9 ECF6CFC1 DCF1D3B1 D67B3728 112B47DA 39C6BC3A 19B45FA6 BD7D9DA3 6342B676 F2A93B2B 91F8E26F D0EC1620 90093EE2 E874C918 B491D462 64DB7FA3 06F18818 6A90223C BCFE13F0 87147BF6 E41F8ED4 E451C611 67460851 CB861454 3FBC33FE 7E6C9CFF 169D18BD 518E35A6 A766C872 67DB2166 B1D49B78 03C0503A E8CCF0DC BC9E4CFE AF059635 1F575AB7 FFCEF93D B72CB6F6 54DDC8E7 123A4DAE 4C8AB75C 9AB4B720 3DCA7F22 34AE7E3B 68660144 E7014E46 539B3360 F794BE53 37907343 F332C353 EFDBAAFE 744E69C7 6B8C6093 DEC4C70C DFE132AE CC933B51 7895678B EE3D56FE 0CD0690F 1B0FF325 266B336D F76E47FA 7343E57E 0EA566B1 297C3284 635589C4 0DC19354 301913AC D37D37A7 EB5D3A6C 355CDB41 D712DAA9 490BDFD8 808A0993 628EB566 CF2588CD 84B8B13F A4390FD9 029EEB12 4C957CF3 6B05A95E 1683CCB8 67E2E813 9DCC5B82 D34CB3ED 5BFFDEE5 73AC233B 2D00BF35 55740949 D849581A 7F9236E6 51920EF3 267D1C4D 17BCC9EC 4326D0BF 415F40A9 4444F499 E757879E 501F5754 A83EFD74 632FB150 6509E658 422E431A 4CB4F025 4759FA04 1E93D426 464A5081 B2DEBE78 B7FC6715 E1C95784 1E0F63D6 E962BAD6 5F552EEA 5CC62808 042539B8 0E2BA9F2 4C971C07 3F0D52F5 EDEF2F82 0F020301 0001A342 3040301D 0603551D 0E041604 145379BF 5AAA2B4A CF5480E1 D89BC09D F2B20366 CB300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF300D 06092A86 4886F70D 01010C05 00038202 01005CD4 7C0DCFF7 017D4199 650C73C5 529FCBF8 CF99067F 1BDA4315 9F9E0255 579614F1 523C2787 9428ED1F 3A0137A2 76FC5350 C0849BC6 6B4EBA8C 214FA28E 556291F3 6915D8BC 88E3C4AA 0BFDEFA8 E94B552A 06206D55 782919EE 5F305C4B 241155FF 249A6E5E 2A2BEE0B 4D9F7FF7 01389414 95430709 FB60A9EE 1CAB128C A09A5EA7 986A596D 8B3F08FB C8D145AF 18156490 120F7328 2EC5E224 4EFC58EC F0F445FE 22B3EB2F 8ED2D945 6105C197 6FA87672 8F8B8C36 AFBF0D05 CE718DE6 A66F1F6C A67162C5 D8D08372 0CF16711 890C9C13 4C7234DF BCD571DF AA71DDE1 B96C8C3C 125D65DA BD5712B6 436BFFE5 DE4D6611 51CF99AE EC17B6E8 71918CDE 49FEDD35 71A21527 941CCF61 E326BB6F A3672521 5DE6DD1D 0B2E681B 3B82AFEC 836785D4 985174B1 B9998089 FF7F7819 5C794A60 2E9240AE 4C372A2C C9C762C8 0E5DF736 5BCAE025 2501B4DD 1A079C77 003FD0DC D5EC3DD4 FABB3FCC 85D66F7F A92DDFB9 02F7F597 9AB535DA C367B087 4AA9289E 238EFF5C 276BE1B0 4FF307EE 002ED459 87CB5241 95EAF447 D7EE6441 557C8D59 0295DD62 9DC2B9EE 5A287484 A59BB790 C70C07DF F5893674 32D628C1 B0B00BE0 9C4CC31C D6FCE369 B5474681 2FA282AB D3634470 C48DFF2D 33BAAD8F 7BB57088 AE3E19CF 4028D8FC C890BB5D 9922F552 E658C51F 883143EE 881DD7C6 8E3C436A 1DA718DE 7D3D16F1 62F9CA90 A8FD quit crypto pki certificate chain VPNUPF_KOMOS_RU certificate 0093FAAC8A0C37F508F5D3C800883BFDB6 308206C2 308205AA A0030201 02021100 93FAAC8A 0C37F508 F5D3C800 883BFDB6 300D0609 2A864886 F70D0101 0B050030 8195310B 30090603 55040613 02474231 1B301906 03550408 13124772 65617465 72204D61 6E636865 73746572 3110300E 06035504 07130753 616C666F 72643118 30160603 55040A13 0F536563 7469676F 204C696D 69746564 313D303B 06035504 03133453 65637469 676F2052 5341204F 7267616E 697A6174 696F6E20 56616C69 64617469 6F6E2053 65637572 65205365 72766572 20434130 1E170D32 30303532 31303030 3030305A 170D3231 30363036 32333539 35395A30 81BF310B 30090603 55040613 02525531 0F300D06 03550411 13063132 37303135 31193017 06035504 08131055 646D7572 74736B61 79612052 65737031 0F300D06 03550407 13064D6F 73636F77 31433041 06035504 09133A64 2E203220 6B6F7270 2E203120 706F6D2E 20584C49 206B6F6D 2E203120 6574617A 6820352C 20756C2E 204E6F76 6F646D69 74726F76 736B6179 61311930 17060355 040A1310 4B4F4D4F 53204752 5550502C 204F4F4F 31133011 06035504 030C0A2A 2E6B6F6D 6F732E72 75308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100A9BC A8041307 C2830836 182F1AD2 C9D774D7 E50702F9 60DC1C7B BBD56BD9 398B8CDB F56C4BD7 F6F0C489 EC427A54 B89402D5 B305D795 0F52D67A D6F82E80 89650879 4F719B66 21C14B0D 0FABC31E 6FE730EF 71B553C8 DBE2A5C4 F069BB0D 3C141AC6 3DA12719 31D1DE66 D34DCCCB 490B0FAA D68C5E15 7A9962FD 09E2B17D 74115809 B1ABDE35 323B7E3E 48816379 338849E9 5F906B3E A711DBBC 1C3C76C2 2E5FE73C E67A9249 90347DE7 79623B3D 42D48F61 C745B439 54B21C99 9FB93878 F298AB84 53CFF3CC A34C039E 89393DF1 80192065 DCDA3811 291251A8 43C27A6D A5119AB1 9BECCF61 B14BE8B9 5822B8E0 07DF763F E688AB56 F630725B 040F0C58 86010203 010001A3 8202DF30 8202DB30 1F060355 1D230418 30168014 17D9D625 2767F931 C24943D9 3036448C 6CA94FEB 301D0603 551D0E04 1604144D 10DBEA91 956D4FC3 2B72ED20 556CFA1E 38927130 0E060355 1D0F0101 FF040403 0205A030 0C060355 1D130101 FF040230 00301D06 03551D25 04163014 06082B06 01050507 03010608 2B060105 05070302 304A0603 551D2004 43304130 35060C2B 06010401 B2310102 01030430 25302306 082B0601 05050702 01161768 74747073 3A2F2F73 65637469 676F2E63 6F6D2F43 50533008 06066781 0C010202 305A0603 551D1F04 53305130 4FA04DA0 4B864968 7474703A 2F2F6372 6C2E7365 63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761 6E697A61 74696F6E 56616C69 64617469 6F6E5365 63757265 53657276 65724341 2E63726C 30818A06 082B0601 05050701 01047E30 7C305506 082B0601 05050730 02864968 7474703A 2F2F6372 742E7365 63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761 6E697A61 74696F6E 56616C69 64617469 6F6E5365 63757265 53657276 65724341 2E637274 30230608 2B060105 05073001 86176874 74703A2F 2F6F6373 702E7365 63746967 6F2E636F 6D301F06 03551D11 04183016 820A2A2E 6B6F6D6F 732E7275 82086B6F 6D6F732E 72753082 0104060A 2B060104 01D67902 04020481 F50481F2 00F00076 007D3EF2 F88FFF88 556824C2 C0CA9E52 89792BC5 0E78097F 2E6A9768 997E22F0 D7000001 7236A9F2 D2000004 03004730 45022100 BACB9772 4718DCE5 AFEED323 E69255EB F80BC770 691BC5CC 6ED46DC0 7B943C7A 02206694 07DA794C 00D45D62 77AE3C67 551C8579 1809B227 1DB745AD 453697BE 07130076 009420BC 1E8ED58D 6C88731F 828B222C 0DD1DA4D 5E6C4F94 3D61DB4E 2F584DA2 C2000001 7236A9F3 87000004 03004730 45022100 F36F3BC4 9BA01275 14F2FF66 148551B5 C6A70EBE 09A65A0D CCF96BF1 92C2B748 02207971 87B7F2D7 A2E5C871 A2643DCB F9D929BA 8FA907CC B13764C8 087C64E5 E33E300D 06092A86 4886F70D 01010B05 00038201 010091BE 0134215B E5683466 47B8CBD4 95E668A9 E30DE2EA A58F0276 88F68F0B D5656A80 642FB4C4 633C68E5 FB95144E 185DDB2A 9E796A26 2F0147D8 6850CEFC A41D8856 A62E9EBF 907523C5 AB9F25C0 E0556618 2416F912 AE30B0F1 C4621BDB AEF3E06F 55FA13E9 F9549290 3AD8617F BCEE2058 4B04A901 4C1E9A18 D5FD603C C92178FB 1ABC12E8 84E8F30E 3E08F04F D8544887 460AC53B 78A06E0E 27EC0426 2AA9E09D A5EF10C1 1EEA1FA4 CE572F16 9081F5CE 94371A35 35B32B0B DCB1BCD8 A872E24D A7045002 52764CAD F80FAC74 FBF9EF0F DD9F3397 DAE4CE81 BB504649 0A2DE226 8E037485 4392319B 7116D45E B8D40724 FC487229 4651A35D 0483B01E E61E quit certificate ca 137D539CAA7C31A9A433701968847A8D 30820619 30820401 A0030201 02021013 7D539CAA 7C31A9A4 33701968 847A8D30 0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113 30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65 72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553 54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253 41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313831 31303230 30303030 305A170D 33303132 33313233 35393539 5A308195 310B3009 06035504 06130247 42311B30 19060355 04081312 47726561 74657220 4D616E63 68657374 65723110 300E0603 55040713 0753616C 666F7264 31183016 06035504 0A130F53 65637469 676F204C 696D6974 6564313D 303B0603 55040313 34536563 7469676F 20525341 204F7267 616E697A 6174696F 6E205661 6C696461 74696F6E 20536563 75726520 53657276 65722043 41308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 01009C93 0246454A 524892FC 578DF92D EA53BEB3 2CD5D8A8 A5EC5B69 03C01D10 F65933DE FE0748A8 E88C7A67 4AF1F58D C33766D0 3291F7C4 9D0460C4 B54AE283 8BA7AE26 D45D3A5E F8D11671 BB8ABD71 A27DC8CE A26024B0 52A03A45 51DE7893 6C6260F1 E4569CB7 3BF73C55 D8DFD57A 317C357F 125170E1 2CBE04AC CBFA4FE1 7C656AC0 40A7D97C A5638419 E1F7CAEF AAB4E858 5AD999E3 26DF8E12 B2B8DC33 B236DA14 1D965842 406E0B22 851C5122 AEC4C806 456D92E6 67B71923 E4D8366B 85D07FC7 52E3CFB0 7501E089 B4A8BF8A 364EA3E0 6CEB8441 CEA52F48 22139750 62451E09 A5CC9F6C 57704006 DB20E81B D6F3938B A7329EB7 441509D7 AFFD7C01 1CDB0203 010001A3 82016E30 82016A30 1F060355 1D230418 30168014 5379BF5A AA2B4ACF 5480E1D8 9BC09DF2 B20366CB 301D0603 551D0E04 16041417 D9D62527 67F931C2 4943D930 36448C6C A94FEB30 0E060355 1D0F0101 FF040403 02018630 12060355 1D130101 FF040830 060101FF 02010030 1D060355 1D250416 30140608 2B060105 05070301 06082B06 01050507 0302301B 0603551D 20041430 12300606 04551D20 00300806 0667810C 01020230 50060355 1D1F0449 30473045 A043A041 863F6874 74703A2F 2F63726C 2E757365 72747275 73742E63 6F6D2F55 53455254 72757374 52534143 65727469 66696361 74696F6E 41757468 6F726974 792E6372 6C307606 082B0601 05050701 01046A30 68303F06 082B0601 05050730 02863368 7474703A 2F2F6372 742E7573 65727472 7573742E 636F6D2F 55534552 54727573 74525341 41646454 72757374 43412E63 72743025 06082B06 01050507 30018619 68747470 3A2F2F6F 6373702E 75736572 74727573 742E636F 6D300D06 092A8648 86F70D01 010C0500 03820201 004E1340 96C9C3E6 6E5BC0E3 BAF417E1 AE091FC9 BFCB0C25 16F27353 B3761AB7 AB4806D6 CD007C20 4543456C 165A1B13 61D749BA A402A4AC E8CECE2D C92A74A3 DCDEAEAB D06836F8 91AF3C01 F777D50B CF97ABEB 87E715A8 FA305A61 7120B1C0 43C4B98F 6D8A31EB 153624FB 62D50B9C 8FE966BD E6615197 93B61D87 BDB0B56C FEA61129 06613431 303D2027 7351D0DE 8583D377 39204696 DAA7C65A 162785B2 CF4E0F4E 8C5CBEBE 3800F84B F9727BD4 F27AD7A2 2985D004 BAD3422C 5188522E D13D2467 47EC55CC 1BF4CA34 EA26C1DE DDC42189 F6BA7B32 1E8E965E 844538CF 80AA3769 8B601774 1548919C 6DF04EA3 77CA1B1C 48FAF9CF 49E85F4F 850AE28F 901BAB70 4C9AEBB7 A63FB4AC 5DA45FCF E6D88A96 90F74F26 8160765D 0F247791 B32A319F 165AB25D 8C1C29AA 489C8E6F D3784070 DB77ECDD E3D15705 702DE649 98880584 62057056 7686394E D3226F1D FE6DF10E B362C43C CBC085B9 611EBAE1 15805994 0CAE05BB 8C7F56BE 1CD25ABF 97F26A4C B0C67076 B0908DC1 0B36B911 D8D6285C EA4FFE24 B7180A9B 0CD0C17C 5CFB69BD CCA24DC6 90BCA64D F2B1BAD6 9A675B96 0252D082 F9C40A5C 0D28E03F C8FA9595 89D5A4BE 496C40B2 3EA86BB8 D525B2C4 FEF1D3D7 E7D6DC43 017630FB 3B8B5DF7 4A897C9A 35BEFCCA F05701F0 8D3FA087 327B475A 974B82D2 66C2C42D EA3F24F4 A7F9A8B9 E36AD918 61A03B8C 15 quit crypto pki certificate chain UDMPF_RU_2022 certificate 36AEAC3B6D1121B8DFB09479 30820698 30820580 A0030201 02020C36 AEAC3B6D 1121B8DF B0947930 0D06092A 864886F7 0D01010B 05003050 310B3009 06035504 06130242 45311930 17060355 040A1310 476C6F62 616C5369 676E206E 762D7361 31263024 06035504 03131D47 6C6F6261 6C536967 6E205253 41204F56 2053534C 20434120 32303138 301E170D 32313035 31373132 33323538 5A170D32 32303631 38313233 3235385A 3074310B 30090603 55040613 02525531 18301606 03550408 130F5564 6D757274 20526570 75626C69 63310F30 0D060355 04071306 476C617A 6F763125 30230603 55040A13 1C4C4C43 2055646D 75727473 6B617961 20707469 63656661 6272696B 61311330 11060355 04030C0A 2A2E7564 6D70662E 72753082 0122300D 06092A86 4886F70D 01010105 00038201 0F003082 010A0282 010100AE B0F4E7BA AF4D8330 0A40CDC7 BAF06FC3 485BD3E9 479B929F AA49719C 6F98BCC4 FECD3B84 A5D377B6 0127AC97 DC734276 01FDDDCF 22347B65 BC7208B3 ADDFDD53 FF56D0A4 A6F2CC6D 9FD9F6AE A098182B 9C398183 395A1B0F 94B25598 0013C727 4CA91B66 A4556814 CDB7C637 6F1B0A51 89F6397E B1DA82AB F6CC57CA 7019DB97 D1854E03 8FC1D51B 4687A9AE 854C717A 5637E0F3 5AD48B96 76E38F5E 4C065A02 64F1ED56 15D30EF0 EFBDE3BD E6C675C9 BC1C9117 831E8A54 E73AE92B CC9318D3 966AA945 4C0ED6E8 6E99C323 59F0593A 4092A45A 5C1EAD99 116E41BB B01238FA 7924B3FE DAD8B605 F9CCB159 64F9AB6A 9EAEE21D 303FDBE6 B569725D 5C8C3102 03010001 A382034C 30820348 300E0603 551D0F01 01FF0404 030205A0 30818E06 082B0601 05050701 01048181 307F3044 06082B06 01050507 30028638 68747470 3A2F2F73 65637572 652E676C 6F62616C 7369676E 2E636F6D 2F636163 6572742F 67737273 616F7673 736C6361 32303138 2E637274 30370608 2B060105 05073001 862B6874 74703A2F 2F6F6373 702E676C 6F62616C 7369676E 2E636F6D 2F677372 73616F76 73736C63 61323031 38305606 03551D20 044F304D 30410609 2B060104 01A03201 14303430 3206082B 06010505 07020116 26687474 70733A2F 2F777777 2E676C6F 62616C73 69676E2E 636F6D2F 7265706F 7369746F 72792F30 08060667 810C0102 02300906 03551D13 04023000 303F0603 551D1F04 38303630 34A032A0 30862E68 7474703A 2F2F6372 6C2E676C 6F62616C 7369676E 2E636F6D 2F677372 73616F76 73736C63 61323031 382E6372 6C301F06 03551D11 04183016 820A2A2E 75646D70 662E7275 82087564 6D70662E 7275301D 0603551D 25041630 1406082B 06010505 07030106 082B0601 05050703 02301F06 03551D23 04183016 8014F8EF 7FF2CD78 67A8DE6F 8F248D88 F1870302 B3EB301D 0603551D 0E041604 14316968 3538F249 EE165269 989B77D3 C7FC1A26 81308201 7F060A2B 06010401 D6790204 02048201 6F048201 6B016900 76006F53 76AC31F0 3119D899 00A45115 FF77151C 11D902C1 0029068D B2089A37 D9130000 01797A50 B86A0000 04030047 30450220 551CC3D2 72DB8D36 C83DBA5F 2131E9D9 77C3F934 3C7E50AD 9CDC27FF 1CF78430 022100E1 45D7E0BB 8F9EF94A B56F91A3 344D5926 A28C533B DF021AD1 E4F7D0B1 BF0A0D00 76002979 BEF09E39 3921F056 739F63A5 77E5BE57 7D9C600A F8F94D5D 265C255D C7840000 01797A50 B9C00000 04030047 30450221 009CC6C1 7DEAD0B9 36257B96 A003BBE4 E8C85979 D0D40DFC D4DDEB2E E6E809EC E0022023 AD108258 C6C13EB1 1DA568D0 EDB3C362 7F1B919B D6642EBF 365C1B70 B85FBB00 770051A3 B0F5FD01 799C566D B837788F 0CA47ACC 1B27CBF7 9E88429A 0DFED48B 05E50000 01797A50 B96F0000 04030048 30460221 009C2F0F 974D90DE B37D4C9E 61740775 FD00F549 98208ABA 1C0C0AB2 5DC75FE2 2C022100 ACAC9356 7D692121 7833488C B0BC9453 538ED9BA 08D056E3 90F406F7 69AF2FE5 300D0609 2A864886 F70D0101 0B050003 82010100 661ADC6B 6C11AAAC 30BAFA40 F0CD31A9 27A0A456 FBAE139F FD085FF5 E7834057 B0137DF2 7C388102 7121EFE6 E8B278D8 0908D154 BD5BB1CB 8B5DE43A 9651B030 EC344FE5 D48E58A8 422C2873 C075466C 20A30CA7 A3B877AE 0E08B611 4478731A 3083B573 62A8E2CC E1328E6C C17741CC 15B8A0D5 125CE940 A2F9A417 992C8F7D 786B2B0C 106E6471 6D679173 B4C51C6D 99A3626E 4AE7BBB1 6471C0BB 24FEC309 FA46B414 0C09F8BB 0211E36E A0A461FE 5E8859CF F4588930 BCAEA1F3 E8AA2A66 F954DC88 0C19570D D685BD4E D5634B51 5BE3EB90 54A195B5 18D07FD9 C309A182 36588DA1 35F3E07C 2F40CBD3 68EBE169 C975C333 3EF453B7 D94A8DD9 7D807312 quit certificate ca 01EE5F221DFC623BD4333A8557 3082044E 30820336 A0030201 02020D01 EE5F221D FC623BD4 333A8557 300D0609 2A864886 F70D0101 0B050030 4C312030 1E060355 040B1317 476C6F62 616C5369 676E2052 6F6F7420 4341202D 20523331 13301106 0355040A 130A476C 6F62616C 5369676E 31133011 06035504 03130A47 6C6F6261 6C536967 6E301E17 0D313831 31323130 30303030 305A170D 32383131 32313030 30303030 5A305031 0B300906 03550406 13024245 31193017 06035504 0A131047 6C6F6261 6C536967 6E206E76 2D736131 26302406 03550403 131D476C 6F62616C 5369676E 20525341 204F5620 53534C20 43412032 30313830 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A75AC9D5 0C182100 23D5970F EBAEDD5C 686B6B8F 5060137A 81CB97EE 8E8A6194 4B2679F6 04A72AFB A4DA56BB EEA0A4F0 7B8A7F55 1F479361 0D6E7151 3A252408 2F8CE1F7 89D692CF AFB3A73F 30EDB5DF 21AEFEF5 4417FDD8 63D92FD3 815A6B5F D347B0AC F2AB3B24 794F1FC7 2EEAB915 3A7C184C 69B3B520 59095E29 C363E62E 465BAA94 90490EB9 F0F54AA1 092F7C34 4DD0BC00 C5065579 06CEA2D0 10F14843 E8B95AB5 9555BD31 D21B3D86 BEA1EC0D 12DB2C99 24AD47C2 6F03E67A 70B570CC CD272CA5 8C8EC218 3C92C92E 736F0610 569340AA A3C552FB E5C505D6 69685C06 B9EE5189 E18A0E41 4D9B9290 0A89E916 6BEFEF75 BE7A46B8 E3478A1D 1C2EA74F 02030100 01A38201 29308201 25300E06 03551D0F 0101FF04 04030201 86301206 03551D13 0101FF04 08300601 01FF0201 00301D06 03551D0E 04160414 F8EF7FF2 CD7867A8 DE6F8F24 8D88F187 0302B3EB 301F0603 551D2304 18301680 148FF04B 7FA82E45 24AE4D50 FA639A8B DEE2DD1B BC303E06 082B0601 05050701 01043230 30302E06 082B0601 05050730 01862268 7474703A 2F2F6F63 7370322E 676C6F62 616C7369 676E2E63 6F6D2F72 6F6F7472 33303606 03551D1F 042F302D 302BA029 A0278625 68747470 3A2F2F63 726C2E67 6C6F6261 6C736967 6E2E636F 6D2F726F 6F742D72 332E6372 6C304706 03551D20 0440303E 303C0604 551D2000 30343032 06082B06 01050507 02011626 68747470 733A2F2F 7777772E 676C6F62 616C7369 676E2E63 6F6D2F72 65706F73 69746F72 792F300D 06092A86 4886F70D 01010B05 00038201 01009990 C82D5F42 8AD40B66 DB980373 11D48886 5228538A FBADDFFD 738E3A67 04DBC353 14701409 7CC3E0F8 D71C981A A2C43EDB E900E3CA 70B2F122 302156DB D3AD795E 81580B6D 148035F5 6F5D1DEB 9A4705FF 598D00B1 40DA9098 961ABA6C 6D7F8CF5 B380DF8C 64733696 79796974 EABFF89E 018FA095 698DE984 BAE9E5D4 8838DB78 3B98D036 7B29B0D2 521890DE 524300AE 6A27C814 9E8695AC E1803130 7E9A25BB 8BAC0423 A69900E8 F1D226EC 0F7E3B8A 2B923813 1D8F86CD 865247E6 347C5BA4 023E8A61 7C227653 5A945333 86B892A8 72AFA1F9 52871F31 A5FCB081 572FCDF4 CEDCF624 CFA7E234 90689DFE AAF1A99A 12CC9BC0 C6C3A8A5 B0217EDE 48F6 quit crypto pki certificate chain UDMPF_RU_2022-rrr1 certificate ca 04000000000121585308A2 3082035F 30820247 A0030201 02020B04 00000000 01215853 08A2300D 06092A86 4886F70D 01010B05 00304C31 20301E06 0355040B 1317476C 6F62616C 5369676E 20526F6F 74204341 202D2052 33311330 11060355 040A130A 476C6F62 616C5369 676E3113 30110603 55040313 0A476C6F 62616C53 69676E30 1E170D30 39303331 38313030 3030305A 170D3239 30333138 31303030 30305A30 4C312030 1E060355 040B1317 476C6F62 616C5369 676E2052 6F6F7420 4341202D 20523331 13301106 0355040A 130A476C 6F62616C 5369676E 31133011 06035504 03130A47 6C6F6261 6C536967 6E308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100CC25 76907906 782216F5 C083B684 CA289EFD 057611C5 AD8872FC 460243C7 B28A9D04 5F24CB2E 4BE16082 46E152AB 0C814770 6CDD64D1 EBF52CA3 0F823D0C 2BAE97D7 B6148610 79BB3B13 80778C08 E149D26A 622F1F5E FA9668DF 89279538 9F06D73E C9CB2659 0D73DEB0 C8E9260E 8315C6EF 5B8BD204 60CA49A6 28F6693B F6CBC828 91E59D8A 615737AC 7414DC74 E03AEE72 2F2E9CFB D0BBBFF5 3D00E106 33E8822B AE53A63A 16738CDD 410E203A C0B4A7A1 E9B24F90 2E3260E9 57CBB904 926868E5 38266075 B29F77FF 9114EFAE 2049FCAD 401548D1 02316119 5EB897EF AD77B764 9A7ABF5F C113EF9B 62FB0D6C E0546916 A903DA6E E9839371 76C66985 82170203 010001A3 42304030 0E060355 1D0F0101 FF040403 02010630 0F060355 1D130101 FF040530 030101FF 301D0603 551D0E04 1604148F F04B7FA8 2E4524AE 4D50FA63 9A8BDEE2 DD1BBC30 0D06092A 864886F7 0D01010B 05000382 0101004B 40DBC050 AAFEC80C EFF79654 4549BB96 000941AC B3138686 280733CA 6BE674B9 BA002DAE A40AD3F5 F1F10F8A BF73674A 83C7447B 78E0AF6E 6C6F0329 8E333945 C38EE4B9 576CAAFC 1296EC53 C62DE424 6CB99463 FBDC5368 67563E83 B8CF3521 C3C968FE CEDAC253 AACC908A E9F05D46 8C95DD7A 58281A2F 1DDECD00 37418FED 446DD753 28977EF3 67041E15 D78A96B4 D3DE4C27 A44C1B73 7376F417 99C21F7A 0EE32D08 AD0A1C2C FF3CAB55 0E0F917E 36EBC357 49BEE12E 2D7C608B C3415113 239DCEF7 326B9401 A899E72C 331F3A3B 25D28640 CE3B2C86 78C9612F 14BAEEDB 556FDF84 EE05094D BD28D872 CED36250 651EEB92 978331D9 B3B5CA47 583F5F quit voice-card 0 ! ! ! ! ! ! ! ! license udi pid C2911R-CME-SRST/K9 sn JTV2029TJ9Y license accept end user agreement license boot module c2900 technology-package securityk9 ! ! archive log config logging enable logging size 200 notify syslog contenttype plaintext hidekeys path tftp://tftp/GLZ/VRS/UPF-RT/$H.$T.conf write-memory time-period 10080 object-group service KERIO_VPN tcp eq 4090 udp eq 4090 ! object-group network KONTUR host 46.17.201.72 host 46.17.201.76 host 46.17.201.78 host 46.17.201.71 host 46.17.201.73 host 91.191.245.11 host 46.48.66.80 46.17.201.0 255.255.255.0 ! object-group network NET_AUDIT_PRICE host 217.30.254.106 ! object-group network NET_AUDIT_RSM host 92.55.47.17 ! object-group network NET_CITEK host 92.55.27.180 ! object-group network NET_MLK description :: MILKOM_DATACENTER host 85.140.32.177 host 78.85.14.98 ! object-group network NET_IZH_MLK description --IZHMOLOKO-- host 78.85.13.42 host 85.140.32.27 host 31.173.105.54 host 217.14.195.253 host 84.201.247.157 ! object-group network NET_PS_PF host 5.227.121.127 host 46.232.164.108 host 78.85.13.117 host 78.85.13.118 host 78.85.13.119 host 78.85.14.98 host 78.85.33.50 host 85.140.32.141 host 85.140.32.177 host 85.140.32.178 host 88.80.33.14 host 95.215.208.234 host 178.47.130.10 host 178.205.241.114 ! object-group network NET_KOMOSGROUP 91.240.179.0 255.255.255.0 host 5.227.124.143 host 62.141.96.126 host 84.201.247.190 host 88.80.33.10 host 88.80.33.50 host 94.25.46.122 ! object-group network NET_DMVPN_NBRS group-object NET_MLK group-object NET_IZH_MLK group-object NET_PS_PF group-object NET_KOMOSGROUP ! object-group network NET_LOTSMAN host 91.210.192.218 host 146.120.105.190 host 91.228.57.11 ! object-group network NET_REMOTE_SITES group-object NET_IZH_MLK group-object NET_KOMOSGROUP ! object-group network NET_SIP_PROVIDERS host 195.34.37.35 host 178.45.249.116 host 213.219.235.45 host 185.127.149.60 ! object-group network NET_SIP_TRUNK host 178.45.249.116 ! object-group network NET_UNIKON host 85.143.250.30 ! object-group network NET_VARAKSINO host 78.85.33.50 host 94.181.119.90 host 85.140.32.177 ! object-group network OBJ_BBN_RN_BBN host 85.140.32.104 host 78.85.13.205 ! object-group network OBJ_BBN_VST_BBN host 85.140.32.103 host 83.169.220.204 ! object-group network OBJ_IZH_MLK_IZM host 85.140.32.27 host 78.85.13.42 host 5.227.126.169 host 31.173.105.54 host 217.14.195.253 host 85.175.86.74 ! object-group network OBJ_IZH_KG_P11 91.240.179.0 255.255.255.0 host 5.227.124.143 host 78.85.13.93 host 62.141.96.126 host 84.201.247.190 host 88.80.33.50 host 94.25.46.122 range 91.240.179.1 91.240.179.254 ! object-group network OBJ_IZH_VST_IZM host 5.227.124.82 host 78.85.13.38 ! object-group network OBJ_IZH_TK_M44 host 212.46.204.74 host 88.80.33.162 ! object-group network OBJ_IZH_TK_M48 host 87.249.237.250 ! object-group network OBJ_IZH_TK_SMR host 87.249.239.226 host 88.80.33.42 ! object-group network OBJ_MSK_KG_MSK host 185.62.195.150 host 185.6.175.101 ! object-group network OBJ_GLZ_MLK_GMK host 31.173.105.62 host 85.140.32.29 ! object-group network OBJ_KZN_MLK_KMK host 83.69.126.54 host 94.180.253.210 host 78.138.171.82 ! object-group network OBJ_KEZ_MLK_KZS host 31.173.105.66 host 78.85.13.52 host 85.140.32.30 ! object-group network OBJ_PRM_MLK_PHK host 178.47.128.18 host 46.146.210.68 ! object-group network OBJ_SAR_MLK_SRM host 31.173.105.58 host 78.85.13.53 host 85.140.32.28 ! object-group network OBJ_CLB_MLK_CMK host 37.113.128.241 host 149.255.6.35 ! object-group network OBJ_GLZ_GKZ_GKZ host 78.85.13.94 host 146.120.104.181 ! object-group network OBJ_KIA_RN_KIA host 78.85.14.97 ! object-group network OBJ_IZH_TZK_TZK host 78.25.80.134 host 5.227.124.235 ! object-group network OBJ_IZH_MK_VS17 host 5.227.124.141 ! object-group network OBJ_IZH_KL_KLI host 78.85.15.85 host 84.201.247.24 host 79.175.36.97 host 84.201.244.235 ! object-group network OBJ_EKB_KG_EKB host 62.168.232.182 host 176.215.14.11 ! object-group network OBJ_IZH_KEN_VS56 host 83.143.54.246 host 92.55.54.109 ! object-group network OBJ_IZH_VRS_IZM host 85.140.32.177 host 78.85.14.98 ! object-group network OBJ_GLZ_VRS_UPF host 95.215.208.234 host 78.85.13.119 ! object-group network OBJ_IZH_VRS_IPF host 85.140.32.141 host 78.85.13.117 ! object-group network OBJ_IZH_VRS_PFV host 85.140.32.178 host 94.181.119.90 host 78.85.33.50 ! object-group network OBJ_VOT_VRS_VPF host 78.85.13.118 host 88.80.33.14 ! object-group network OBJ_MSB_TMA_MSB host 78.138.182.214 ! object-group network OBJ_KIB_TMA_KIB host 78.138.182.126 ! object-group network OBJ_PRM_VRS_MPF host 178.47.130.10 host 5.227.121.127 ! object-group network OBJ_LAI_VRS_DPF host 178.205.241.114 host 46.232.164.108 ! object-group network OBJ_SHM_TMA_SHM host 89.232.91.106 host 31.173.182.210 ! object-group network OBJ_EVL_TMA_EVL host 89.232.102.166 ! object-group network OBJ_ITL_VST_ITL host 5.227.124.130 host 78.85.34.99 host 81.211.13.82 ! object-group network OBJ_MZH_VST_MZH host 88.80.33.250 host 83.169.220.171 ! object-group network OBJ_KIA_VST_KIA host 85.140.32.24 host 188.94.168.238 ! object-group network OBJ_KGB_VST_KBB host 78.85.37.88 host 88.80.33.154 ! object-group network OBJ_SAR_VST_SMK host 78.85.19.93 host 88.80.33.234 ! object-group network OBJ_KNK_VST_KMK host 178.161.242.67 ! object-group network OBJ_IZH_KM_S61 host 84.201.247.32 host 88.80.33.194 ! object-group network OBJ_YAN_GKZ_YEL host 77.94.97.222 ! object-group network OBJ_KUN_KMK_B2 94.138.150.0 255.255.255.0 ! object-group network OBJ_KUN_KMK_H80 host 178.161.207.26 host 77.43.193.88 ! object-group network OBJ_KUN_KMK_CH9 host 178.47.128.98 host 194.150.90.20 ! object-group network OBJ_KGB_RN_KGB host 78.85.13.165 ! object-group network OBJ_NCH_RN_NCH host 78.85.13.166 ! object-group network OBJ_PRI_RN_PRI host 78.85.13.167 ! object-group network OBJ_URN_RN_URN host 78.85.20.49 ! object-group network OBJ_MZH_TK_TKM host 88.80.32.230 host 78.85.35.34 ! object-group network OBJ_GLZ_TK_TKG host 95.215.208.240 host 146.120.104.235 host 95.215.208.173 ! object-group network OBJ_IZH_TK_M21 host 84.201.242.133 ! object-group network OBJ_IZH_HLA_PP host 92.61.17.250 ! object-group network OBJ_IZH_HLA_UHK host 92.55.7.148 ! object-group network OBJ_IZH_VD_VS17 host 84.201.247.100 ! object-group network OBJ_IZH_KS_H17 85.140.32.64 255.255.255.252 host 85.140.32.63 host 85.140.32.68 ! object-group network OBJ_SPB_KG_SPB host 62.141.114.190 host 94.72.27.43 ! object-group network OBJ_BRANCHES group-object OBJ_IZH_MLK_IZM group-object OBJ_IZH_KG_P11 group-object OBJ_IZH_VST_IZM group-object OBJ_IZH_TK_M44 group-object OBJ_IZH_TK_M48 group-object OBJ_IZH_TK_SMR group-object OBJ_MSK_KG_MSK group-object OBJ_GLZ_MLK_GMK group-object OBJ_KZN_MLK_KMK group-object OBJ_KEZ_MLK_KZS group-object OBJ_PRM_MLK_PHK group-object OBJ_SAR_MLK_SRM group-object OBJ_CLB_MLK_CMK group-object OBJ_BBN_RN_BBN group-object OBJ_GLZ_GKZ_GKZ group-object OBJ_KIA_RN_KIA group-object OBJ_IZH_TZK_TZK group-object OBJ_IZH_MK_VS17 group-object OBJ_IZH_KL_KLI group-object OBJ_EKB_KG_EKB group-object OBJ_IZH_KEN_VS56 group-object OBJ_IZH_VRS_IZM group-object OBJ_GLZ_VRS_UPF group-object OBJ_IZH_VRS_IPF group-object OBJ_IZH_VRS_PFV group-object OBJ_VOT_VRS_VPF group-object OBJ_MSB_TMA_MSB group-object OBJ_KIB_TMA_KIB group-object OBJ_PRM_VRS_MPF group-object OBJ_LAI_VRS_DPF group-object OBJ_BBN_VST_BBN group-object OBJ_SHM_TMA_SHM group-object OBJ_EVL_TMA_EVL group-object OBJ_ITL_VST_ITL group-object OBJ_MZH_VST_MZH group-object OBJ_KIA_VST_KIA group-object OBJ_KGB_VST_KBB group-object OBJ_SAR_VST_SMK group-object OBJ_KNK_VST_KMK group-object OBJ_IZH_KM_S61 group-object OBJ_YAN_GKZ_YEL group-object OBJ_KUN_KMK_B2 group-object OBJ_KUN_KMK_H80 group-object OBJ_KUN_KMK_CH9 group-object OBJ_KGB_RN_KGB group-object OBJ_NCH_RN_NCH group-object OBJ_PRI_RN_PRI group-object OBJ_URN_RN_URN group-object OBJ_MZH_TK_TKM group-object OBJ_GLZ_TK_TKG group-object OBJ_IZH_TK_M21 group-object OBJ_IZH_HLA_PP group-object OBJ_IZH_HLA_UHK group-object OBJ_IZH_VD_VS17 group-object OBJ_IZH_KS_H17 group-object OBJ_SPB_KG_SPB ! object-group network TORG_KOMP_KOMOS host 87.249.237.250 host 88.80.33.162 host 212.46.204.74 ! object-group network OG_MOI_PLOSHADKI group-object NET_VARAKSINO group-object NET_LOTSMAN group-object NET_AUDIT_RSM group-object NET_UNIKON group-object TORG_KOMP_KOMOS group-object NET_AUDIT_PRICE group-object NET_KOMOSGROUP group-object KONTUR group-object NET_CITEK ! object-group network RT_VOIP description --569641.17.rt.ru-- host 178.45.249.116 ! object-group network STATIC_ISP_IP host 78.85.13.119 ! object-group service SVC_ANYCONNECT tcp eq 443 ! object-group service SVC_EMAIL tcp eq smtp ! object-group service SVC_SNMP udp eq snmp udp eq snmptrap ! username beltukov privilege 15 secret 5 $1$mnI8$Ll8gGvBeqUYRe82Wv.JfT/ username beltukov aaa attribute list ANYCONNECT_FULL_SIP username emelyanov_mv privilege 2 secret 5 $1$rENx$JfKcYzrJY9dxwuX9V/9JY0 username emelyanov_mv aaa attribute list ANYCONNECT_RDP username epifanov_ag privilege 2 secret 5 $1$qY56$qcddjdHQzPV/3eWIb9JJU/ username epifanov_ag aaa attribute list ANYCONNECT_RDP username yalochkina_tv privilege 2 secret 5 $1$Ewwf$geZ4TJCsPLE/wA00wyGFX/ username yalochkina_tv aaa attribute list ANYCONNECT_RDP username sudnishikov_as privilege 2 secret 5 $1$DWNd$TN6/Ni0Qeya33o43.GJ9C/ username sudnishikov_as aaa attribute list ANYCONNECT_RDP username admin_avv privilege 15 secret 5 $1$NHbB$f8s2mF7A87XJK/V8O3Kj31 username pershin_an privilege 15 secret 5 $1$vnxI$hUZloCHJ0MALJI/aww7ZE. username pershin_an aaa attribute list ANYCONNECT_FULL_SIP username PWC1 privilege 2 secret 5 $1$pVm7$EDB3r3dFGGU6xF3udC0yk1 username PWC1 aaa attribute list ANYCONNECT_RDP username PWC2 privilege 2 secret 5 $1$K62C$TDZ1GbRggadbShZzA9Kyb. username PWC2 aaa attribute list ANYCONNECT_RDP username PWC3 privilege 2 secret 5 $1$sA1W$oIDi5XIU0c2u2.679vbeI/ username PWC3 aaa attribute list ANYCONNECT_RDP username fedotov_ni privilege 15 secret 5 $1$rc8o$0xTdVcKBhiJrXT1HRt4wg0 username fedotov_ni aaa attribute list ANYCONNECT_FULL_SIP username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/ username PWC4 privilege 2 secret 5 $1$T8vs$JpCReqcvmwjYoov/JA7wx. username PWC4 aaa attribute list ANYCONNECT_RDP username PWC5 privilege 2 secret 5 $1$Pz7f$hAJrYQy.y3HPI4/SwQAnb0 username PWC5 aaa attribute list ANYCONNECT_RDP username PWC6 privilege 2 secret 5 $1$Vc8e$TZ7CYPwx3BPKKx2m2mtgo1 username PWC6 aaa attribute list ANYCONNECT_RDP username akhmetzyanovrr privilege 15 secret 5 $1$WzoX$SjIT.N621r3E.dAyBw0ae0 ! redundancy ! ! ! ! lldp run ! track 1 ip sla 1 reachability delay down 26 up 11 ! track 11 ip sla 11 reachability delay down 26 up 11 ! track 15 ip sla 15 reachability delay down 26 up 11 ! ! ! crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.10.03104-webdeploy-k9.pkg sequence 1 ! crypto vpn anyconnect flash0:/webvpn/anyconnect-macos-4.5.04029-webdeploy-k9.pkg sequence 2 ! crypto isakmp policy 150 encr aes authentication pre-share group 2 crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth crypto isakmp keepalive 30 crypto isakmp nat keepalive 10 ! ! crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac mode transport ! crypto ipsec profile CRYPTO_IPSEC_DMVPN description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE-- set transform-set CRYPTO_TS_DMVPN ! ! ! ! ! ! ! interface Loopback0 description WEBVPN_ANYCONNECT_LOOPBACK ip address 172.26.15.62 255.255.255.224 ! interface Loopback1 description -== REMOTE SENSOR ==- ip address 10.1.72.6 255.255.255.255 ! interface Tunnel1 description BACKUP_CONNECTION_TO_MILKOM bandwidth 100000 ip address 172.16.254.33 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip nhrp authentication nh10002 ip nhrp map 172.16.254.62 78.85.14.98 ip nhrp map multicast 78.85.14.98 ip nhrp network-id 10002 ip nhrp holdtime 300 ip nhrp nhs 172.16.254.62 ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 34 ! interface Tunnel1001 description --DMVPN_SPOKE_24_CLOUD_1-- ip address 172.30.1.26 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip flow ingress ip flow egress ip nhrp authentication M_K.Cl01 ip nhrp map 172.30.1.1 85.140.32.27 ip nhrp map 172.30.1.2 78.85.13.42 ip nhrp map multicast 85.140.32.27 ip nhrp map multicast 78.85.13.42 ip nhrp network-id 1001 ip nhrp holdtime 300 ip nhrp nhs 172.30.1.1 ip nhrp nhs 172.30.1.2 ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 1001 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared ! interface Tunnel1002 description --DMVPN_SPOKE_24_CLOUD_2-- ip address 172.30.2.26 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip flow ingress ip flow egress ip nhrp authentication M_K.Cl02 ip nhrp map 172.30.2.1 5.227.124.143 ip nhrp map 172.30.2.2 78.85.13.93 ip nhrp map multicast 5.227.124.143 ip nhrp map multicast 78.85.13.93 ip nhrp network-id 1002 ip nhrp holdtime 300 ip nhrp nhs 172.30.2.1 ip nhrp nhs 172.30.2.2 ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 1002 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description ISP_ROSTELEKOM ip address 78.85.13.119 255.255.255.0 ip access-group ACL_FIREWALL in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect INTERNET out ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress shutdown duplex auto speed auto ! interface GigabitEthernet0/2 description LOCAL_NETWORK no ip address no ip redirects no ip unreachables duplex auto speed auto ! interface GigabitEthernet0/2.11 description LOCAL_NETWORK_AREA encapsulation dot1Q 11 ip address 10.8.0.3 255.255.252.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 11 ip 10.8.0.1 standby 11 timers 5 15 standby 11 priority 110 standby 11 preempt delay minimum 30 standby 11 authentication upf2017 standby 11 name R2-LOCAL_NETWORK-HSRP ip policy route-map RM_ROUTE_VIA_KERIO_VLAN_1 ! interface GigabitEthernet0/2.111 description PRINTERS_AREA encapsulation dot1Q 111 ip address 10.8.4.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 111 ip 10.8.4.1 standby 111 timers 5 15 standby 111 priority 110 standby 111 preempt delay minimum 30 standby 111 authentication upf2017 standby 111 name R2-PRINTERS-HSRP ! interface GigabitEthernet0/2.112 description WEIGHT_DEVICE_AREA encapsulation dot1Q 112 ip address 10.8.5.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 112 ip 10.8.5.1 standby 112 timers 5 15 standby 112 priority 110 standby 112 preempt delay minimum 30 standby 112 authentication upf2017 standby 112 name R2-WEIGHT_DEVICE-HSRP ! interface GigabitEthernet0/2.113 description USB_NETWORK_AREA encapsulation dot1Q 113 ip address 10.8.6.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 113 ip 10.8.6.1 standby 113 timers 5 15 standby 113 priority 110 standby 113 preempt delay minimum 30 standby 113 authentication upf2017 standby 113 name R2-USB_NETWORK-HSRP ! interface GigabitEthernet0/2.114 description SKUD_AREA encapsulation dot1Q 114 ip address 10.8.7.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 114 ip 10.8.7.1 standby 114 timers 5 15 standby 114 priority 110 standby 114 preempt delay minimum 30 standby 114 authentication upf2017 standby 114 name R2-SKUD-HSRP ! interface GigabitEthernet0/2.161 description WIRELESS_USERS_AREA encapsulation dot1Q 161 ip address 10.8.8.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 161 ip 10.8.8.1 standby 161 timers 5 15 standby 161 priority 110 standby 161 preempt delay minimum 30 standby 161 authentication upf2017 standby 161 name R2-WIRELESS_USERS-HSRP ! interface GigabitEthernet0/2.211 description SERVERS_MGT_AREA encapsulation dot1Q 211 ip address 10.8.9.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 211 ip 10.8.9.1 standby 211 timers 5 15 standby 211 priority 110 standby 211 preempt delay minimum 30 standby 211 authentication upf2017 standby 211 name R2-SERVERS_MGT-HSRP ! interface GigabitEthernet0/2.311 description NETWORK_MGT_AREA encapsulation dot1Q 311 ip address 10.8.10.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 311 ip 10.8.10.1 standby 311 timers 5 15 standby 311 priority 110 standby 311 preempt delay minimum 30 standby 311 authentication upf2017 standby 311 name R2-NETWORK_MGT-HSRP ! interface GigabitEthernet0/2.361 description VOICE_AREA encapsulation dot1Q 361 ip address 10.8.72.3 255.255.252.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 361 ip 10.8.72.1 standby 361 timers 5 15 standby 361 priority 110 standby 361 preempt delay minimum 30 standby 361 authentication upf2017 standby 361 name R2-VOICE-HSRP ! interface GigabitEthernet0/2.411 description VIDEO_AREA encapsulation dot1Q 411 ip address 10.8.12.3 255.255.254.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 411 ip 10.8.12.1 standby 411 timers 5 15 standby 411 priority 110 standby 411 preempt delay minimum 30 standby 411 authentication upf2017 standby 411 name R2-VIDEO-HSRP ! interface GigabitEthernet0/2.511 description WIRELESS_GUEST_AREA encapsulation dot1Q 511 ip address 10.8.14.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in standby version 2 standby 511 ip 10.8.14.1 standby 511 timers 5 15 standby 511 priority 110 standby 511 preempt delay minimum 30 standby 511 authentication upf2017 standby 511 name R2-WIRELESS_GUEST-HSRP ! interface GigabitEthernet0/2.555 description --BGP_TRANSIT-- encapsulation dot1Q 555 ip address 172.30.30.154 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ! router bgp 64524 bgp router-id 172.30.30.154 bgp log-neighbor-changes bgp graceful-restart aggregate-address 10.8.72.0 255.255.248.0 aggregate-address 10.8.0.0 255.255.240.0 redistribute connected route-map RM_BGP_REDISTR_CON neighbor PG_BGP_OCOD peer-group neighbor PG_BGP_OCOD remote-as 64512 neighbor PG_BGP_OCOD next-hop-self neighbor PG_BGP_OCOD soft-reconfiguration inbound neighbor PG_BGP_OCOD route-map RM_BGP_TO_HUB out neighbor PG_BGP_RCOD peer-group neighbor PG_BGP_RCOD remote-as 64513 neighbor PG_BGP_RCOD next-hop-self neighbor PG_BGP_RCOD soft-reconfiguration inbound neighbor PG_BGP_RCOD route-map RM_BGP_TO_HUB out neighbor PG_BGP_MLK peer-group neighbor PG_BGP_MLK remote-as 64523 neighbor PG_BGP_MLK next-hop-self neighbor PG_BGP_MLK soft-reconfiguration inbound neighbor PG_BGP_MLK prefix-list PFL_FROM_MLK in neighbor PG_BGP_MLK prefix-list PFL_TO_MLK out neighbor 172.16.254.62 peer-group PG_BGP_MLK neighbor 172.30.1.1 peer-group PG_BGP_OCOD neighbor 172.30.1.2 peer-group PG_BGP_OCOD neighbor 172.30.1.2 route-map RM_BGP_FROM_HUB in neighbor 172.30.2.1 peer-group PG_BGP_RCOD neighbor 172.30.2.2 peer-group PG_BGP_RCOD neighbor 172.30.30.153 remote-as 64524 neighbor 172.30.30.153 next-hop-self distance bgp 150 150 150 ! ip local pool ANYCONNECT_POOL 172.26.15.33 172.26.15.61 ip default-gateway 78.85.13.1 ip forward-protocol nd ! no ip http server no ip http secure-server ip http secure-ciphersuite ip flow-export source GigabitEthernet0/2.311 ip flow-export version 5 ip flow-export destination 10.4.0.215 9995 ip flow-export destination 10.4.0.217 9995 ! ip tftp source-interface GigabitEthernet0/2.311 ip dns view default domain timeout 2 ip dns server ip nat translation timeout 450 ip nat translation tcp-timeout 300 ip nat translation pptp-timeout 1800 ip nat translation udp-timeout 45 ip nat translation dns-timeout 5 ip nat translation port-timeout tcp 110 60 ip nat translation port-timeout tcp 25 60 ip nat translation port-timeout tcp 80 15 ip nat translation port-timeout udp 5060 180 ip nat translation max-entries all-host 400 ip nat translation max-entries host 10.8.0.4 30000 ip nat translation max-entries host 10.8.0.11 10000 ip nat translation max-entries host 172.16.2.2 40000 ip nat inside source route-map ISP_RT interface GigabitEthernet0/0 overload ip nat inside source static tcp 10.8.0.4 3389 78.85.13.119 3389 extendable ip nat inside source static tcp 10.8.0.4 4090 78.85.13.119 4090 extendable ip nat inside source static udp 10.8.0.4 4090 78.85.13.119 4090 extendable ip nat inside source static tcp 10.8.72.10 5060 78.85.13.119 5060 extendable ip nat inside source static udp 10.8.72.10 5060 78.85.13.119 5060 extendable ip nat inside source static tcp 10.8.0.4 443 78.85.13.119 9443 extendable ip route 0.0.0.0 0.0.0.0 78.85.13.1 ip route 172.26.15.0 255.255.255.224 10.8.0.4 name --LAN-- ip route 172.26.15.64 255.255.255.192 10.8.10.2 ip route 172.26.15.128 255.255.255.252 10.8.0.4 ip route 172.26.15.144 255.255.255.240 10.8.0.4 ip route 172.26.15.160 255.255.255.240 10.8.0.4 ip route 172.26.15.176 255.255.255.240 10.8.0.4 ip route 192.168.15.0 255.255.255.0 10.8.0.4 name --PRODACTION-- ip ssh source-interface GigabitEthernet0/2.311 ip ssh version 2 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ip access-list standard ACL_LOCAL_NETWORK_NET permit 10.8.0.0 0.0.3.255 ip access-list standard ACL_NETWORK_MGT_NET permit 10.8.10.0 0.0.0.255 ip access-list standard ACL_NTP_CLIENTS permit 10.8.0.0 0.0.15.255 ip access-list standard ACL_NTP_SERVERS permit 91.226.136.136 permit 91.226.136.142 deny any ip access-list standard ACL_PRINTERS_NET permit 10.8.4.0 0.0.0.255 ip access-list standard ACL_SERVERS_MGT_NET permit 10.8.9.0 0.0.0.255 ip access-list standard ACL_SKUD_NET permit 10.8.7.0 0.0.0.255 ip access-list standard ACL_SPLIT_ADMIN permit 192.168.72.64 0.0.0.63 permit 192.168.72.192 0.0.0.63 permit 10.8.0.0 0.0.15.255 ip access-list standard ACL_SPLIT_FULL permit 192.168.72.64 0.0.0.63 permit 10.8.0.0 0.0.15.255 ip access-list standard ACL_SPLIT_FULL_SIP permit 192.168.72.64 0.0.0.63 permit 10.8.0.0 0.0.15.255 permit 10.8.72.0 0.0.3.255 ip access-list standard ACL_SPLIT_RDP permit 10.8.0.4 permit 10.8.0.11 permit 10.8.0.12 permit 192.168.72.66 permit 192.168.72.79 ip access-list standard ACL_USB_NETWORK_NET permit 10.8.6.0 0.0.0.255 ip access-list standard ACL_VIDEO_NET permit 10.8.12.0 0.0.1.255 ip access-list standard ACL_VOICE_NET permit 10.8.11.0 0.0.0.255 permit 10.8.72.0 0.0.3.255 ip access-list standard ACL_WEIGHT_DEVICE_NET permit 10.8.5.0 0.0.0.255 ip access-list standard ACL_WIRELESS_GUEST_NET permit 10.8.14.0 0.0.0.255 ip access-list standard ACL_WIRELESS_USERS_NET permit 10.8.8.0 0.0.0.255 ! ip access-list extended ACL_ANYCONNECT_RDP permit tcp any host 10.8.0.11 eq domain permit udp any host 10.8.0.11 eq domain permit tcp any host 10.8.0.12 eq domain permit udp any host 10.8.0.12 eq domain permit tcp any host 192.168.72.66 eq 443 permit tcp any host 10.8.0.14 eq 3389 permit tcp any host 10.8.0.4 eq 3389 permit tcp any host 192.168.72.79 eq 3389 permit tcp any host 10.8.0.4 eq 443 ip access-list extended ACL_FIREWALL permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP permit udp any eq domain object-group STATIC_ISP_IP permit object-group KERIO_VPN any object-group STATIC_ISP_IP permit ip object-group NET_SIP_PROVIDERS object-group STATIC_ISP_IP permit udp any eq ntp object-group STATIC_ISP_IP permit object-group SVC_EMAIL any object-group STATIC_ISP_IP permit icmp any any unreachable permit icmp any any echo-reply permit icmp any any packet-too-big permit icmp any any time-exceeded permit icmp any any traceroute permit icmp any any administratively-prohibited permit icmp any any echo permit object-group SVC_ANYCONNECT any object-group STATIC_ISP_IP permit tcp object-group OG_MOI_PLOSHADKI object-group STATIC_ISP_IP eq 3389 permit tcp object-group OG_MOI_PLOSHADKI object-group STATIC_ISP_IP eq 9443 permit tcp object-group NET_SIP_TRUNK object-group STATIC_ISP_IP eq 5060 permit udp object-group NET_SIP_TRUNK object-group STATIC_ISP_IP eq 5060 permit tcp object-group OG_MOI_PLOSHADKI object-group STATIC_ISP_IP eq www ip access-list extended ACL_LOCAL_TRAFFIC permit ip any 10.8.0.0 0.0.255.255 permit ip any 172.16.0.0 0.15.255.255 permit ip any 10.8.72.0 0.0.3.255 permit tcp host 10.8.0.14 eq 3389 any permit tcp host 10.8.0.4 eq 3389 any permit tcp host 192.168.72.79 eq 3389 any permit tcp host 10.8.0.4 eq 443 any ! ! ip prefix-list PFL_BGP_REDISTR_CON seq 10 permit 10.0.0.0/8 le 24 ip prefix-list PFL_BGP_REDISTR_CON seq 20 permit 172.26.15.0/24 le 25 ! ip prefix-list PFL_FROM_MLK seq 10 permit 192.168.72.0/24 le 26 ! ip prefix-list PFL_TO_HUB seq 10 permit 10.8.0.0/20 ip prefix-list PFL_TO_HUB seq 20 permit 10.8.72.0/21 ! ip prefix-list PFL_TO_MLK seq 10 permit 10.8.0.0/20 le 24 ip prefix-list PFL_TO_MLK seq 20 permit 10.8.72.0/21 le 24 ip prefix-list PFL_TO_MLK seq 30 permit 172.26.15.0/24 le 25 ip sla 1 icmp-echo 78.85.13.1 source-interface GigabitEthernet0/0 threshold 2 timeout 2000 frequency 5 ip sla schedule 1 life forever start-time now kron occurrence EveryDay at 1:30 recurring policy-list SaveBackup ! kron policy-list SaveBackup cli write memory ! logging trap debugging ! route-map ISP_RT permit 10 match ip address ACL_WIRELESS_GUEST_NET ACL_ACCESS_NET ACL_GUEST_NET ACL_KERIO_GATEWAY ACL_VOICE_NET ACL_LOCAL_NETWORK_NET match interface GigabitEthernet0/0 ! route-map RM_BGP_REDISTR_CON permit 10 match ip address prefix-list PFL_BGP_REDISTR_CON ! route-map RM_ROUTE_VIA_KERIO_VLAN_1 permit 5 match ip address ACL_LOCAL_TRAFFIC ! route-map RM_ROUTE_VIA_KERIO_VLAN_1 permit 10 set ip next-hop verify-availability 10.8.0.4 10 track 11 ! route-map RM_BGP_TO_HUB permit 10 match ip address prefix-list PFL_TO_HUB ! route-map RM_BGP_FROM_HUB permit 10 set local-preference 1000 ! ! snmp-server community public RO snmp-server community lmTUEsk6Yvlv RO ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 07073847682838253F1552345D2C382B23043D77025F01061B151F66520D022A110C555C7F784A59660E4955357D00251115304821110B03727C2C2A235317215C ! radius server IZH-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 104610122336332B240373137D2E203A29240F431259415C4210123002411A70514D5F567D7F135734024A04363651255918321C0B5B4A2B273732212D4801007B ! ! ! control-plane ! ! ! ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! gatekeeper shutdown ! ! no vstack alias exec q exit ! line con 0 logging synchronous login authentication CONSOLE line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 exec-timeout 120 0 logging synchronous length 0 transport input ssh line vty 5 15 exec-timeout 120 0 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ntp source GigabitEthernet0/0 ntp access-group peer ACL_NTP_SERVERS ntp access-group serve-only ACL_NTP_CLIENTS ntp master 3 ntp update-calendar ntp server 91.226.136.136 prefer ntp server 91.226.136.142 ! ! webvpn gateway ANYCONNECT-WEBVPN-GATEWAY ip interface GigabitEthernet0/0 port 443 ssl encryption aes128-sha1 aes256-sha1 rsa-dhe-aes256-sha1 ssl trustpoint UDMPF_RU_2022 inservice ! webvpn context ANYCONNECT-WEBVPN title " KOMOS.RU WebVPN - Powered By Cisco Systems " aaa authentication list sslvpn aaa authorization list sslvpn gateway ANYCONNECT-WEBVPN-GATEWAY max-users 50 ! ssl authenticate verify all ! url-list "rewrite" inservice ! policy group WEBVPN_POLICY_RDP functions svc-enabled filter tunnel ACL_ANYCONNECT_RDP svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128 svc rekey method new-tunnel svc split include acl ACL_SPLIT_RDP svc dns-server primary 10.8.0.11 svc dns-server secondary 10.8.0.12 ! policy group WEBVPN_POLICY_FULL functions svc-enabled svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128 svc rekey method new-tunnel svc split include acl ACL_SPLIT_FULL svc dns-server primary 10.8.0.11 svc dns-server secondary 10.8.0.12 ! policy group WEBVPN_POLICY_FULL_SIP functions svc-enabled svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128 svc rekey method new-tunnel svc split include acl ACL_SPLIT_FULL_SIP svc dns-server primary 10.8.0.11 svc dns-server secondary 10.8.0.12 ! policy group WEBVPN_POLICY_ADMIN functions svc-enabled svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128 svc rekey method new-tunnel svc split include acl ACL_SPLIT_ADMIN svc dns-server primary 10.8.0.11 svc dns-server secondary 10.8.0.12 default-group-policy WEBVPN_POLICY_RDP ! end