Building configuration...

Current configuration : 17485 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 01:29:59 IZH Thu Jul 28 2022
!
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname VOT-VRS-VPF-RT-1-1
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.155-3.M6.bin
boot-end-marker
!
!
security authentication failure rate 3 log
logging buffered 16386
logging rate-limit 100 except warnings
logging console critical
!
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface GigabitEthernet0/1
 load-balance method least-outstanding
!
aaa authentication login default local group NPS enable
aaa authentication login LOCAL_AUTH local
aaa authentication login CONSOLE local group NPS
aaa authorization exec default local group NPS if-authenticated 
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone IZH 4 0
!
!
!
!
!
!
no ip source-route
no ip gratuitous-arps
!
!
!
!
!
!
!
!
!
!


!
ip dhcp database flash:/dhcp-database timeout 80
ip dhcp excluded-address 10.8.40.200 10.8.40.254
!
ip dhcp pool POOL-ACCESSAREA
 network 10.8.40.0 255.255.255.0
 update dns
 domain-name varaksino.local
 dns-server 10.8.40.250 192.168.72.59 10.8.17.100 
 netbios-name-server 10.8.40.250 192.168.72.59 10.8.17.100 
 default-router 10.8.40.254 
 option 4 ip 10.8.40.254 
 option 42 ip 10.8.40.254 
 lease 2
 update arp
!
!
ip dhcp update dns both override
!
ip flow-cache timeout inactive 60
ip flow-cache timeout active 5
no ip bootp server
no ip domain lookup
ip domain name komos.ru
ip host tftp 10.4.0.214
ip cef
login block-for 60 attempts 3 within 20
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid CISCO1941/K9 sn FTX1907833C
license accept end user agreement
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
!
!
archive
 log config
  logging enable
  logging size 200
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/VOT/VRS/VPF-RT/$H.$T.conf
 write-memory
 time-period 10080
object-group network NET_MLK 
 description :: MILKOM_DATACENTER
 host 85.140.32.177
 host 78.85.14.98
!
object-group network NET_PFV 
 description :: VARAKSINO
 host 85.140.32.178
 host 78.85.33.50
!
object-group network NET_KOMOSGROUP 
 host 88.80.33.50
 91.240.179.0 255.255.255.0
 host 62.141.96.126
 host 94.25.46.122
 host 88.80.33.10
 host 5.227.124.143
 host 84.201.247.190
!
object-group network NET_IZH_MLK 
 description --IZHMOLOKO--
 host 78.85.13.42
 host 85.140.32.27
 host 31.173.105.54
 host 217.14.195.253
 host 84.201.247.157
!
object-group network NET_PS_PF 
 host 5.227.121.127
 host 46.232.164.108
 host 78.85.13.117
 host 78.85.13.118
 host 78.85.13.119
 host 78.85.14.98
 host 78.85.33.50
 host 85.140.32.141
 host 85.140.32.177
 host 85.140.32.178
 host 88.80.33.14
 host 95.215.208.234
 host 178.47.130.10
 host 178.205.241.114
!
object-group network NET_DMVPN_NBRS 
 group-object NET_MLK
 group-object NET_PFV
 group-object NET_KOMOSGROUP
 group-object NET_IZH_MLK
 group-object NET_PS_PF
!
object-group network NET_REMOTE_SITES 
 group-object NET_MLK
 group-object NET_PFV
 group-object NET_KOMOSGROUP
 group-object NET_IZH_MLK
!
object-group network NET_VARAKSINO 
 description PF_VARAKSINO
 host 85.140.32.178
 host 78.85.33.50
!
object-group network OBJ_BBN_RN_BBN 
 host 85.140.32.104
 host 78.85.13.205
!
object-group network OBJ_BBN_VST_BBN 
 host 85.140.32.103
 host 83.169.220.204
!
object-group network OBJ_IZH_MLK_IZM 
 host 85.140.32.27
 host 78.85.13.42
 host 5.227.126.169
 host 31.173.105.54
 host 217.14.195.253
 host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11 
 91.240.179.0 255.255.255.0
 host 5.227.124.143
 host 78.85.13.93
 host 62.141.96.126
 host 84.201.247.190
 host 88.80.33.50
 host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM 
 host 5.227.124.82
 host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44 
 host 212.46.204.74
 host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48 
 host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR 
 host 87.249.239.226
 host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK 
 host 185.62.195.150
 host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK 
 host 31.173.105.62
 host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK 
 host 83.69.126.54
 host 94.180.253.210
 host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS 
 host 31.173.105.66
 host 78.85.13.52
 host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK 
 host 178.47.128.18
 host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM 
 host 31.173.105.58
 host 78.85.13.53
 host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK 
 host 37.113.128.241
 host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ 
 host 78.85.13.94
 host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA 
 host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK 
 host 78.25.80.134
 host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17 
 host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI 
 host 78.85.15.85
 host 84.201.247.24
 host 79.175.36.97
 host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB 
 host 62.168.232.182
 host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56 
 host 83.143.54.246
 host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM 
 host 85.140.32.177
 host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF 
 host 95.215.208.234
 host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF 
 host 85.140.32.141
 host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV 
 host 85.140.32.178
 host 94.181.119.90
 host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF 
 host 78.85.13.118
 host 88.80.33.14
!
object-group network OBJ_MSB_TMA_MSB 
 host 78.138.182.214
!
object-group network OBJ_KIB_TMA_KIB 
 host 78.138.182.126
!
object-group network OBJ_PRM_VRS_MPF 
 host 178.47.130.10
 host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF 
 host 178.205.241.114
 host 46.232.164.108
!
object-group network OBJ_SHM_TMA_SHM 
 host 89.232.91.106
 host 31.173.182.210
!
object-group network OBJ_EVL_TMA_EVL 
 host 89.232.102.166
!
object-group network OBJ_ITL_VST_ITL 
 host 5.227.124.130
 host 78.85.34.99
 host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH 
 host 88.80.33.250
 host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA 
 host 85.140.32.24
 host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB 
 host 78.85.37.88
 host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK 
 host 78.85.19.93
 host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK 
 host 178.161.242.67
!
object-group network OBJ_IZH_KM_S61 
 host 84.201.247.32
 host 88.80.33.194
!
object-group network OBJ_YAN_GKZ_YEL 
 host 77.94.97.222
!
object-group network OBJ_KUN_KMK_B2 
 94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80 
 host 178.161.207.26
 host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9 
 host 178.47.128.98
 host 194.150.90.20
!
object-group network OBJ_KGB_RN_KGB 
 host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH 
 host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI 
 host 78.85.13.167
!
object-group network OBJ_URN_RN_URN 
 host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM 
 host 88.80.32.230
 host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG 
 host 95.215.208.240
 host 146.120.104.235
 host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21 
 host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP 
 host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK 
 host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17 
 host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17 
 85.140.32.64 255.255.255.252
 host 85.140.32.63
 host 85.140.32.68
!
object-group network OBJ_SPB_KG_SPB 
 host 62.141.114.190
 host 94.72.27.43
!
object-group network OBJ_BRANCHES 
 group-object OBJ_IZH_MLK_IZM
 group-object OBJ_IZH_KG_P11
 group-object OBJ_IZH_VST_IZM
 group-object OBJ_IZH_TK_M44
 group-object OBJ_IZH_TK_M48
 group-object OBJ_IZH_TK_SMR
 group-object OBJ_MSK_KG_MSK
 group-object OBJ_GLZ_MLK_GMK
 group-object OBJ_KZN_MLK_KMK
 group-object OBJ_KEZ_MLK_KZS
 group-object OBJ_PRM_MLK_PHK
 group-object OBJ_SAR_MLK_SRM
 group-object OBJ_CLB_MLK_CMK
 group-object OBJ_BBN_RN_BBN
 group-object OBJ_GLZ_GKZ_GKZ
 group-object OBJ_KIA_RN_KIA
 group-object OBJ_IZH_TZK_TZK
 group-object OBJ_IZH_MK_VS17
 group-object OBJ_IZH_KL_KLI
 group-object OBJ_EKB_KG_EKB
 group-object OBJ_IZH_KEN_VS56
 group-object OBJ_IZH_VRS_IZM
 group-object OBJ_GLZ_VRS_UPF
 group-object OBJ_IZH_VRS_IPF
 group-object OBJ_IZH_VRS_PFV
 group-object OBJ_VOT_VRS_VPF
 group-object OBJ_MSB_TMA_MSB
 group-object OBJ_KIB_TMA_KIB
 group-object OBJ_PRM_VRS_MPF
 group-object OBJ_LAI_VRS_DPF
 group-object OBJ_BBN_VST_BBN
 group-object OBJ_SHM_TMA_SHM
 group-object OBJ_EVL_TMA_EVL
 group-object OBJ_ITL_VST_ITL
 group-object OBJ_MZH_VST_MZH
 group-object OBJ_KIA_VST_KIA
 group-object OBJ_KGB_VST_KBB
 group-object OBJ_SAR_VST_SMK
 group-object OBJ_KNK_VST_KMK
 group-object OBJ_IZH_KM_S61
 group-object OBJ_YAN_GKZ_YEL
 group-object OBJ_KUN_KMK_B2
 group-object OBJ_KUN_KMK_H80
 group-object OBJ_KUN_KMK_CH9
 group-object OBJ_KGB_RN_KGB
 group-object OBJ_NCH_RN_NCH
 group-object OBJ_PRI_RN_PRI
 group-object OBJ_URN_RN_URN
 group-object OBJ_MZH_TK_TKM
 group-object OBJ_GLZ_TK_TKG
 group-object OBJ_IZH_TK_M21
 group-object OBJ_IZH_HLA_PP
 group-object OBJ_IZH_HLA_UHK
 group-object OBJ_IZH_VD_VS17
 group-object OBJ_IZH_KS_H17
 group-object OBJ_SPB_KG_SPB
!
object-group network STATIC_ISP_IP 
 host 88.80.33.14
!
username menshikov privilege 15 secret 5 $1$0C.V$xMVJctHeHhxPVEtJWCJos.
username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/
username akhmetzyanovrr privilege 15 secret 5 $1$s6uL$JDiAuV9FLnHUHjnaJpfnA.
!
redundancy
!
!
!
!
!
track 1 ip sla 1 reachability
 delay down 26 up 11
!
! 
crypto logging session
!
crypto isakmp policy 150
 encr aes
 authentication pre-share
 group 2
crypto isakmp key mlk20kom19 address 0.0.0.0         no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
!
crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac 
 mode transport
!
crypto ipsec profile CRYPTO_IPSEC_DMVPN
 description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE--
 set transform-set CRYPTO_TS_DMVPN 
!
!
!
!
!
!
!
interface Loopback1
 description -== REMOTE SENSOR ==-
 ip address 10.1.72.7 255.255.255.255
!
interface Tunnel1001
 description --DMVPN_SPOKE_29_CLOUD_1--
 ip address 172.30.1.31 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip flow ingress
 ip flow egress
 ip nhrp authentication M_K.Cl01
 ip nhrp map 172.30.1.1 85.140.32.27
 ip nhrp map 172.30.1.2 78.85.13.42
 ip nhrp map multicast 85.140.32.27
 ip nhrp map multicast 78.85.13.42
 ip nhrp network-id 1001
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.1.1
 ip nhrp nhs 172.30.1.2
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 1001
 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
!
interface Tunnel1002
 description --DMVPN_SPOKE_29_CLOUD_2--
 ip address 172.30.2.31 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip flow ingress
 ip flow egress
 ip nhrp authentication M_K.Cl02
 ip nhrp map 172.30.2.1 5.227.124.143
 ip nhrp map 172.30.2.2 78.85.13.93
 ip nhrp map multicast 5.227.124.143
 ip nhrp map multicast 78.85.13.93
 ip nhrp network-id 1002
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.2.1
 ip nhrp nhs 172.30.2.2
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 1002
 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description ISP_MTS
 ip address 88.80.33.14 255.255.255.252
 ip access-group ACL_FIREWALL in
 ip access-group ACL_LAN_TO_WAN out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1
 description LOCAL_NETWORK
 ip address 10.8.40.252 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 standby version 2
 standby 1 ip 10.8.40.254
 standby 1 timers 5 15
 standby 1 priority 110
 standby 1 preempt delay minimum 30
 standby 1 authentication vot2017
 standby 1 name LAN-VOT-HSRP
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.555
 description --BGP_TRANSIT--
 encapsulation dot1Q 555
 ip address 172.30.30.177 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/0/0
 no ip address
 duplex auto
 speed auto
!
router bgp 64527
 bgp router-id 172.30.30.177
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 aggregate-address 10.8.40.0 255.255.248.0
 redistribute connected route-map RM_BGP_REDISTR_CON
 neighbor PG_BGP_OCOD peer-group
 neighbor PG_BGP_OCOD remote-as 64512
 neighbor PG_BGP_OCOD next-hop-self all
 neighbor PG_BGP_OCOD soft-reconfiguration inbound
 neighbor PG_BGP_OCOD route-map RM_BGP_TO_HUB out
 neighbor PG_BGP_RCOD peer-group
 neighbor PG_BGP_RCOD remote-as 64513
 neighbor PG_BGP_RCOD next-hop-self all
 neighbor PG_BGP_RCOD soft-reconfiguration inbound
 neighbor PG_BGP_RCOD route-map RM_BGP_TO_HUB out
 neighbor 172.30.1.1 peer-group PG_BGP_OCOD
 neighbor 172.30.1.1 route-map RM_BGP_FROM_HUB in
 neighbor 172.30.1.2 peer-group PG_BGP_OCOD
 neighbor 172.30.2.1 peer-group PG_BGP_RCOD
 neighbor 172.30.2.1 route-map RM_BGP_FROM_HUB in
 neighbor 172.30.2.2 peer-group PG_BGP_RCOD
 neighbor 172.30.30.178 remote-as 64527
 neighbor 172.30.30.178 next-hop-self all
 distance bgp 150 150 150
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination 10.4.0.215 9995
ip flow-export destination 10.4.0.217 9995
!
ip tftp source-interface GigabitEthernet0/1
ip nat translation timeout 450
ip nat translation tcp-timeout 300
ip nat translation pptp-timeout 1800
ip nat translation udp-timeout 45
ip nat translation dns-timeout 5
ip nat translation port-timeout tcp 110 60
ip nat translation port-timeout tcp 25 60
ip nat translation port-timeout tcp 80 15
ip nat translation port-timeout udp 5060 180
ip nat inside source route-map ISP_MTS interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 88.80.33.13
ip ssh version 2
!
ip access-list standard ACL_ACCESS_NET
 permit 192.168.30.0 0.0.0.255
 permit 10.8.40.0 0.0.0.255
ip access-list standard ACL_NTP_CLIENTS
 permit 192.168.30.0 0.0.0.255
 permit 10.8.40.0 0.0.0.255
ip access-list standard ACL_NTP_SERVERS
 permit 172.16.254.30
 deny   any
!
ip access-list extended ACL_FIREWALL
 permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
 permit udp any eq ntp object-group STATIC_ISP_IP
 permit icmp any any unreachable
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 permit icmp any any administratively-prohibited
 permit icmp any any echo
 evaluate reflectedtraffic 
ip access-list extended ACL_LAN_TO_WAN
 permit ip any any reflect reflectedtraffic timeout 300
!
!
ip prefix-list PFL_BGP_REDISTR_CON seq 10 permit 10.0.0.0/8 le 24
!
ip prefix-list PFL_TO_HUB seq 10 permit 10.8.40.0/21
ip sla 1
 icmp-echo 88.80.33.13 source-interface GigabitEthernet0/0
 threshold 2
 timeout 2000
 frequency 5
ip sla schedule 1 life forever start-time now
kron occurrence EveryDay at 1:30 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
!
route-map RM_BGP_REDISTR_CON permit 10
 match ip address prefix-list PFL_BGP_REDISTR_CON
!
route-map RM_BGP_TO_HUB permit 10
 match ip address prefix-list PFL_TO_HUB
!
route-map RM_BGP_FROM_HUB permit 10
 set local-preference 1000
!
route-map ISP_MTS permit 10
 match ip address ACL_ACCESS_NET
 match interface GigabitEthernet0/0
!
!
snmp-server community public RO
snmp-server community lmTUEsk6Yvlv RO
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 1101000E31332A2C2C2D721C7135262D18301E56100E4E5D4917483D194F55715E495E517C20430A355D45572123537A09153B3266590D3B3B2537382A402F0174
!
radius server IZH-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 12111C1C342A2D24022C7D106A33311C0C210B5447014F564E4D45261700547E5A48595023701E0B6A52164034210C2A041C155F641E1D2729202E3F226E2E0E78
!
!
!
control-plane
!
!
no vstack
alias exec q exit
!
line con 0
 logging synchronous
 login authentication CONSOLE
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 logging synchronous
 length 0
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 logging synchronous
 transport input ssh
!
scheduler allocate 20000 1000
ntp access-group peer ACL_NTP_SERVERS
ntp access-group serve-only ACL_NTP_CLIENTS
ntp master 4
ntp update-calendar
ntp server 172.16.254.30 prefer
!
end