Building configuration... Current configuration : 43575 bytes ! ! Last configuration change at 16:32:20 IZH Wed Jul 20 2022 by akhmetzyanovrr_adm ! NVRAM config last updated at 01:00:26 IZH Thu Jul 28 2022 ! version 15.6 service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year no service password-encryption service sequence-numbers ! hostname IZH-KG-P11-RT-1-1 ! boot-start-marker boot system flash:c3900e-universalk9-mz.SPA.156-3.M6.bin boot-end-marker ! ! logging buffered 65536 logging rate-limit 100 except warnings enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1 ! aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip radius source-interface Port-channel1.100 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common memory-size iomem 25 clock timezone IZH 4 0 clock calendar-valid ! ! ! ! ! ! ! ! ! ! ! ! ip flow-cache timeout inactive 60 ip flow-cache timeout active 5 no ip domain lookup ip domain name komos.ru ip host VM-KG-NET 10.1.12.70 ip host tftp 10.4.0.214 ip inspect tcp reassembly queue length 128 ip inspect tcp reassembly timeout 10 ip inspect name Internet bgp ip inspect name Internet dns ip inspect name Internet ftp ip inspect name Internet http ip inspect name Internet ntp ip inspect name Internet pop3 ip inspect name Internet sip ip inspect name Internet smtp ip inspect name Internet ssh ip inspect name Internet tcp ip inspect name Internet telnet ip inspect name Internet udp ip inspect name Internet pptp ip inspect name Internet icmp ip inspect name Internet l2tp ip inspect name Internet h323 ip inspect name Internet ipsec-msft ip inspect name Internet isakmp ip inspect name Internet sip-tls ip accounting-threshold 100000 ip cef login on-failure log login on-success log no ipv6 cef ! ! flow exporter NAT_FLOW destination 10.4.0.214 transport udp 2055 ! ! flow monitor NAT_FLOW exporter NAT_FLOW record netflow-original ! ! flow monitor TEST exporter NAT_FLOW record netflow-original ! parameter-map type inspect global log dropped-packets enable max-incomplete low 18000 max-incomplete high 20000 ! multilink bundle-name authenticated ! vpdn enable ! ! ! key chain EIGRP_KEY_CHAIN key 1 key-string 7 1212551A42180B167A3E34 no virtual-template subinterface ! ! license udi pid C3900-SPE250/K9 sn FOC16014KHK license accept end user agreement license boot module c3900e technology-package securityk9 ! ! archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf write-memory time-period 10080 object-group service ANY_CONNECT tcp eq 443 udp eq 443 ! object-group network PART_HTC description nemo host 88.99.232.186 host 46.61.183.9 host 92.61.17.222 host 92.55.34.57 ! object-group network PART_SELECTEL host 185.137.232.142 ! object-group network FTP_USERS host 87.249.244.215 host 78.85.17.101 host 78.85.37.100 host 77.245.121.45 host 89.148.228.140 host 212.33.246.21 host 84.201.247.66 host 91.210.192.253 host 78.85.24.16 host 78.85.16.19 host 78.85.17.47 host 91.210.192.180 host 194.79.33.154 host 78.85.32.117 host 212.48.53.102 host 94.181.119.163 host 146.120.104.227 host 80.76.238.38 host 77.41.138.22 91.240.179.0 255.255.255.0 host 213.87.94.94 host 78.85.28.78 host 86.109.199.218 host 178.161.170.218 host 94.181.119.90 host 78.25.80.122 host 92.55.34.57 host 176.9.88.238 host 78.85.99.241 94.138.150.0 255.255.255.0 host 194.150.90.20 host 94.51.91.50 group-object PART_HTC host 95.213.184.82 host 185.137.232.142 host 178.208.83.31 host 37.46.131.147 host 5.227.124.141 host 195.19.101.162 host 194.150.91.170 group-object PART_SELECTEL ! object-group network GRE_TUNNEL host 88.80.33.182 host 94.138.150.1 host 178.47.128.98 host 194.150.91.170 host 5.227.125.114 host 91.240.179.150 host 46.147.130.59 host 5.227.125.126 ! object-group network IRONPORT_SERVERS host 91.240.179.26 host 91.240.179.27 ! object-group service L2TP udp eq isakmp udp eq non500-isakmp udp eq 1701 tcp eq 1701 esp ! object-group network NET_BLACKLIST host 167.160.182.20 ! object-group network OBJ_BBN_RN_BBN host 85.140.32.104 host 78.85.13.205 ! object-group network OBJ_BBN_VST_BBN host 85.140.32.103 host 83.169.220.204 ! object-group network OBJ_IZH_MLK_IZM host 85.140.32.27 host 78.85.13.42 host 5.227.126.169 host 31.173.105.54 host 217.14.195.253 host 85.175.86.74 ! object-group network OBJ_IZH_KG_P11 91.240.179.0 255.255.255.0 host 5.227.124.143 host 78.85.13.93 host 62.141.96.126 host 84.201.247.190 host 88.80.33.50 host 94.25.46.122 ! object-group network OBJ_IZH_VST_IZM host 5.227.124.82 host 78.85.13.38 ! object-group network OBJ_IZH_TK_M44 host 212.46.204.74 host 88.80.33.162 ! object-group network OBJ_IZH_TK_M48 host 87.249.237.250 ! object-group network OBJ_IZH_TK_SMR host 87.249.239.226 host 88.80.33.42 ! object-group network OBJ_MSK_KG_MSK host 185.62.195.150 host 185.6.175.101 ! object-group network OBJ_GLZ_MLK_GMK host 31.173.105.62 host 85.140.32.29 ! object-group network OBJ_KZN_MLK_KMK host 83.69.126.54 host 94.180.253.210 host 78.138.171.82 ! object-group network OBJ_KEZ_MLK_KZS host 31.173.105.66 host 78.85.13.52 host 85.140.32.30 ! object-group network OBJ_PRM_MLK_PHK host 178.47.128.18 host 46.146.210.68 ! object-group network OBJ_SAR_MLK_SRM host 31.173.105.58 host 78.85.13.53 host 85.140.32.28 ! object-group network OBJ_CLB_MLK_CMK host 37.113.128.241 host 149.255.6.35 ! object-group network OBJ_GLZ_GKZ_GKZ host 78.85.13.94 host 146.120.104.181 ! object-group network OBJ_KIA_RN_KIA host 78.85.14.97 ! object-group network OBJ_IZH_TZK_TZK host 78.25.80.134 host 5.227.124.235 ! object-group network OBJ_IZH_MK_VS17 host 5.227.124.141 ! object-group network OBJ_IZH_KL_KLI host 78.85.15.85 host 84.201.247.24 host 79.175.36.97 host 84.201.244.235 ! object-group network OBJ_EKB_KG_EKB host 62.168.232.182 host 176.215.14.11 ! object-group network OBJ_IZH_KEN_VS56 host 83.143.54.246 host 92.55.54.109 ! object-group network OBJ_IZH_VRS_IZM host 85.140.32.177 host 78.85.14.98 ! object-group network OBJ_GLZ_VRS_UPF host 95.215.208.234 host 78.85.13.119 ! object-group network OBJ_IZH_VRS_IPF host 85.140.32.141 host 78.85.13.117 ! object-group network OBJ_IZH_VRS_PFV host 85.140.32.178 host 94.181.119.90 host 78.85.33.50 ! object-group network OBJ_VOT_VRS_VPF host 78.85.13.118 host 88.80.33.14 ! object-group network OBJ_PRM_VRS_MPF host 178.47.130.10 host 5.227.121.127 ! object-group network OBJ_LAI_VRS_DPF host 178.205.241.114 host 46.232.164.108 ! object-group network OBJ_ITL_VST_ITL host 5.227.124.130 host 78.85.34.99 host 81.211.13.82 ! object-group network OBJ_MZH_VST_MZH host 88.80.33.250 host 83.169.220.171 ! object-group network OBJ_KIA_VST_KIA host 85.140.32.24 host 188.94.168.238 ! object-group network OBJ_KGB_VST_KBB host 78.85.37.88 host 88.80.33.154 ! object-group network OBJ_SAR_VST_SMK host 78.85.19.93 host 88.80.33.234 ! object-group network OBJ_KNK_VST_KMK host 178.161.242.67 ! object-group network OBJ_SHM_TMA_SHM host 89.232.91.106 host 31.173.182.210 ! object-group network OBJ_MSB_TMA_MSB host 78.138.182.214 ! object-group network OBJ_EVL_TMA_EVL host 89.232.102.166 ! object-group network OBJ_KIB_TMA_KIB host 78.138.182.126 ! object-group network OBJ_IZH_KM_S61 host 84.201.247.32 host 88.80.33.194 host 5.227.125.109 ! object-group network OBJ_YAN_GKZ_YEL host 77.94.97.222 host 213.87.197.29 ! object-group network OBJ_KUN_KMK_B2 94.138.150.0 255.255.255.0 ! object-group network OBJ_KUN_KMK_H80 host 178.161.207.26 host 77.43.193.88 ! object-group network OBJ_KUN_KMK_CH9 host 178.47.128.98 host 195.69.159.2 ! object-group network OBJ_KGB_RN_KGB host 78.85.13.165 ! object-group network OBJ_NCH_RN_NCH host 78.85.13.166 ! object-group network OBJ_PRI_RN_PRI host 78.85.13.167 ! object-group network OBJ_URN_RN_URN host 78.85.20.49 ! object-group network OBJ_MZH_TK_TKM host 88.80.32.230 host 78.85.35.34 ! object-group network OBJ_GLZ_TK_TKG host 95.215.208.240 host 146.120.104.235 host 95.215.208.173 ! object-group network OBJ_IZH_TK_M21 host 84.201.242.133 ! object-group network OBJ_IZH_HLA_PP host 92.61.17.250 ! object-group network OBJ_IZH_HLA_UHK host 92.55.7.148 ! object-group network OBJ_IZH_VD_VS17 host 84.201.247.100 ! object-group network OBJ_IZH_KS_H17 85.140.32.64 255.255.255.252 host 85.140.32.63 host 85.140.32.68 ! object-group network OBJ_IZH_KLS_P20 host 5.227.125.114 ! object-group network OBJ_IZH_KI_VOR158 host 46.147.130.59 host 5.227.125.126 ! object-group network OBJ_KIA_RN_TR12 host 78.85.13.106 ! object-group network OBJ_KEN_KOTEL host 5.227.120.54 host 213.87.94.189 host 93.93.139.222 ! object-group network OBJ_OTHER host 78.85.21.21 host 78.85.13.165 host 78.85.13.167 host 78.85.13.166 host 78.85.13.205 host 78.85.13.201 host 78.85.13.107 host 78.85.13.106 ! object-group network OBJ_SPB_KG_SPB host 62.141.114.190 host 94.72.27.43 ! object-group network OBJ_BRANCHES group-object OBJ_IZH_MLK_IZM group-object OBJ_IZH_KG_P11 group-object OBJ_IZH_VST_IZM group-object OBJ_IZH_TK_M44 group-object OBJ_IZH_TK_M48 group-object OBJ_IZH_TK_SMR group-object OBJ_MSK_KG_MSK group-object OBJ_GLZ_MLK_GMK group-object OBJ_KZN_MLK_KMK group-object OBJ_KEZ_MLK_KZS group-object OBJ_PRM_MLK_PHK group-object OBJ_SAR_MLK_SRM group-object OBJ_CLB_MLK_CMK group-object OBJ_BBN_RN_BBN group-object OBJ_GLZ_GKZ_GKZ group-object OBJ_KIA_RN_KIA group-object OBJ_IZH_TZK_TZK group-object OBJ_IZH_MK_VS17 group-object OBJ_IZH_KL_KLI group-object OBJ_EKB_KG_EKB group-object OBJ_IZH_KEN_VS56 group-object OBJ_IZH_VRS_IZM group-object OBJ_GLZ_VRS_UPF group-object OBJ_IZH_VRS_IPF group-object OBJ_IZH_VRS_PFV group-object OBJ_VOT_VRS_VPF group-object OBJ_PRM_VRS_MPF group-object OBJ_LAI_VRS_DPF group-object OBJ_ITL_VST_ITL group-object OBJ_MZH_VST_MZH group-object OBJ_KIA_VST_KIA group-object OBJ_KGB_VST_KBB group-object OBJ_SAR_VST_SMK group-object OBJ_KNK_VST_KMK group-object OBJ_BBN_VST_BBN group-object OBJ_SHM_TMA_SHM group-object OBJ_MSB_TMA_MSB group-object OBJ_EVL_TMA_EVL group-object OBJ_KIB_TMA_KIB group-object OBJ_IZH_KM_S61 group-object OBJ_YAN_GKZ_YEL group-object OBJ_KUN_KMK_B2 group-object OBJ_KUN_KMK_H80 group-object OBJ_KUN_KMK_CH9 group-object OBJ_KGB_RN_KGB group-object OBJ_NCH_RN_NCH group-object OBJ_PRI_RN_PRI group-object OBJ_URN_RN_URN group-object OBJ_MZH_TK_TKM group-object OBJ_GLZ_TK_TKG group-object OBJ_IZH_TK_M21 group-object OBJ_IZH_HLA_PP group-object OBJ_IZH_HLA_UHK group-object OBJ_IZH_VD_VS17 group-object OBJ_IZH_KS_H17 group-object OBJ_IZH_KLS_P20 group-object OBJ_IZH_KI_VOR158 group-object OBJ_KIA_RN_TR12 group-object OBJ_KEN_KOTEL group-object OBJ_OTHER group-object OBJ_SPB_KG_SPB ! object-group network OBJ_CISCOASA host 91.240.179.62 host 91.240.179.63 host 91.240.179.64 ! object-group network OBJ_HELP-CES-KOMOS host 91.240.179.132 host 91.240.179.133 ! object-group network OBJ_KSMG host 91.240.179.73 host 91.240.179.74 ! object-group network OBJ_NET_BLACKLIST host 167.160.182.20 ! object-group network OBJ_NET_CISCOASA host 91.240.179.28 host 91.240.179.29 host 91.240.179.30 host 91.240.179.62 host 91.240.179.63 host 91.240.179.64 ! object-group network OBJ_PART_SELECTEL host 185.137.232.142 ! object-group network OBJ_PART_HTC host 95.213.184.82 host 185.137.232.142 host 178.208.83.31 host 37.46.131.147 host 5.227.124.141 host 195.19.101.162 host 194.150.91.170 group-object OBJ_PART_SELECTEL ! object-group network OBJ_NET_FTP_USERS host 87.249.244.215 host 78.85.17.101 host 78.85.37.100 host 77.245.121.45 host 89.148.228.140 host 212.33.246.21 host 84.201.247.66 host 91.210.192.253 host 78.85.24.16 host 78.85.16.19 host 78.85.17.47 host 91.210.192.180 host 194.79.33.154 host 78.85.32.117 host 212.48.53.102 host 94.181.119.163 host 146.120.104.227 host 80.76.238.38 host 77.41.138.22 91.240.179.0 255.255.255.0 host 213.87.94.94 host 78.85.28.78 host 86.109.199.218 host 178.161.170.218 host 94.181.119.90 host 78.25.80.122 host 92.55.34.57 host 176.9.88.238 host 78.85.99.241 94.138.150.0 255.255.255.0 host 194.150.90.20 host 94.51.91.50 group-object OBJ_PART_HTC host 95.213.184.82 host 185.137.232.142 host 178.208.83.31 host 37.46.131.147 host 5.227.124.141 host 195.19.101.162 host 194.150.91.170 group-object OBJ_PART_SELECTEL ! object-group network OBJ_PART_Goods4Cust description Makarov N host 109.236.69.166 host 195.209.60.66 ! object-group network OBJ_PART_HEADLINE host 87.249.247.80 ! object-group network OBJ_PART_LOGISTIX host 185.185.58.141 ! object-group network OBJ_PART_ROSA description Naydenov host 217.114.154.92 ! object-group network OBJ_SRV_IRONPORT host 91.240.179.26 host 91.240.179.27 ! object-group network OBJ_SRV_SKYPE host 91.240.179.37 host 91.240.179.38 host 91.240.179.39 ! object-group service OBJ_SVC_ANY_CONNECT tcp eq 443 udp eq 443 ! object-group service OBJ_SVC_FTP tcp eq ftp tcp eq ftp-data tcp range 50000 65535 ! object-group network OBJ_SVC_KSMG host 91.240.179.73 host 91.240.179.74 ! object-group service OBJ_SVC_L2TP udp eq isakmp udp eq non500-isakmp udp eq 1701 tcp eq 1701 esp ! object-group service OBJ_SVC_SFB tcp eq 443 tcp eq 5061 udp eq domain udp eq 3478 ! object-group service OBJ_SVC_VIPole udp range 3000 9000 tcp eq 37210 tcp eq 37212 tcp eq 443 ! object-group network PART_Goods4Cust description Makarov N host 109.236.69.166 host 195.209.60.66 ! object-group network PART_HEADLINE description Nemtyrev host 87.249.247.80 ! object-group network PART_PWEB description Zayrinov host 185.94.174.137 ! object-group network PART_ROSA description Naydenov host 217.114.154.92 ! object-group service SERVICE_FTP tcp eq ftp tcp eq ftp-data tcp range 50000 65535 ! object-group service SERVICE_L2TP udp eq isakmp udp eq non500-isakmp udp eq 1701 tcp eq 1701 esp ! object-group service SERVICE_POSTFIX tcp eq www tcp eq ftp tcp eq ftp-data tcp range 22 telnet tcp range 1024 65535 tcp eq 443 ! object-group network SRV_SERVICEBUS ! object-group network SRV_SKYPE host 91.240.179.37 host 91.240.179.38 host 91.240.179.39 ! object-group network STATIC_ISP_IP host 62.141.96.126 host 94.25.46.122 host 91.240.179.127 ! object-group service SVC_SFB tcp eq 443 tcp eq 5061 udp eq domain udp eq 3478 ! object-group service SVC_VIPole udp range 3000 9000 tcp eq 37210 tcp eq 37212 tcp eq 443 ! username netadmin privilege 15 secret 5 $1$CXvH$yxAGhCkECd7Kdck0iOAtI. ! redundancy bfd-template single-hop BFD-KOMOS interval min-tx 500 min-rx 500 multiplier 3 ! ! ! ! ! ! ! ! crypto isakmp policy 20 encr aes 256 authentication pre-share group 2 crypto isakmp key KGp11KuMK2021 address 94.138.150.1 crypto isakmp key KGp11KuMK2021 address 178.47.128.98 crypto isakmp key KGP11KLS2021 address 5.227.125.114 crypto isakmp key KGP11IZHVOR1582022 address 46.147.130.59 crypto isakmp key KGP11IZHVOR1582022 address 5.227.125.126 ! ! crypto ipsec transform-set TS_GREIPSEC esp-aes 256 esp-sha-hmac mode transport require ! crypto ipsec profile GRE_IPSEC set transform-set TS_GREIPSEC set pfs group2 ! ! ! ! ! ! ! interface Loopback1 ip address 91.240.179.127 255.255.255.255 ! interface Loopback111 description MGM ip address 10.111.13.1 255.255.255.255 ip nat outside ip virtual-reassembly in ! interface Loopback7777 description TK5705m no ip address ! interface Tunnel111 description [CORE] iBGP Transit to IZM bandwidth 200000 ip address 172.30.32.22 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip tcp adjust-mss 1360 ip ospf mtu-ignore keepalive 10 3 bfd template BFD-KOMOS tunnel source Port-channel1.100 tunnel destination 10.4.254.251 ! interface Tunnel201 description IZH-KI-VOR158-RT-1-1 ip address 10.1.50.5 255.255.255.252 no ip redirects ip mtu 1400 ip tcp adjust-mss 1360 keepalive 10 3 bfd interval 300 min_rx 300 multiplier 3 tunnel source Loopback1 tunnel destination 46.147.130.59 tunnel protection ipsec profile GRE_IPSEC ! interface Tunnel202 description IZH-KI-VOR158-RT-1-2 ip address 10.1.50.9 255.255.255.252 no ip redirects ip mtu 1400 ip tcp adjust-mss 1360 keepalive 10 3 bfd interval 300 min_rx 300 multiplier 3 tunnel source Loopback1 tunnel destination 5.227.125.126 tunnel protection ipsec profile GRE_IPSEC ! interface Port-channel1 description [CORE] SW-1-2 no ip address hold-queue 150 in ! interface Port-channel1.100 description REMOTE_MGMT encapsulation dot1Q 100 ip address 10.1.1.2 255.255.255.0 ip flow ingress ip flow egress ! interface Port-channel1.551 description --TRANSIT_HSRP-- encapsulation dot1Q 551 ip address 10.1.239.18 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat inside ip virtual-reassembly in max-fragments 64 max-reassemblies 1024 ! interface Port-channel1.556 description iBGP KOMOS_AS over ER-Telecom encapsulation dot1Q 556 ip address 172.30.32.14 255.255.255.252 ip nat outside ip virtual-reassembly in bfd template BFD-KOMOS ! interface Port-channel1.557 description iBGP KOMOS_AS over MTS encapsulation dot1Q 557 ip address 172.30.32.18 255.255.255.252 ip nat outside ip virtual-reassembly in bfd template BFD-KOMOS ! interface Port-channel1.598 description --BGP_KG_COD_TRANSIT-- encapsulation dot1Q 598 ip address 172.30.30.44 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ! interface GigabitEthernet0/0 description [ISP-100M] BEELINE bandwidth 100000 ip address 62.141.96.126 255.255.255.252 ip access-group ACL_FW_IN in no ip proxy-arp ip nat outside ip inspect Internet out ip virtual-reassembly in ip virtual-reassembly out max-reassemblies 24 duplex auto speed auto no cdp enable ! interface GigabitEthernet0/1 description [ISP-200M] ROSTELECOM bandwidth 100000 ip address 94.25.46.122 255.255.255.252 ip access-group ACL_FW_IN in no ip proxy-arp ip nat outside ip inspect Internet out ip virtual-reassembly in ip virtual-reassembly out max-reassemblies 24 duplex auto speed auto no cdp enable ! interface GigabitEthernet0/2 bandwidth 100000 no ip address duplex auto speed 1000 channel-group 1 ! interface GigabitEthernet0/3 no ip address duplex auto speed 1000 channel-group 1 ! router ospf 111 router-id 10.111.13.1 auto-cost reference-bandwidth 10000 passive-interface default no passive-interface Port-channel1.556 no passive-interface Port-channel1.557 no passive-interface Tunnel111 network 10.111.13.1 0.0.0.0 area 0 network 172.30.32.0 0.0.0.255 area 0 bfd all-interfaces ! router bgp 199014 bgp log-neighbor-changes neighbor PG_IZH-KI-VOR158 peer-group neighbor PG_IZH-KI-VOR158 remote-as 64555 neighbor PG_IZH-KI-VOR158 local-as 64513 no-prepend replace-as neighbor PG_KOMOS_AS peer-group neighbor PG_KOMOS_AS remote-as 199014 neighbor PG_KOMOS_AS description iBGP to IZM neighbor 10.1.50.2 remote-as 65504 neighbor 10.1.50.2 local-as 64513 no-prepend replace-as neighbor 10.1.50.2 description KGR-KUMK-KUMK neighbor 10.1.50.6 peer-group PG_IZH-KI-VOR158 neighbor 10.1.50.10 peer-group PG_IZH-KI-VOR158 neighbor 10.111.12.1 remote-as 199014 neighbor 10.111.12.1 description iBGP to IZM neighbor 10.111.12.1 update-source Loopback111 neighbor 62.141.96.125 remote-as 3216 neighbor 94.25.46.121 remote-as 12389 neighbor 172.30.30.46 remote-as 64513 neighbor 172.30.30.46 description --BGP_WITH_6500-- neighbor 172.30.31.2 remote-as 65505 neighbor 172.30.31.2 local-as 64513 no-prepend replace-as ! address-family ipv4 network 10.1.50.4 mask 255.255.255.252 network 10.1.50.8 mask 255.255.255.252 network 62.141.96.124 mask 255.255.255.252 network 91.240.179.0 mask 255.255.255.128 network 91.240.179.0 mask 255.255.255.0 network 91.240.179.0 route-map SET-COMMUNITY network 94.25.46.120 mask 255.255.255.252 neighbor PG_IZH-KI-VOR158 next-hop-self neighbor PG_IZH-KI-VOR158 soft-reconfiguration inbound neighbor PG_IZH-KI-VOR158 route-map RM_TO_IZH-KI-VOR158 out neighbor PG_KOMOS_AS route-map RM_KOMOS_AS in neighbor PG_KOMOS_AS route-map RM_KOMOS_AS out neighbor 10.1.50.2 activate neighbor 10.1.50.2 route-map RM_FROM_KUMK in neighbor 10.1.50.2 route-map RM_TO_KUMK out neighbor 10.1.50.6 activate neighbor 10.1.50.10 activate neighbor 10.111.12.1 activate neighbor 10.111.12.1 next-hop-self all neighbor 10.111.12.1 route-map RM_KOMOS_AS in neighbor 10.111.12.1 route-map RM_KOMOS_AS out neighbor 62.141.96.125 activate neighbor 62.141.96.125 weight 110 neighbor 62.141.96.125 prefix-list TO-BEELINE out neighbor 62.141.96.125 route-map UPLINK-in in neighbor 94.25.46.121 activate neighbor 94.25.46.121 weight 130 neighbor 94.25.46.121 prefix-list TO-ROSTELECOM out neighbor 94.25.46.121 route-map UPLINK-in in neighbor 172.30.30.46 activate neighbor 172.30.30.46 next-hop-self all neighbor 172.30.30.46 soft-reconfiguration inbound neighbor 172.30.30.46 route-map RM_LOCAL_IN in neighbor 172.30.30.46 route-map RM_LOCAL_OUT out neighbor 172.30.31.2 activate neighbor 172.30.31.2 route-map RM_FROM_KUMK in neighbor 172.30.31.2 route-map RM_TO_KUMK out exit-address-family ! address-family ipv4 multicast exit-address-family ! ip forward-protocol nd ! ip community-list standard MTS permit 2556024535 no ip http server ip http authentication local no ip http secure-server ip flow-export source Port-channel1.100 ip flow-export version 5 ip flow-export destination 10.4.0.215 9995 ip flow-export destination 10.4.0.217 9995 ip flow-top-talkers top 10 sort-by bytes cache-timeout 20000 ! ip tftp source-interface Port-channel1.100 ip nat translation timeout 450 ip nat translation tcp-timeout 300 ip nat translation pptp-timeout 1800 ip nat translation udp-timeout 310 ip nat translation dns-timeout 5 ip nat translation port-timeout tcp 110 60 ip nat translation port-timeout tcp 25 60 ip nat translation port-timeout tcp 80 300 ip nat translation port-timeout tcp 443 300 ip nat translation max-entries all-host 400 ip nat translation max-entries host 192.168.1.100 1000 ip nat translation max-entries host 192.168.2.100 1000 ip nat translation max-entries list 22 150 ip nat translation max-entries host 10.1.12.66 3000 ip nat translation max-entries host 192.168.1.21 1000 ip nat translation max-entries host 10.1.122.227 5000 ip nat translation max-entries host 10.1.19.250 1000 ip nat pool KG-1 91.240.179.50 91.240.179.54 netmask 255.255.255.0 ip nat pool KG-GUEST 91.240.179.55 91.240.179.55 netmask 255.255.255.0 ip nat pool POOL_MAIL_MILKOM 91.240.179.129 91.240.179.129 netmask 255.255.255.252 ip nat pool POOL_MAIL_MILKOM_2 91.240.179.70 91.240.179.70 netmask 255.255.255.252 ip nat pool POOL_HELP_KOMOS 91.240.179.131 91.240.179.131 netmask 255.255.255.0 ip nat pool KAZNACH_RESTRICT 91.240.179.88 91.240.179.88 netmask 255.255.255.0 ip nat pool POOL_OIB 91.240.179.35 91.240.179.35 netmask 255.255.255.0 ip nat inside source list ACL_KAZNACH_RESTRICT pool KAZNACH_RESTRICT overload ip nat inside source list ACL_NAT_OIB pool POOL_OIB overload ip nat inside source route-map RM_NAT_GLOBAL_OVERLOAD pool KG-1 overload no-payload ip nat inside source route-map RM_NAT_HELP_KOMOS pool POOL_HELP_KOMOS overload ip nat inside source route-map RM_NAT_MAIL_MILKOM pool POOL_MAIL_MILKOM overload ip nat inside source route-map RM_NAT_MAIL_MILKOM_2 pool POOL_MAIL_MILKOM_2 overload ip nat inside source route-map RM_NAT_WIRELESS pool KG-GUEST overload no-payload ip nat inside source static udp 192.168.2.25 514 91.240.179.1 514 extendable ip nat inside source static tcp 192.168.2.56 3389 91.240.179.1 3389 extendable ip nat inside source static udp 10.1.12.29 3478 91.240.179.1 3478 extendable ip nat inside source static tcp 192.168.2.56 5060 91.240.179.1 5060 extendable ip nat inside source static tcp 10.1.12.29 8080 91.240.179.1 8080 extendable ip nat inside source static tcp 192.168.2.38 9000 91.240.179.1 9000 extendable ip nat inside source static tcp 192.168.2.80 1433 91.240.179.2 1433 extendable ip nat inside source static tcp 192.168.3.143 3389 91.240.179.2 3389 extendable ip nat inside source static tcp 192.168.2.209 3389 91.240.179.2 3391 extendable ip nat inside source static tcp 192.168.2.101 3389 91.240.179.2 3392 extendable ip nat inside source static tcp 10.1.8.15 3389 91.240.179.2 3394 extendable ip nat inside source static tcp 192.168.2.35 3389 91.240.179.3 3389 extendable ip nat inside source static tcp 192.168.2.19 3389 91.240.179.4 3389 extendable ip nat inside source static tcp 192.168.2.72 443 91.240.179.5 443 extendable ip nat inside source static tcp 192.168.2.72 2195 91.240.179.5 2195 extendable ip nat inside source static tcp 192.168.2.72 2196 91.240.179.5 2196 extendable ip nat inside source static tcp 192.168.2.72 5223 91.240.179.5 5223 extendable ip nat inside source static tcp 192.168.2.34 3389 91.240.179.6 3389 extendable ip nat inside source static tcp 192.168.2.9 80 91.240.179.7 80 extendable ip nat inside source static tcp 192.168.2.9 3389 91.240.179.7 3389 extendable ip nat inside source static tcp 10.1.12.66 80 91.240.179.8 80 extendable ip nat inside source static tcp 10.1.12.66 443 91.240.179.8 443 extendable ip nat inside source static tcp 10.1.12.66 22 91.240.179.8 2109 extendable ip nat inside source static tcp 10.1.12.66 8893 91.240.179.8 8893 extendable ip nat inside source static tcp 10.1.12.66 8894 91.240.179.8 8894 extendable ip nat inside source static tcp 192.168.2.21 3389 91.240.179.10 3389 extendable ip nat inside source static 192.168.2.131 91.240.179.12 ip nat inside source static tcp 192.168.2.3 1433 91.240.179.16 1433 extendable ip nat inside source static 192.168.2.100 91.240.179.17 ip nat inside source static 192.168.1.81 91.240.179.18 ip nat inside source static 192.168.2.55 91.240.179.19 ip nat inside source static tcp 192.168.2.15 1433 91.240.179.21 1433 extendable ip nat inside source static tcp 192.168.2.13 1433 91.240.179.22 1433 extendable ip nat inside source static tcp 192.168.2.27 3389 91.240.179.23 3389 extendable ip nat inside source static 10.1.24.3 91.240.179.31 no-payload ip nat inside source static tcp 192.168.2.185 80 91.240.179.33 80 extendable ip nat inside source static tcp 192.168.2.185 3389 91.240.179.33 3389 extendable ip nat inside source static tcp 192.168.2.90 8080 91.240.179.34 8080 extendable ip nat inside source static tcp 10.4.38.2 443 91.240.179.36 443 extendable ip nat inside source static 10.4.38.2 91.240.179.36 ip nat inside source static 192.168.2.94 91.240.179.42 ip nat inside source static 192.168.2.33 91.240.179.43 ip nat inside source static 192.168.2.39 91.240.179.44 ip nat inside source static tcp 10.1.12.68 80 91.240.179.46 80 extendable ip nat inside source static tcp 10.1.12.68 443 91.240.179.46 443 extendable ip nat inside source static 10.4.38.1 91.240.179.48 ip nat inside source static tcp 192.168.2.88 3389 91.240.179.49 3391 extendable ip nat inside source static tcp 192.168.2.88 8080 91.240.179.49 8080 extendable ip nat inside source static tcp 192.168.2.88 9099 91.240.179.49 9099 extendable ip nat inside source static tcp 192.168.2.88 9500 91.240.179.49 9500 extendable ip nat inside source static 10.1.12.2 91.240.179.57 ip nat inside source static 192.168.3.233 91.240.179.58 ip nat inside source static tcp 192.168.2.45 3389 91.240.179.68 3389 extendable ip nat inside source static tcp 192.168.2.45 5061 91.240.179.68 5060 extendable ip nat inside source static 10.1.123.8 91.240.179.70 ip nat inside source static tcp 10.4.0.45 443 91.240.179.72 443 extendable ip nat inside source static 10.4.38.21 91.240.179.73 ip nat inside source static 10.4.38.22 91.240.179.74 ip nat inside source static 10.4.7.6 91.240.179.129 ip nat inside source static tcp 10.4.0.184 80 91.240.179.131 80 extendable ip nat inside source static tcp 10.4.0.184 443 91.240.179.131 443 extendable ip nat inside source static tcp 10.4.0.184 2013 91.240.179.131 2013 extendable ip nat inside source static 10.4.0.120 91.240.179.133 ip nat inside source static tcp 192.168.3.64 3389 91.240.179.178 4477 extendable ip nat inside source static tcp 10.1.12.1 80 91.240.179.251 80 extendable ip nat inside source static tcp 10.1.12.1 443 91.240.179.251 443 extendable ip route 10.1.12.70 255.255.255.255 10.1.239.22 100 name --DMZ_1-- ip route 10.111.0.11 255.255.255.255 172.30.30.46 name LO_IZM-RT-1-1 ip route 91.240.179.0 255.255.255.0 Null0 254 name KOMOS_PI ip route 91.240.179.254 255.255.255.255 172.30.30.46 name Lo11_SW-1-1 ip ssh version 2 ! ip access-list standard ACL_ACCESS_NET deny 10.1.122.17 deny 10.1.122.19 deny 10.1.123.1 deny 10.1.123.2 deny 10.1.123.3 deny 10.1.123.4 deny 10.1.123.5 deny 10.1.123.6 deny 10.1.123.7 deny 10.1.123.8 deny 10.1.123.9 permit 192.168.0.0 0.0.3.255 permit 10.1.19.0 0.0.0.255 permit 10.1.4.0 0.0.3.255 permit 10.1.20.0 0.0.3.255 permit 10.1.28.0 0.0.0.255 permit 10.1.8.0 0.0.1.255 permit 10.1.26.0 0.0.0.255 permit 10.1.27.0 0.0.0.255 permit 10.1.122.0 0.0.0.255 permit 10.1.123.0 0.0.0.255 permit 10.1.2.0 0.0.1.255 permit 10.1.249.0 0.0.0.63 permit 10.1.31.0 0.0.0.255 permit 10.1.32.0 0.0.0.255 permit 10.1.39.0 0.0.0.255 ip access-list standard ACL_DMZ_1_NET permit 10.1.12.64 0.0.0.31 ip access-list standard ACL_DMZ_NET permit 10.1.18.0 0.0.0.255 permit 10.1.12.0 0.0.0.63 ip access-list standard ACL_KAZNACH_RESTRICT permit 10.1.55.0 0.0.0.255 ip access-list standard ACL_NAT_ASAv permit 10.1.1.108 permit 10.1.1.109 ip access-list standard ACL_NAT_HELP_KOMOS permit 10.4.0.184 ip access-list standard ACL_NAT_MAIL_MILKOM permit 10.4.7.0 0.0.0.7 ip access-list standard ACL_NAT_MAIL_MILKOM_2 permit 10.1.123.1 permit 10.1.123.2 permit 10.1.123.3 permit 10.1.123.4 permit 10.1.123.5 permit 10.1.123.6 permit 10.1.123.7 permit 10.1.123.8 permit 10.1.123.9 ip access-list standard ACL_NAT_MK permit 10.14.30.0 0.0.0.255 permit 10.14.26.0 0.0.0.255 ip access-list standard ACL_NAT_OIB permit 10.1.8.7 ip access-list standard ACL_WIRELESS_NET permit 10.1.13.0 0.0.0.255 permit 10.1.34.0 0.0.1.255 permit 10.1.38.0 0.0.0.255 ! ip access-list extended ACL_FROM_KUMK deny tcp any any eq 445 permit ip any 10.12.0.0 0.0.255.255 permit ip host 10.1.50.2 host 10.1.50.1 permit icmp 10.12.1.0 0.0.0.255 any permit icmp 10.12.0.0 0.0.0.255 any permit ip 10.12.1.0 0.0.0.255 host 10.1.9.207 permit ip 10.12.1.0 0.0.0.255 host 192.168.8.137 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.43 permit ip 10.12.0.0 0.0.0.255 host 10.4.0.214 permit ip host 10.12.0.254 any permit ip 10.12.0.0 0.0.127.255 10.12.252.0 0.0.3.255 permit ip 10.12.252.0 0.0.3.255 10.12.0.0 0.0.127.255 permit ip host 172.30.31.2 host 172.30.31.1 permit ip host 10.12.252.254 any permit tcp any any eq domain permit udp any any eq domain permit ip any host 10.1.8.14 permit icmp any any permit ip any host 10.1.9.207 permit ip any host 10.4.0.214 permit ip 10.12.4.0 0.0.0.255 any permit ip 10.12.1.0 0.0.0.255 host 10.4.0.14 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.15 permit ip any host 10.4.0.15 permit ip any host 10.4.0.14 permit tcp any any eq 8291 ip access-list extended ACL_FW_IN permit icmp any any permit tcp any object-group STATIC_ISP_IP eq bgp permit ip object-group OBJ_BRANCHES 91.240.179.0 0.0.0.255 permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP deny tcp any object-group STATIC_ISP_IP eq 22 deny ip object-group OBJ_NET_BLACKLIST any permit tcp any host 91.240.179.1 eq 443 2109 3000 8080 9000 9090 permit udp any host 91.240.179.1 eq 3478 syslog permit tcp any host 91.240.179.5 eq 82 www 443 1433 2195 2196 5223 permit tcp any host 91.240.179.11 eq domain permit udp any host 91.240.179.11 eq domain permit tcp any host 91.240.179.20 eq 443 permit udp any host 91.240.179.28 eq non500-isakmp isakmp permit tcp any host 91.240.179.31 eq 7789 permit tcp any host 91.240.179.36 eq www 443 permit tcp any host 91.240.179.40 eq 443 permit tcp any host 91.240.179.48 eq www 443 permit tcp any host 91.240.179.49 eq 8080 9099 permit tcp any host 91.240.179.57 eq www 443 8082 10001 12001 permit tcp any host 91.240.179.66 eq 443 pop3 www permit tcp any host 91.240.179.68 eq 5060 permit tcp any host 91.240.179.70 eq smtp www pop3 143 443 587 993 995 permit tcp any host 91.240.179.129 eq smtp www pop3 143 443 587 993 995 permit tcp any host 91.240.179.178 eq 4477 permit tcp any host 91.240.179.251 eq www 443 permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.2 eq 1433 permit tcp object-group OBJ_PART_Goods4Cust host 91.240.179.5 eq 3395 5671 5672 15672 permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.1 eq 3389 permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.49 eq 3391 permit tcp object-group OBJ_PART_HEADLINE host 91.240.179.68 eq 3389 permit tcp object-group OBJ_PART_ROSA host 91.240.179.131 eq www 443 permit tcp object-group OBJ_PART_HTC host 91.240.179.71 permit object-group OBJ_SVC_VIPole any host 91.240.179.32 permit object-group OBJ_SVC_SFB any object-group OBJ_SRV_SKYPE permit object-group OBJ_SVC_ANY_CONNECT any object-group OBJ_NET_CISCOASA permit object-group OBJ_SVC_L2TP any host 91.240.179.28 permit object-group OBJ_SVC_FTP object-group OBJ_NET_FTP_USERS host 91.240.179.71 permit tcp any object-group OBJ_SVC_KSMG eq smtp permit tcp any object-group OBJ_SRV_IRONPORT eq smtp ip access-list extended ACL_VTY permit ip 10.1.0.0 0.0.255.255 any permit ip 10.4.0.0 0.0.255.255 any permit ip 10.14.112.0 0.0.15.255 any deny ip any any log ip access-list extended FIREWALL deny tcp any object-group STATIC_ISP_IP eq 22 permit tcp any host 91.240.179.31 eq 7789 permit ip any host 91.240.179.35 permit tcp 17.0.0.0 0.0.0.255 91.240.179.0 0.0.0.255 eq 5223 permit tcp any host 91.240.179.36 eq www 443 permit tcp any host 91.240.179.20 eq 443 permit tcp any host 91.240.179.48 eq www 443 permit tcp any host 91.240.179.11 eq domain permit udp any host 91.240.179.11 eq domain permit ip 17.0.0.0 0.0.0.255 91.240.179.0 0.0.0.255 permit ip object-group OBJ_BRANCHES 91.240.179.0 0.0.0.255 permit udp any host 91.240.179.28 eq isakmp permit udp any host 91.240.179.28 eq non500-isakmp deny ip object-group NET_BLACKLIST any permit tcp any host 91.240.179.5 eq www 443 1433 2195 2196 5223 permit tcp object-group PART_ROSA host 91.240.179.131 eq www 443 permit object-group SVC_VIPole any host 91.240.179.32 permit tcp object-group PART_Goods4Cust host 91.240.179.5 eq 3395 5671 5672 15672 permit tcp object-group PART_Goods4Cust host 91.240.179.2 eq 1433 permit gre any host 91.240.179.55 permit tcp any host 91.240.179.49 eq 8080 permit tcp any host 91.240.179.49 eq 9099 permit tcp object-group PART_HEADLINE host 91.240.179.49 eq 3391 permit tcp any host 91.240.179.1 eq 443 permit tcp any host 91.240.179.1 eq 3000 permit tcp any host 91.240.179.5 eq 82 permit tcp any host 91.240.179.1 eq 8080 permit tcp any host 91.240.179.1 eq 9090 permit tcp object-group PART_HEADLINE host 91.240.179.68 eq 3389 permit tcp object-group PART_HEADLINE host 91.240.179.1 eq 3389 permit object-group SVC_SFB any object-group SRV_SKYPE permit tcp any host 91.240.179.40 eq 443 permit ip host 178.47.128.98 host 91.240.179.254 permit gre object-group GRE_TUNNEL host 91.240.179.254 permit udp object-group GRE_TUNNEL host 91.240.179.254 eq isakmp permit ip host 94.138.150.1 host 91.240.179.254 permit ip object-group GRE_TUNNEL host 91.240.179.127 permit tcp any host 91.240.179.70 eq smtp www pop3 143 443 587 993 995 deny tcp any host 91.240.179.70 eq 3389 permit tcp any host 91.240.179.129 eq smtp www pop3 143 443 587 993 995 permit tcp any host 91.240.179.66 eq 443 permit tcp any host 91.240.179.66 eq pop3 permit tcp any host 91.240.179.66 eq www deny tcp any host 91.240.179.66 eq 3389 permit tcp any host 91.240.179.57 eq www 443 8082 10001 12001 permit ip any host 91.240.179.85 permit udp any host 91.240.179.1 eq 3478 permit object-group ANY_CONNECT any host 91.240.179.28 permit object-group L2TP any host 91.240.179.28 permit object-group ANY_CONNECT any host 91.240.179.29 permit object-group ANY_CONNECT any host 91.240.179.30 permit udp any host 91.240.179.1 eq syslog permit icmp any any permit tcp any host 91.240.179.178 eq 4477 permit udp any eq ntp any permit tcp any host 91.240.179.1 eq 9000 permit tcp any host 91.240.179.251 eq www permit tcp any host 91.240.179.251 eq 443 permit tcp any host 91.240.179.1 eq 2109 permit tcp any any eq bgp permit tcp any host 91.240.179.68 eq 5060 permit tcp any object-group IRONPORT_SERVERS eq smtp permit ip host 178.208.83.31 host 91.240.179.71 permit object-group SERVICE_FTP object-group FTP_USERS host 91.240.179.71 permit object-group SERVICE_L2TP any host 91.240.179.128 deny tcp any 91.240.179.0 0.0.0.31 eq 3389 permit object-group ANY_CONNECT any object-group OBJ_CISCOASA permit tcp any object-group OBJ_KSMG eq smtp ! ! ip prefix-list Deny_Reserved_Net seq 5 deny 0.0.0.0/8 le 24 ip prefix-list Deny_Reserved_Net seq 10 deny 10.0.0.0/8 le 24 ip prefix-list Deny_Reserved_Net seq 15 deny 100.64.0.0/10 le 24 ip prefix-list Deny_Reserved_Net seq 20 deny 127.0.0.0/8 le 24 ip prefix-list Deny_Reserved_Net seq 25 deny 169.254.0.0/16 le 24 ip prefix-list Deny_Reserved_Net seq 30 deny 172.16.0.0/12 le 24 ip prefix-list Deny_Reserved_Net seq 35 deny 192.0.0.0/24 ip prefix-list Deny_Reserved_Net seq 40 deny 192.0.2.0/24 ip prefix-list Deny_Reserved_Net seq 45 deny 192.168.0.0/16 le 24 ip prefix-list Deny_Reserved_Net seq 50 deny 198.18.0.0/15 le 24 ip prefix-list Deny_Reserved_Net seq 55 deny 198.51.100.0/24 ip prefix-list Deny_Reserved_Net seq 60 deny 203.0.113.0/24 ip prefix-list Deny_Reserved_Net seq 65 deny 240.0.0.0/4 le 24 ip prefix-list Deny_Reserved_Net seq 100 permit 0.0.0.0/0 le 22 ! ip prefix-list PFL_ROUTE_FROM_MLK seq 10 permit 10.4.0.0/14 le 24 ip prefix-list PFL_ROUTE_FROM_MLK seq 20 permit 192.168.0.0/16 ip prefix-list PFL_ROUTE_FROM_MLK seq 30 permit 172.17.100.0/29 ip prefix-list PFL_ROUTE_FROM_MLK seq 40 permit 172.31.31.0/24 ip prefix-list PFL_ROUTE_FROM_MLK seq 50 permit 172.31.35.0/24 ! ip prefix-list PFL_TO_6500 seq 5 permit 10.12.252.0/22 ip prefix-list PFL_TO_6500 seq 10 permit 10.12.0.0/17 ip prefix-list PFL_TO_6500 seq 15 permit 10.14.112.0/20 le 32 ip prefix-list PFL_TO_6500 seq 20 permit 10.1.50.0/24 le 30 ip prefix-list PFL_TO_6500 seq 25 permit 10.111.0.21/32 ip prefix-list PFL_TO_6500 seq 100 deny 0.0.0.0/0 le 32 ! ip prefix-list PL_FROM_KLS seq 10 permit 10.14.100.0/22 ! ip prefix-list PL_FROM_KUMK seq 5 permit 10.12.0.0/16 le 24 ip prefix-list PL_FROM_KUMK seq 10 permit 10.12.252.0/22 ! ip prefix-list PL_KOMOS_AS seq 5 permit 0.0.0.0/0 ip prefix-list PL_KOMOS_AS seq 10 permit 91.240.179.0/24 le 32 ! ip prefix-list PL_LOCAL_IN seq 5 deny 0.0.0.0/0 ip prefix-list PL_LOCAL_IN seq 10 permit 10.0.0.0/8 le 32 ip prefix-list PL_LOCAL_IN seq 15 permit 192.168.0.0/16 le 32 ip prefix-list PL_LOCAL_IN seq 20 permit 172.16.0.0/12 le 32 ip prefix-list PL_LOCAL_IN seq 25 permit 91.240.179.0/24 ge 32 ! ip prefix-list PL_LOCAL_OUT seq 10 permit 10.0.0.0/8 le 32 ip prefix-list PL_LOCAL_OUT seq 15 permit 192.168.0.0/16 le 32 ip prefix-list PL_LOCAL_OUT seq 20 permit 172.16.0.0/12 le 32 ip prefix-list PL_LOCAL_OUT seq 25 permit 91.240.179.0/24 ge 32 ! ip prefix-list PL_TO_IZH-KI-VOR158 seq 5 permit 10.0.0.0/8 le 24 ip prefix-list PL_TO_IZH-KI-VOR158 seq 10 permit 192.168.0.0/16 le 24 ip prefix-list PL_TO_IZH-KI-VOR158 seq 15 permit 172.31.35.0/24 ! ip prefix-list PL_TO_KLS seq 5 permit 10.0.0.0/8 le 24 ip prefix-list PL_TO_KLS seq 10 permit 192.168.0.0/16 le 24 ! ip prefix-list PL_TO_KUMK seq 5 permit 10.1.0.0/16 le 24 ip prefix-list PL_TO_KUMK seq 10 permit 10.4.0.0/16 le 24 ! ip prefix-list TEST_ARR seq 5 permit 91.240.179.243/32 ! ip prefix-list TO-BEELINE seq 5 permit 91.240.179.0/24 ip prefix-list TO-BEELINE seq 10 permit 91.240.179.0/25 ! ip prefix-list TO-ROSTELECOM seq 5 permit 91.240.179.0/24 ! ip prefix-list local seq 5 permit 91.240.179.0/24 kron occurrence EveryDay at 1:00 recurring policy-list SaveBackup ! kron policy-list SaveBackup cli write memory ! logging trap debugging logging origin-id hostname logging facility local1 logging source-interface Port-channel1.100 logging host 192.168.2.25 logging host 10.4.244.4 transport udp port 515 ! route-map RM_FROM_KUMK permit 10 match ip address prefix-list PL_FROM_KUMK ! route-map RM_NAT_MAIL_MILKOM permit 10 match ip address ACL_NAT_MAIL_MILKOM ! route-map RM_NAT_GLOBAL_OVERLOAD permit 10 match ip address ACL_ACCESS_NET ACL_DMZ_NET ACL_DMZ_1_NET ACL_NAT_ASAv ACL_NAT_MK ! route-map RM_TO_KUMK permit 10 match ip address prefix-list PL_TO_KUMK ! route-map RM_LOCAL_OUT permit 10 match ip address prefix-list PL_LOCAL_OUT ! route-map MTS-OUT permit 10 match community 39001:54999 ! route-map RM_TO_IZH-KI-VOR158 permit 10 match ip address prefix-list PL_TO_IZH-KI-VOR158 ! route-map UPLINK-in permit 10 match ip address prefix-list Deny_Reserved_Net set local-preference 500 ! route-map SET-COMMUNITY permit 10 set community 2556024535 ! route-map RM_NAT_WIRELESS permit 10 match ip address ACL_WIRELESS_NET ! route-map RM_TO_KLS permit 10 match ip address prefix-list PL_TO_KLS ! route-map RM_LOCAL_IN permit 10 match ip address prefix-list PL_LOCAL_IN ! route-map RM_TEST_SLA permit 10 ! route-map RM_KOMOS_AS permit 10 match ip address prefix-list PL_KOMOS_AS ! route-map RM_FROM_KLS permit 10 match ip address prefix-list PL_FROM_KLS ! route-map RM_NAT_HELP_KOMOS permit 10 match ip address ACL_NAT_HELP_KOMOS ! route-map RM_NAT_MAIL_MILKOM_2 permit 10 match ip address ACL_NAT_MAIL_MILKOM_2 ! ! snmp-server community lmTUEsk6Yvlv RO snmp-server host 10.1.122.227 lmTUEsk6Yvlv access-list 11 remark -==NTP CLIENTS==- access-list 11 permit 10.1.1.0 0.0.0.255 access-list 11 permit 172.168.1.0 0.0.0.3 access-list 11 permit 10.1.25.0 0.0.0.255 access-list 11 deny any ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! ! ! control-plane ! alias exec sib show ip int brief privilege exec all level 7 show cdp privilege exec all level 7 show running-config privilege exec all level 7 show configuration privilege exec level 7 show ! line con 0 logging synchronous login authentication CONSOLE line aux 0 line vty 0 4 access-class ACL_VTY in vrf-also exec-timeout 120 0 login authentication NPS length 0 transport input ssh line vty 5 15 access-class ACL_VTY in vrf-also exec-timeout 120 0 login authentication NPS transport input ssh ! scheduler allocate 20000 1000 ntp source Port-channel1.551 ntp access-group serve 11 ntp master 3 ntp update-calendar ntp server 10.1.8.1 ntp server 10.1.8.2 ! end