Building configuration... Current configuration : 47041 bytes ! ! Last configuration change at 11:03:10 IZH Tue Jul 19 2022 by adm_kapustinal ! NVRAM config last updated at 01:00:00 IZH Thu Jul 28 2022 ! version 16.9 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime localtime service password-encryption service sequence-numbers service unsupported-transceiver platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core platform hardware throughput level 1000000 ! hostname IZH-KG-P11-RT-1-4 ! boot-start-marker boot system flash isr4400-universalk9.16.09.04.SPA.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 65536 enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1 ! aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip vrf forwarding Mgmt-intf ip radius source-interface GigabitEthernet0 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common clock timezone IZH 4 0 ! ip host tftp 10.4.0.214 no ip domain lookup ip domain name komos.ru ! ! ! login on-success log ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! multilink bundle-name authenticated ! flow exporter FLOW_EXPORTER_NTOP destination 10.4.0.215 source GigabitEthernet0/0/1.551 transport udp 9995 export-protocol netflow-v5 ! ! flow exporter FLOW_EXPORTER_CISCO destination 10.4.0.217 source GigabitEthernet0/0/1.551 transport udp 9995 export-protocol netflow-v5 ! ! flow monitor FLOW_MONITOR_INPUT description input exporter FLOW_EXPORTER_CISCO cache timeout inactive 10 cache timeout active 60 record netflow ipv4 original-input ! ! flow monitor FLOW_MONITOR_OUTPUT description output exporter FLOW_EXPORTER_CISCO cache timeout inactive 10 cache timeout active 60 record netflow ipv4 original-output ! ! ! ! crypto pki trustpoint TP-self-signed-2363434832 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2363434832 revocation-check none rsakeypair TP-self-signed-2363434832 ! ! crypto pki certificate chain TP-self-signed-2363434832 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32333633 34333438 3332301E 170D3139 30393034 31303437 32385A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33363334 33343833 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100CE13 360EE118 1FD80BA9 3A3B82FA BFF8353C AA5EC046 1A53D50D 3144AFF4 6A263B2E D519E509 A0979C8F 2CE57BDB CF71B52F 2B2A9674 780128EC A2035953 4A7AAC91 DE35D974 8B06245E DB302B23 73EF3CD1 EC9B666D BEDBF006 57E3D140 A6E3ACFD 1D1F127A 97588ED0 D8881EBE 4FD78D02 0C512804 8831E31B 96D0987E 8B95B976 532B3FF0 D1BC5D57 B4F72477 AA62F439 7EE8192F E697C9CE 6C1E1569 425AB397 5551B1AC 824523CC 3FFD55F6 068C4A44 C6EB095F CF70FAB1 71FF6633 1247D83E 6A9140EF B9C87E4F 6C5C2A16 10ED10D1 47CEEFD2 507DE555 453E7E56 EA37BB43 68BA1C81 3C693B71 653B8898 1A26385E 0AB6E054 908ED99D 6EF5930A 538B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 1438E369 59FC92BA 8DED2B12 C8B1DAD4 C1758151 1F301D06 03551D0E 04160414 38E36959 FC92BA8D ED2B12C8 B1DAD4C1 7581511F 300D0609 2A864886 F70D0101 05050003 82010100 5ABB039B 0150A35A 7A83A051 83BC6BB7 067D491F 3B7196A6 5848F3A5 C321D8C4 AF46F22E 3A1A6216 A1E18FFB 8D91FE67 101605FC DAF618FE C40E954E BDF6CCAF A109E140 364372FF 7C1BF3B6 64EDE796 B7A9CFBC D5BB240F 291F609F FB4A4AF4 081F027A 4C95EF59 1155384D 7F5389D5 02A273BB 17791B34 171DEBB1 ECF3C34F 130E70AB 038DD10C 2280D550 A8156BE5 0B8B0749 2BBF815E 45C9B806 4E522325 80FA3C10 C0CE29EA F9D21591 B3F28070 3D7E4CFE FE213BB0 E5C4D9C3 1181BC0D 64C09068 658F317A 51429A86 126AC059 90B475CB EEF13495 1F8D534A 8769D760 C8A86CCE 59F681F7 FF56BCCD 4B56CF93 8775F5A1 57C725F5 CE5DDCAC BE32F63D quit ! license udi pid ISR4431/K9 sn FOC23172U6P license boot level securityk9 no license smart enable diagnostic bootup level minimal ! spanning-tree extend system-id archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf write-memory time-period 10080 ! ! ! ! ! object-group network OBJ_BBN_RN_BBN host 85.140.32.104 host 78.85.13.205 ! object-group network OBJ_BEECLOUD host 82.142.146.70 ! object-group network OBJ_IZH_MLK_IZM host 85.140.32.27 host 78.85.13.42 host 5.227.126.169 host 31.173.105.54 host 217.14.195.253 host 85.175.86.74 ! object-group network OBJ_IZH_KG_P11 91.240.179.0 255.255.255.0 host 5.227.124.143 host 78.85.13.93 host 62.141.96.126 host 84.201.247.190 host 88.80.33.50 host 94.25.46.122 ! object-group network OBJ_IZH_VST_IZM host 5.227.124.82 host 78.85.13.38 ! object-group network OBJ_IZH_TK_M44 host 212.46.204.74 host 88.80.33.162 ! object-group network OBJ_IZH_TK_M48 host 87.249.237.250 ! object-group network OBJ_IZH_TK_SMR host 87.249.239.226 host 88.80.33.42 ! object-group network OBJ_MSK_KG_MSK host 185.62.195.150 host 185.6.175.101 ! object-group network OBJ_GLZ_MLK_GMK host 31.173.105.62 host 85.140.32.29 ! object-group network OBJ_KZN_MLK_KMK host 83.69.126.54 host 94.180.253.210 host 78.138.171.82 ! object-group network OBJ_KEZ_MLK_KZS host 31.173.105.66 host 78.85.13.52 host 85.140.32.30 ! object-group network OBJ_PRM_MLK_PHK host 178.47.128.18 host 46.146.210.68 ! object-group network OBJ_SAR_MLK_SRM host 31.173.105.58 host 78.85.13.53 host 85.140.32.28 ! object-group network OBJ_CLB_MLK_CMK host 37.113.128.241 host 149.255.6.35 ! object-group network OBJ_GLZ_GKZ_GKZ host 78.85.13.94 host 146.120.104.181 ! object-group network OBJ_KIA_RN_KIA host 78.85.14.97 ! object-group network OBJ_IZH_TZK_TZK host 78.25.80.134 host 5.227.124.235 ! object-group network OBJ_IZH_MK_VS17 host 5.227.124.141 ! object-group network OBJ_IZH_KL_KLI host 78.85.15.85 host 84.201.247.24 host 79.175.36.97 host 84.201.244.235 ! object-group network OBJ_EKB_KG_EKB host 62.168.232.182 host 176.215.14.11 ! object-group network OBJ_IZH_KEN_VS56 host 83.143.54.246 host 92.55.54.109 ! object-group network OBJ_IZH_VRS_IZM host 85.140.32.177 host 78.85.14.98 ! object-group network OBJ_GLZ_VRS_UPF host 95.215.208.234 host 78.85.13.119 ! object-group network OBJ_IZH_VRS_IPF host 85.140.32.141 host 78.85.13.117 ! object-group network OBJ_IZH_VRS_PFV host 85.140.32.178 host 94.181.119.90 host 78.85.33.50 ! object-group network OBJ_VOT_VRS_VPF host 78.85.13.118 host 88.80.33.14 ! object-group network OBJ_PRM_VRS_MPF host 178.47.130.10 host 5.227.121.127 ! object-group network OBJ_LAI_VRS_DPF host 178.205.241.114 host 46.232.164.108 ! object-group network OBJ_ITL_VST_ITL host 5.227.124.130 host 78.85.34.99 host 81.211.13.82 ! object-group network OBJ_MZH_VST_MZH host 88.80.33.250 host 83.169.220.171 ! object-group network OBJ_KIA_VST_KIA host 85.140.32.24 host 188.94.168.238 ! object-group network OBJ_KGB_VST_KBB host 78.85.37.88 host 88.80.33.154 ! object-group network OBJ_SAR_VST_SMK host 78.85.19.93 host 88.80.33.234 ! object-group network OBJ_KNK_VST_KMK host 178.161.242.67 ! object-group network OBJ_SHM_TMA_SHM host 89.232.91.106 host 31.173.182.210 ! object-group network OBJ_MSB_TMA_MSB host 78.138.182.214 ! object-group network OBJ_EVL_TMA_EVL host 89.232.102.166 ! object-group network OBJ_KIB_TMA_KIB host 78.138.182.126 ! object-group network OBJ_IZH_KM_S61 host 84.201.247.32 host 88.80.33.194 ! object-group network OBJ_YAN_GKZ_YEL host 77.94.97.222 ! object-group network OBJ_KUN_KMK_B2 94.138.150.0 255.255.255.0 ! object-group network OBJ_KUN_KMK_H80 host 178.161.207.26 host 77.43.193.88 ! object-group network OBJ_KUN_KMK_CH9 host 178.47.128.98 host 194.150.90.20 host 194.150.91.170 ! object-group network OBJ_KGB_RN_KGB host 78.85.13.165 ! object-group network OBJ_NCH_RN_NCH host 78.85.13.166 ! object-group network OBJ_PRI_RN_PRI host 78.85.13.167 ! object-group network OBJ_URN_RN_URN host 78.85.20.49 ! object-group network OBJ_MZH_TK_TKM host 88.80.32.230 host 78.85.35.34 ! object-group network OBJ_GLZ_TK_TKG host 95.215.208.240 host 146.120.104.235 host 95.215.208.173 ! object-group network OBJ_IZH_TK_M21 host 84.201.242.133 ! object-group network OBJ_IZH_HLA_PP host 92.61.17.250 ! object-group network OBJ_IZH_HLA_UHK host 92.55.7.148 ! object-group network OBJ_IZH_VD_VS17 host 84.201.247.100 ! object-group network OBJ_IZH_KS_H17 85.140.32.64 255.255.255.252 host 85.140.32.63 host 85.140.32.68 ! object-group network OBJ_IZH_VST_VS298 host 91.144.167.3 host 178.176.100.154 ! object-group network OBJ_SPB_KG_SPB host 94.72.27.43 host 62.141.114.190 ! object-group network OBJ_IZH_VRS_AKS host 5.227.124.50 host 87.249.233.80 ! object-group network OBJ_CLOUD_RT host 195.19.101.162 ! object-group network OBJ_IZH_KI_VOR158 host 46.147.130.59 host 5.227.125.126 ! object-group network OBJ_BRANCHES group-object OBJ_IZH_MLK_IZM group-object OBJ_IZH_KG_P11 group-object OBJ_IZH_VST_IZM group-object OBJ_IZH_TK_M44 group-object OBJ_IZH_TK_M48 group-object OBJ_IZH_TK_SMR group-object OBJ_MSK_KG_MSK group-object OBJ_GLZ_MLK_GMK group-object OBJ_KZN_MLK_KMK group-object OBJ_KEZ_MLK_KZS group-object OBJ_PRM_MLK_PHK group-object OBJ_SAR_MLK_SRM group-object OBJ_CLB_MLK_CMK group-object OBJ_BBN_RN_BBN group-object OBJ_GLZ_GKZ_GKZ group-object OBJ_KIA_RN_KIA group-object OBJ_IZH_TZK_TZK group-object OBJ_IZH_MK_VS17 group-object OBJ_IZH_KL_KLI group-object OBJ_EKB_KG_EKB group-object OBJ_IZH_KEN_VS56 group-object OBJ_IZH_VRS_IZM group-object OBJ_GLZ_VRS_UPF group-object OBJ_IZH_VRS_IPF group-object OBJ_IZH_VRS_PFV group-object OBJ_VOT_VRS_VPF group-object OBJ_PRM_VRS_MPF group-object OBJ_LAI_VRS_DPF group-object OBJ_ITL_VST_ITL group-object OBJ_MZH_VST_MZH group-object OBJ_KIA_VST_KIA group-object OBJ_KGB_VST_KBB group-object OBJ_SAR_VST_SMK group-object OBJ_KNK_VST_KMK group-object OBJ_SHM_TMA_SHM group-object OBJ_MSB_TMA_MSB group-object OBJ_EVL_TMA_EVL group-object OBJ_KIB_TMA_KIB group-object OBJ_IZH_KM_S61 group-object OBJ_YAN_GKZ_YEL group-object OBJ_KUN_KMK_B2 group-object OBJ_KUN_KMK_H80 group-object OBJ_KUN_KMK_CH9 group-object OBJ_KGB_RN_KGB group-object OBJ_NCH_RN_NCH group-object OBJ_PRI_RN_PRI group-object OBJ_URN_RN_URN group-object OBJ_MZH_TK_TKM group-object OBJ_GLZ_TK_TKG group-object OBJ_IZH_TK_M21 group-object OBJ_IZH_HLA_PP group-object OBJ_IZH_HLA_UHK group-object OBJ_IZH_VD_VS17 group-object OBJ_IZH_KS_H17 group-object OBJ_IZH_VST_VS298 group-object OBJ_SPB_KG_SPB group-object OBJ_IZH_VRS_AKS group-object OBJ_CLOUD_RT group-object OBJ_IZH_KI_VOR158 ! object-group network STATIC_ISP_IP host 78.85.13.93 host 195.239.120.225 ! ! ! username netadmin privilege 15 secret 5 $1$Wk4d$y8WZdYo4LIMHBGEMNyDCb0 ! redundancy mode none ! ! ! ! ! ! ! class-map match-any CM_QOS_Q2 match access-group name ACL_QOS_Q2 class-map match-any CM_QOS_Q3 match access-group name ACL_QOS_Q3 class-map match-any CM_QOS_Q1 match access-group name ACL_QOS_Q1 class-map match-any CM_QOS_Q4 match access-group name ACL_QOS_Q4 class-map match-any CM_QOS_Q5 match access-group name ACL_QOS_Q5 class-map type inspect match-any CM-LAN_TO_WAN_KOM match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all CM-WAN_TO_LAN_KOM match access-group name ACL-WAN_TO_LAN_KOM class-map type inspect match-all CM-WAN_TO_SELF_KOM match access-group name ACL-WAN_TO_SELF_KOM class-map type inspect match-all CM-DMVPN_KOM match access-group name ACL-DMVPN_TRAFFIC_KOM ! policy-map type inspect PM-DMVPN_KOM class type inspect CM-DMVPN_KOM pass class class-default drop policy-map type inspect PM-SELF_TO_WAN_KOM description :: ALL TRAFIC FROM ROUTER ALLOWED TO WAN class class-default pass policy-map type inspect PM-ALLPASS_KOM class class-default pass policy-map PM_QOS_IN class CM_QOS_Q5 set ip dscp cs5 class CM_QOS_Q4 set ip dscp cs4 class CM_QOS_Q3 set ip dscp cs3 class CM_QOS_Q2 set ip dscp cs2 class CM_QOS_Q1 set ip dscp cs1 class class-default set ip dscp default policy-map type inspect PM-WAN_TO_SELF_KOM class type inspect CM-WAN_TO_SELF_KOM pass class class-default drop policy-map type inspect PM-WAN_TO_LAN_KOM class type inspect CM-WAN_TO_LAN_KOM inspect class class-default drop policy-map type inspect PM-LAN_TO_WAN_KOM class type inspect CM-LAN_TO_WAN_KOM inspect class class-default drop ! zone security LAN zone security WAN zone security DMVPN zone security MGMT description Management Network Equipment zone-pair security ZP-DMVPN_TO_SELF_KOM source DMVPN destination self service-policy type inspect PM-DMVPN_KOM zone-pair security ZP-LAN_TO_DMVPN_KOM source LAN destination DMVPN service-policy type inspect PM-ALLPASS_KOM zone-pair security ZP-LAN_to_SELF_KOM source LAN destination self service-policy type inspect PM-ALLPASS_KOM zone-pair security ZP-LAN_to_WAN_KOM source LAN destination WAN service-policy type inspect PM-LAN_TO_WAN_KOM zone-pair security ZP-MGMT_TO_SELF source MGMT destination self service-policy type inspect PM-ALLPASS_KOM zone-pair security ZP-SELF_TO_MGMT source self destination MGMT service-policy type inspect PM-ALLPASS_KOM zone-pair security ZP-SELF_to_DMVPN_KOM source self destination DMVPN service-policy type inspect PM-DMVPN_KOM zone-pair security ZP-SELF_to_LAN_KOM source self destination LAN service-policy type inspect PM-ALLPASS_KOM zone-pair security ZP-SELF_to_WAN_KOM source self destination WAN service-policy type inspect PM-SELF_TO_WAN_KOM zone-pair security ZP-WAN_to_LAN_KOM source WAN destination LAN service-policy type inspect PM-WAN_TO_LAN_KOM zone-pair security ZP-WAN_to_SELF_KOM source WAN destination self service-policy type inspect PM-WAN_TO_SELF_KOM zone-pair security ZP_DMVPN_TO_LAN_KOM source DMVPN destination LAN service-policy type inspect PM-ALLPASS_KOM ! ! ! ! ! crypto isakmp policy 150 encr aes authentication pre-share group 2 ! crypto isakmp policy 160 encr aes 256 authentication pre-share group 14 crypto isakmp key F5BfdOazun4M address 82.142.146.70 crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth crypto isakmp keepalive 30 crypto isakmp nat keepalive 10 ! crypto ipsec security-association replay disable ! crypto ipsec transform-set TS_DMVPN esp-aes esp-sha-hmac mode transport crypto ipsec transform-set TS-BEECLOUD esp-aes 256 esp-sha-hmac mode transport ! crypto ipsec profile BEECLOUD set transform-set TS-BEECLOUD set pfs group14 ! crypto ipsec profile IPSEC_DMVPN description -==SPOKE to SITE DMVPN IPSec GRE Profile ==- set transform-set TS_DMVPN ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback9999 ip address 10.1.255.1 255.255.255.0 ! interface Tunnel103 description BeeCLOUD ip address 10.1.50.13 255.255.255.252 no ip redirects ip mtu 1400 zone-member security DMVPN ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0/2 tunnel mode ipsec ipv4 tunnel destination 82.142.146.70 tunnel protection ipsec profile BEECLOUD ! interface Tunnel1001 description DMVPN_SPOKE2_Cloud1 bandwidth 100000 ip address 172.30.1.4 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication M_K.Cl01 ip nhrp map 172.30.1.1 85.140.32.27 ip nhrp map 172.30.1.2 78.85.13.42 ip nhrp map multicast 85.140.32.27 ip nhrp map multicast 78.85.13.42 ip nhrp network-id 1001 ip nhrp holdtime 300 ip nhrp nhs 172.30.1.1 ip nhrp nhs 172.30.1.2 zone-member security DMVPN ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0/0.3074 tunnel mode gre multipoint tunnel key 1001 tunnel protection ipsec profile IPSEC_DMVPN shared ! interface Tunnel1002 description DMVPN-HUB2-Cloud2 bandwidth 100000 ip address 172.30.2.2 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication M_K.Cl02 ip nhrp network-id 1002 ip nhrp holdtime 300 ip nhrp redirect zone-member security DMVPN ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0/0.3074 tunnel mode gre multipoint tunnel key 1002 tunnel protection ipsec profile IPSEC_DMVPN shared ! interface GigabitEthernet0/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp negotiation auto ! interface GigabitEthernet0/0/0.3074 description [ISP-100M] Rostelecom_DMVPN bandwidth 100000 encapsulation dot1Q 3074 ip address 78.85.13.93 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat outside zone-member security WAN ! interface GigabitEthernet0/0/1 description [CORE] SW-1-2 no ip address negotiation auto service-policy input PM_QOS_IN ! interface GigabitEthernet0/0/1.100 description MGM encapsulation dot1Q 100 ip address 10.1.1.250 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside zone-member security LAN ! interface GigabitEthernet0/0/1.551 description --TRANSIT_HSRP-- encapsulation dot1Q 551 ip flow monitor FLOW_MONITOR_INPUT input ip flow monitor FLOW_MONITOR_OUTPUT output ip address 10.1.239.21 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ! interface GigabitEthernet0/0/1.598 description Transit_Network_to_Core encapsulation dot1Q 598 ip flow monitor FLOW_MONITOR_INPUT input ip flow monitor FLOW_MONITOR_OUTPUT output ip address 172.30.30.42 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip nat inside zone-member security LAN standby version 2 standby 598 ip 172.30.30.43 standby 598 timers 5 15 standby 598 priority 150 standby 598 preempt delay minimum 30 standby 598 authentication BDC_Kom standby 598 name HSRP-TRANSIT-VLAN_598 ip policy route-map GLOBAL_ROUTING ! interface GigabitEthernet0/0/2 description [ISP-1G] BeeLine for BEECLOUD ip address 195.239.120.225 255.255.255.254 ip nat outside zone-member security WAN negotiation auto ! interface GigabitEthernet0/0/3 no ip address shutdown negotiation auto ! interface GigabitEthernet0 vrf forwarding Mgmt-intf ip address 10.1.254.253 255.255.255.0 zone-member security MGMT negotiation auto ! router bgp 64513 bgp router-id 172.30.30.42 bgp log-neighbor-changes bgp graceful-restart timers bgp 10 30 neighbor TO_MTS_PEERS peer-group neighbor TO_MTS_PEERS next-hop-self all neighbor TO_MTS_PEERS soft-reconfiguration inbound neighbor TO_RT_PEERS peer-group neighbor TO_RT_PEERS next-hop-self all neighbor TO_RT_PEERS soft-reconfiguration inbound neighbor TO_RT_PEERS route-map RM_RT_LP in neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA peer-group neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA remote-as 64521 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA next-hop-self all neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TK_SMIRNOVO peer-group neighbor PG_BGP_SPOKE_TK_SMIRNOVO remote-as 64522 neighbor PG_BGP_SPOKE_TK_SMIRNOVO next-hop-self all neighbor PG_BGP_SPOKE_TK_SMIRNOVO soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TK_SMIRNOVO route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KMK peer-group neighbor PG_BGP_SPOKE_KMK remote-as 64516 neighbor PG_BGP_SPOKE_KMK next-hop-self all neighbor PG_BGP_SPOKE_KMK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KMK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_VOTKINSK peer-group neighbor PG_BGP_SPOKE_PF_VOTKINSK remote-as 64527 neighbor PG_BGP_SPOKE_PF_VOTKINSK next-hop-self all neighbor PG_BGP_SPOKE_PF_VOTKINSK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_VOTKINSK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_PERM peer-group neighbor PG_BGP_SPOKE_PF_PERM remote-as 64529 neighbor PG_BGP_SPOKE_PF_PERM next-hop-self all neighbor PG_BGP_SPOKE_PF_PERM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_PERM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_IZHEVSK peer-group neighbor PG_BGP_SPOKE_PF_IZHEVSK remote-as 64526 neighbor PG_BGP_SPOKE_PF_IZHEVSK next-hop-self all neighbor PG_BGP_SPOKE_PF_IZHEVSK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_IZHEVSK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_KAZAN peer-group neighbor PG_BGP_SPOKE_PF_KAZAN remote-as 64528 neighbor PG_BGP_SPOKE_PF_KAZAN next-hop-self all neighbor PG_BGP_SPOKE_PF_KAZAN soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_KAZAN route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_VARAKSINO peer-group neighbor PG_BGP_SPOKE_PF_VARAKSINO remote-as 64525 neighbor PG_BGP_SPOKE_PF_VARAKSINO next-hop-self all neighbor PG_BGP_SPOKE_PF_VARAKSINO soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_VARAKSINO route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_GLAZOV peer-group neighbor PG_BGP_SPOKE_PF_GLAZOV remote-as 64524 neighbor PG_BGP_SPOKE_PF_GLAZOV next-hop-self all neighbor PG_BGP_SPOKE_PF_GLAZOV soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_GLAZOV route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_DC peer-group neighbor PG_BGP_SPOKE_PF_DC remote-as 64523 neighbor PG_BGP_SPOKE_PF_DC next-hop-self all neighbor PG_BGP_SPOKE_PF_DC soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_DC route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_MOSCOW peer-group neighbor PG_BGP_SPOKE_KG_MOSCOW remote-as 64530 neighbor PG_BGP_SPOKE_KG_MOSCOW next-hop-self all neighbor PG_BGP_SPOKE_KG_MOSCOW soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_MOSCOW route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_LOGISTIKA peer-group neighbor PG_BGP_SPOKE_KG_LOGISTIKA remote-as 64531 neighbor PG_BGP_SPOKE_KG_LOGISTIKA next-hop-self all neighbor PG_BGP_SPOKE_KG_LOGISTIKA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_LOGISTIKA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA peer-group neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA remote-as 64533 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA next-hop-self all neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_EKATERINBURG peer-group neighbor PG_BGP_SPOKE_KG_EKATERINBURG remote-as 64534 neighbor PG_BGP_SPOKE_KG_EKATERINBURG next-hop-self all neighbor PG_BGP_SPOKE_KG_EKATERINBURG soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_EKATERINBURG route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_GKZ peer-group neighbor PG_BGP_SPOKE_KG_GKZ remote-as 64535 neighbor PG_BGP_SPOKE_KG_GKZ next-hop-self all neighbor PG_BGP_SPOKE_KG_GKZ soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_GKZ route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_RUSSIAN_NIVA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY peer-group neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY remote-as 64537 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY next-hop-self all neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_MLK_CHELYABINSK peer-group neighbor PG_BGP_SPOKE_MLK_CHELYABINSK remote-as 64532 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK next-hop-self all neighbor PG_BGP_SPOKE_MLK_CHELYABINSK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_MLK_CHELYABINSK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TMA_KIB peer-group neighbor PG_BGP_SPOKE_TMA_KIB remote-as 64548 neighbor PG_BGP_SPOKE_TMA_KIB next-hop-self all neighbor PG_BGP_SPOKE_TMA_KIB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_KIB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TMA_EVL peer-group neighbor PG_BGP_SPOKE_TMA_EVL remote-as 64547 neighbor PG_BGP_SPOKE_TMA_EVL next-hop-self all neighbor PG_BGP_SPOKE_TMA_EVL soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_EVL route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TMA_MSB peer-group neighbor PG_BGP_SPOKE_TMA_MSB remote-as 64549 neighbor PG_BGP_SPOKE_TMA_MSB next-hop-self all neighbor PG_BGP_SPOKE_TMA_MSB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_MSB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TMA_SHM peer-group neighbor PG_BGP_SPOKE_TMA_SHM remote-as 64546 neighbor PG_BGP_SPOKE_TMA_SHM next-hop-self all neighbor PG_BGP_SPOKE_TMA_SHM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_SHM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KOMOS_ENERGY peer-group neighbor PG_BGP_SPOKE_KOMOS_ENERGY remote-as 64550 neighbor PG_BGP_SPOKE_KOMOS_ENERGY next-hop-self all neighbor PG_BGP_SPOKE_KOMOS_ENERGY soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KOMOS_ENERGY route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_BBN peer-group neighbor PG_BGP_SPOKE_VST_BBN remote-as 64541 neighbor PG_BGP_SPOKE_VST_BBN next-hop-self all neighbor PG_BGP_SPOKE_VST_BBN soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_BBN route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_IZM peer-group neighbor PG_BGP_SPOKE_VST_IZM remote-as 64539 neighbor PG_BGP_SPOKE_VST_IZM next-hop-self all neighbor PG_BGP_SPOKE_VST_IZM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_IZM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_SMK peer-group neighbor PG_BGP_SPOKE_VST_SMK remote-as 64543 neighbor PG_BGP_SPOKE_VST_SMK next-hop-self all neighbor PG_BGP_SPOKE_VST_SMK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_SMK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_KIA peer-group neighbor PG_BGP_SPOKE_VST_KIA remote-as 64540 neighbor PG_BGP_SPOKE_VST_KIA next-hop-self all neighbor PG_BGP_SPOKE_VST_KIA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_KIA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_KGB peer-group neighbor PG_BGP_SPOKE_VST_KGB remote-as 64544 neighbor PG_BGP_SPOKE_VST_KGB next-hop-self all neighbor PG_BGP_SPOKE_VST_KGB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_KGB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_KNK peer-group neighbor PG_BGP_SPOKE_VST_KNK remote-as 64545 neighbor PG_BGP_SPOKE_VST_KNK next-hop-self all neighbor PG_BGP_SPOKE_VST_KNK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_KNK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_ITL peer-group neighbor PG_BGP_SPOKE_VST_ITL remote-as 64538 neighbor PG_BGP_SPOKE_VST_ITL next-hop-self all neighbor PG_BGP_SPOKE_VST_ITL soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_ITL route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_SPB peer-group neighbor PG_BGP_SPOKE_KG_SPB remote-as 64552 neighbor PG_BGP_SPOKE_KG_SPB next-hop-self neighbor PG_BGP_SPOKE_KG_SPB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_SPB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_AKS peer-group neighbor PG_BGP_SPOKE_PF_AKS remote-as 64553 neighbor PG_BGP_SPOKE_PF_AKS next-hop-self neighbor PG_BGP_SPOKE_PF_AKS soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_AKS route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_MZH peer-group neighbor PG_BGP_SPOKE_VST_MZH remote-as 64542 neighbor PG_BGP_SPOKE_VST_MZH soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_MZH route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_MK peer-group neighbor PG_BGP_SPOKE_MK remote-as 64520 neighbor PG_BGP_SPOKE_MK next-hop-self all neighbor PG_BGP_SPOKE_MK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_MK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KM peer-group neighbor PG_BGP_SPOKE_KM remote-as 64519 neighbor PG_BGP_SPOKE_KM next-hop-self all neighbor PG_BGP_SPOKE_KM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KM route-map RM_KOMOS_MEDIA_IN in neighbor PG_BGP_SPOKE_KM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_SRM peer-group neighbor PG_BGP_SPOKE_SRM remote-as 64518 neighbor PG_BGP_SPOKE_SRM next-hop-self all neighbor PG_BGP_SPOKE_SRM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_SRM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PHK peer-group neighbor PG_BGP_SPOKE_PHK remote-as 64517 neighbor PG_BGP_SPOKE_PHK next-hop-self all neighbor PG_BGP_SPOKE_PHK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PHK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KZS peer-group neighbor PG_BGP_SPOKE_KZS remote-as 64515 neighbor PG_BGP_SPOKE_KZS next-hop-self all neighbor PG_BGP_SPOKE_KZS soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KZS route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_GMK peer-group neighbor PG_BGP_SPOKE_GMK remote-as 64514 neighbor PG_BGP_SPOKE_GMK next-hop-self all neighbor PG_BGP_SPOKE_GMK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_GMK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_IZM peer-group neighbor PG_BGP_SPOKE_IZM remote-as 64512 neighbor PG_BGP_SPOKE_IZM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_IZM weight 500 neighbor 10.1.50.14 remote-as 64554 neighbor 10.1.50.14 soft-reconfiguration inbound neighbor 10.1.50.14 route-map RM_FROM_BEECLOUD in neighbor 10.1.50.14 route-map RM_SPOKE_OUT out neighbor 172.30.1.1 peer-group PG_BGP_SPOKE_IZM neighbor 172.30.1.2 peer-group PG_BGP_SPOKE_IZM neighbor 172.30.2.5 peer-group PG_BGP_SPOKE_GMK neighbor 172.30.2.6 peer-group PG_BGP_SPOKE_GMK neighbor 172.30.2.7 peer-group PG_BGP_SPOKE_KZS neighbor 172.30.2.8 peer-group PG_BGP_SPOKE_KZS neighbor 172.30.2.9 peer-group PG_BGP_SPOKE_KMK neighbor 172.30.2.10 peer-group PG_BGP_SPOKE_KMK neighbor 172.30.2.11 peer-group PG_BGP_SPOKE_PHK neighbor 172.30.2.12 peer-group PG_BGP_SPOKE_PHK neighbor 172.30.2.13 peer-group PG_BGP_SPOKE_SRM neighbor 172.30.2.14 peer-group PG_BGP_SPOKE_SRM neighbor 172.30.2.15 peer-group PG_BGP_SPOKE_KM neighbor 172.30.2.16 peer-group PG_BGP_SPOKE_KM neighbor 172.30.2.17 peer-group PG_BGP_SPOKE_MK neighbor 172.30.2.19 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA neighbor 172.30.2.19 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.2.20 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA neighbor 172.30.2.21 peer-group PG_BGP_SPOKE_TK_SMIRNOVO neighbor 172.30.2.21 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.2.22 peer-group PG_BGP_SPOKE_TK_SMIRNOVO neighbor 172.30.2.23 peer-group PG_BGP_SPOKE_PF_DC neighbor 172.30.2.24 peer-group PG_BGP_SPOKE_PF_DC neighbor 172.30.2.25 peer-group PG_BGP_SPOKE_PF_GLAZOV neighbor 172.30.2.26 peer-group PG_BGP_SPOKE_PF_GLAZOV neighbor 172.30.2.27 peer-group PG_BGP_SPOKE_PF_VARAKSINO neighbor 172.30.2.28 peer-group PG_BGP_SPOKE_PF_VARAKSINO neighbor 172.30.2.29 peer-group PG_BGP_SPOKE_PF_IZHEVSK neighbor 172.30.2.30 peer-group PG_BGP_SPOKE_PF_IZHEVSK neighbor 172.30.2.31 peer-group PG_BGP_SPOKE_PF_VOTKINSK neighbor 172.30.2.31 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.2.32 peer-group PG_BGP_SPOKE_PF_VOTKINSK neighbor 172.30.2.33 peer-group PG_BGP_SPOKE_PF_KAZAN neighbor 172.30.2.34 peer-group PG_BGP_SPOKE_PF_KAZAN neighbor 172.30.2.35 peer-group PG_BGP_SPOKE_PF_PERM neighbor 172.30.2.36 peer-group PG_BGP_SPOKE_PF_PERM neighbor 172.30.2.37 peer-group PG_BGP_SPOKE_KG_MOSCOW neighbor 172.30.2.37 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.2.38 peer-group PG_BGP_SPOKE_KG_MOSCOW neighbor 172.30.2.39 peer-group PG_BGP_SPOKE_KG_LOGISTIKA neighbor 172.30.2.40 peer-group PG_BGP_SPOKE_KG_LOGISTIKA neighbor 172.30.2.41 peer-group PG_BGP_SPOKE_MLK_CHELYABINSK neighbor 172.30.2.43 peer-group PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA neighbor 172.30.2.44 peer-group PG_BGP_SPOKE_KG_EKATERINBURG neighbor 172.30.2.45 peer-group PG_BGP_SPOKE_KG_GKZ neighbor 172.30.2.46 peer-group PG_BGP_SPOKE_KG_GKZ neighbor 172.30.2.47 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA neighbor 172.30.2.48 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA neighbor 172.30.2.49 peer-group PG_BGP_SPOKE_TZK_KRYLATSKIY neighbor 172.30.2.50 peer-group PG_BGP_SPOKE_VST_IZM neighbor 172.30.2.51 peer-group PG_BGP_SPOKE_VST_IZM neighbor 172.30.2.52 peer-group PG_BGP_SPOKE_VST_ITL neighbor 172.30.2.53 peer-group PG_BGP_SPOKE_VST_ITL neighbor 172.30.2.54 peer-group PG_BGP_SPOKE_VST_KIA neighbor 172.30.2.55 peer-group PG_BGP_SPOKE_VST_KIA neighbor 172.30.2.56 peer-group PG_BGP_SPOKE_VST_BBN neighbor 172.30.2.57 peer-group PG_BGP_SPOKE_VST_BBN neighbor 172.30.2.58 peer-group PG_BGP_SPOKE_VST_MZH neighbor 172.30.2.59 peer-group PG_BGP_SPOKE_VST_MZH neighbor 172.30.2.60 peer-group PG_BGP_SPOKE_VST_SMK neighbor 172.30.2.60 route-map RM_RT_LP in neighbor 172.30.2.61 peer-group PG_BGP_SPOKE_VST_SMK neighbor 172.30.2.62 peer-group PG_BGP_SPOKE_VST_KGB neighbor 172.30.2.62 route-map RM_RT_LP in neighbor 172.30.2.63 peer-group PG_BGP_SPOKE_VST_KGB neighbor 172.30.2.64 peer-group PG_BGP_SPOKE_VST_KNK neighbor 172.30.2.65 peer-group PG_BGP_SPOKE_TMA_SHM neighbor 172.30.2.66 peer-group PG_BGP_SPOKE_TMA_SHM neighbor 172.30.2.67 peer-group PG_BGP_SPOKE_TMA_EVL neighbor 172.30.2.68 peer-group PG_BGP_SPOKE_TMA_KIB neighbor 172.30.2.69 peer-group PG_BGP_SPOKE_TMA_MSB neighbor 172.30.2.70 peer-group PG_BGP_SPOKE_KOMOS_ENERGY neighbor 172.30.2.73 peer-group PG_BGP_SPOKE_KG_SPB neighbor 172.30.2.74 peer-group PG_BGP_SPOKE_PF_AKS neighbor 172.30.2.75 peer-group PG_BGP_SPOKE_PF_AKS neighbor 172.30.2.76 remote-as 64556 neighbor 172.30.2.76 next-hop-self all neighbor 172.30.2.76 soft-reconfiguration inbound neighbor 172.30.2.76 route-map RM_SPOKE_OUT out neighbor 172.30.30.41 remote-as 64513 neighbor 172.30.30.41 description To-ISR4431_1 neighbor 172.30.30.41 next-hop-self all neighbor 172.30.30.41 soft-reconfiguration inbound neighbor 172.30.30.46 remote-as 64513 neighbor 172.30.30.46 description To-Catalyst6506 neighbor 172.30.30.46 next-hop-self all neighbor 172.30.30.46 soft-reconfiguration inbound distance bgp 150 150 150 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip tftp source-interface GigabitEthernet0 ip tftp blocksize 8192 ip nat translation max-entries host 192.168.2.200 1000 ip nat inside source static tcp 10.1.19.121 5001 78.85.13.93 5001 extendable ip nat inside source static tcp 192.168.1.253 7789 78.85.13.93 7789 extendable ip nat inside source route-map RM_NAT_BEELINE interface GigabitEthernet0/0/2 overload ip nat inside source route-map RM_NAT_RT interface GigabitEthernet0/0/0.3074 overload ip route 0.0.0.0 0.0.0.0 78.85.13.1 100 name --RT_DMVPN-- ip route 10.1.30.0 255.255.255.0 78.85.13.1 ip route 82.142.146.68 255.255.255.252 195.239.120.224 name BeeCLOUD ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.1.254.254 ! ! ! ip prefix-list IN_FROM_KOMOS_MEDIA seq 10 permit 10.14.7.0/24 ! ip prefix-list IN_FROM_PS_GLAZOV seq 10 permit 10.2.3.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 20 permit 172.16.3.0/29 ip prefix-list IN_FROM_PS_GLAZOV seq 30 permit 10.5.30.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 40 permit 192.168.31.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 50 permit 192.168.32.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 60 permit 192.168.33.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 70 permit 192.168.34.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 80 permit 192.168.36.0/25 ! ip prefix-list IN_FROM_PS_KAZAN seq 10 permit 10.2.8.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 20 permit 172.16.8.0/29 ip prefix-list IN_FROM_PS_KAZAN seq 30 permit 10.200.1.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 40 permit 192.168.70.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 50 permit 192.168.72.0/22 ip prefix-list IN_FROM_PS_KAZAN seq 60 permit 192.168.76.0/25 ip prefix-list IN_FROM_PS_KAZAN seq 70 permit 192.168.77.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 80 permit 192.168.78.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 90 permit 10.5.62.0/24 ! ip prefix-list IN_FROM_PS_KEZ seq 10 permit 10.2.10.0/24 ip prefix-list IN_FROM_PS_KEZ seq 20 permit 10.5.95.0/29 ip prefix-list IN_FROM_PS_KEZ seq 30 permit 10.5.94.0/24 ip prefix-list IN_FROM_PS_KEZ seq 40 permit 10.200.3.0/24 ip prefix-list IN_FROM_PS_KEZ seq 50 permit 192.168.20.0/24 ip prefix-list IN_FROM_PS_KEZ seq 60 permit 192.168.22.0/24 ip prefix-list IN_FROM_PS_KEZ seq 70 permit 192.168.23.0/24 ip prefix-list IN_FROM_PS_KEZ seq 80 permit 192.168.25.0/24 ip prefix-list IN_FROM_PS_KEZ seq 90 permit 192.168.26.0/25 ! ip prefix-list IN_FROM_PS_PERM seq 10 permit 10.2.5.0/24 ip prefix-list IN_FROM_PS_PERM seq 20 permit 10.10.250.252/30 ip prefix-list IN_FROM_PS_PERM seq 30 permit 172.16.5.0/29 ip prefix-list IN_FROM_PS_PERM seq 40 permit 192.168.48.0/22 ip prefix-list IN_FROM_PS_PERM seq 50 permit 192.168.53.0/24 ip prefix-list IN_FROM_PS_PERM seq 60 permit 10.5.126.0/24 ! ip prefix-list IN_FROM_PS_SARAPUL seq 10 permit 10.2.4.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 20 permit 172.16.4.0/29 ip prefix-list IN_FROM_PS_SARAPUL seq 30 permit 10.5.158.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 40 permit 192.168.10.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 50 permit 192.168.11.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 60 permit 192.168.12.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 70 permit 192.168.13.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 80 permit 192.168.14.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 90 permit 192.168.15.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 100 permit 192.168.16.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 110 permit 192.168.19.0/25 ip prefix-list IN_FROM_PS_SARAPUL seq 120 permit 10.5.157.0/24 ! ip prefix-list OUT_TO_ALL_PS_MILKOM seq 10 permit 192.168.8.0/24 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 20 permit 192.168.9.0/24 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 30 permit 192.168.110.0/24 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 40 permit 10.4.0.0/16 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 50 permit 0.0.0.0/0 le 32 ! ip prefix-list OUT_TO_KOMOS_MEDIA seq 10 permit 10.1.19.0/24 ip prefix-list OUT_TO_KOMOS_MEDIA seq 20 permit 10.1.15.0/24 ip prefix-list OUT_TO_KOMOS_MEDIA seq 30 permit 10.0.0.0/14 ip prefix-list OUT_TO_KOMOS_MEDIA seq 40 permit 192.168.0.0/22 ip prefix-list OUT_TO_KOMOS_MEDIA seq 50 permit 10.4.24.0/21 ip prefix-list OUT_TO_KOMOS_MEDIA seq 60 permit 0.0.0.0/0 le 32 ! ip prefix-list OUT_TO_MEAT_COMPANY seq 10 permit 192.168.0.0/22 ip prefix-list OUT_TO_MEAT_COMPANY seq 20 permit 10.1.19.0/24 ip prefix-list OUT_TO_MEAT_COMPANY seq 30 permit 10.1.15.0/24 ip prefix-list OUT_TO_MEAT_COMPANY seq 40 permit 10.14.7.0/24 ip prefix-list OUT_TO_MEAT_COMPANY seq 50 permit 0.0.0.0/0 le 32 ! ip prefix-list OUT_TO_MILKOM_MAIN seq 10 permit 10.0.0.0/14 ip prefix-list OUT_TO_MILKOM_MAIN seq 20 permit 192.168.0.0/22 ! ip prefix-list PFL_ROUTE_TO_MLK seq 10 permit 10.0.0.0/14 le 24 ip prefix-list PFL_ROUTE_TO_MLK seq 20 permit 10.14.24.0/21 le 24 ip prefix-list PFL_ROUTE_TO_MLK seq 30 permit 172.31.2.0/24 ip prefix-list PFL_ROUTE_TO_MLK seq 40 permit 192.168.0.0/22 ip prefix-list PFL_ROUTE_TO_MLK seq 50 permit 10.14.17.0/24 ip prefix-list PFL_ROUTE_TO_MLK seq 60 permit 10.14.52.0/22 ! ip prefix-list PL_DF_GW seq 5 permit 0.0.0.0/0 ip prefix-list PL_DF_GW seq 10 permit 91.240.179.0/24 le 32 ! ip prefix-list PL_FROM_BEECLOUD seq 5 permit 10.100.0.0/24 le 25 ip prefix-list PL_FROM_BEECLOUD seq 10 permit 10.101.0.0/20 le 24 ! ip prefix-list PL_TO_BEECLOUD seq 5 permit 10.0.0.0/8 le 24 ! ip access-list extended ACL-DMVPN_TRAFFIC_KOM permit ip any any permit tcp any any eq 22 permit icmp any any permit gre any any permit udp any any eq isakmp permit esp any any permit eigrp any any ip access-list extended ACL-WAN_TO_LAN_KOM deny ip any any permit ip any any ip access-list extended ACL-WAN_TO_SELF_KOM permit ip 10.1.30.0 0.0.0.255 any permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP permit esp object-group OBJ_BEECLOUD object-group STATIC_ISP_IP permit udp object-group OBJ_BEECLOUD object-group STATIC_ISP_IP eq isakmp permit icmp any any unreachable permit icmp any any echo-reply permit icmp any any packet-too-big permit icmp any any time-exceeded permit icmp any any traceroute permit icmp any any administratively-prohibited permit icmp any any echo deny ip any any ip access-list extended ACL_NAT_BEECLOUD permit ip host 10.1.19.121 any ip access-list extended ACL_NAT_RT_CLOUD deny ip any 10.1.30.0 0.0.0.255 permit ip 192.168.252.0 0.0.0.255 any permit ip 10.1.17.0 0.0.0.255 any permit ip 192.168.0.0 0.0.3.255 any permit ip host 10.1.19.121 any ip access-list extended ACL_QOS_Q1 remark WEB Internet permit tcp any any eq www 443 8443 permit tcp any eq www 443 8443 any remark Samba permit tcp any any eq 445 permit tcp any eq 445 any ip access-list extended ACL_QOS_Q2 remark 1C permit tcp any any range 1560 1591 permit tcp any any eq 1540 1541 permit tcp any range 1560 1591 any permit tcp any eq 1540 1541 any remark SQL permit udp any any eq 1433 permit tcp any any eq 1433 permit udp any eq 1433 any permit tcp any eq 1433 any remark WEB Local permit tcp any 10.0.0.0 0.255.255.255 eq www 443 8443 permit tcp any 192.168.0.0 0.0.255.255 eq www 443 8443 permit tcp any 172.16.0.0 0.15.255.255 eq www 443 8443 permit tcp 10.0.0.0 0.255.255.255 eq www 443 8443 any permit tcp 192.168.0.0 0.0.255.255 eq www 443 8443 any permit tcp 172.16.0.0 0.15.255.255 eq www 443 8443 any ip access-list extended ACL_QOS_Q3 remark SIP permit udp any any eq 5060 5061 permit udp any eq 5060 5061 any remark RDP permit tcp any any eq 3389 permit tcp any eq 3389 any permit udp any any eq 3389 permit udp any eq 3389 any remark SSH permit tcp any any eq 22 permit tcp any eq 22 any remark Winbox permit tcp any any eq 8291 permit tcp any eq 8291 any ip access-list extended ACL_QOS_Q4 remark TEAMS + Confirence and other + Telegram ip access-list extended ACL_QOS_Q5 remark RTP trafic permit udp any range 10000 20000 host 172.17.100.1 range 10000 20000 permit udp host 172.17.100.1 range 10000 20000 any range 10000 20000 permit udp any range 10000 20000 host 10.4.7.17 range 10000 20000 permit udp host 10.4.7.17 range 10000 20000 any range 10000 20000 remark DNS permit udp any any eq domain permit tcp any any eq domain permit udp any eq domain any permit tcp any eq domain any remark NTP permit udp any any eq ntp remark LDAP permit udp any any eq 389 88 permit tcp any any eq 389 88 permit udp any eq 389 88 any permit tcp any eq 389 88 any ip access-list extended ACL_TO_CLOUD_RT permit ip 10.0.0.0 0.255.255.255 10.1.30.0 0.0.0.255 permit ip 10.1.255.0 0.0.0.255 10.1.30.0 0.0.0.255 permit ip 10.1.0.0 0.0.255.255 10.1.30.0 0.0.0.255 permit ip 10.4.0.0 0.0.255.255 10.1.30.0 0.0.0.255 permit ip 192.168.0.0 0.0.255.255 10.1.30.0 0.0.0.255 ip access-list extended Access_VTY permit icmp any any permit tcp 10.0.0.0 0.255.255.255 eq 22 any permit tcp 192.168.0.0 0.0.255.255 eq 22 any permit tcp 172.0.0.0 0.16.255.255 eq 22 any deny ip any any ip access-list extended LOCAL_TRAFFIC permit ip any 192.168.0.0 0.0.255.255 permit ip any 10.0.0.0 0.255.255.255 permit ip any 172.16.0.0 0.15.255.255 ip sla 7777 icmp-echo 78.85.13.1 source-interface GigabitEthernet0/0/0.3074 request-data-size 1400 threshold 600 timeout 2000 frequency 30 ip sla schedule 7777 life forever start-time now kron occurrence EveryDay at 1:00 recurring policy-list SaveBackup ! kron policy-list SaveBackup cli write memory ! logging origin-id hostname logging source-interface GigabitEthernet0/0/1.100 logging host 10.4.244.4 transport udp port 515 ! ! route-map RM_KEZ_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! route-map RM_RT_LP permit 20 set local-preference 900 ! route-map RM_NAT_BEELINE permit 10 match ip address ACL_NAT_BEECLOUD match interface GigabitEthernet0/0/2 ! route-map GLOBAL_ROUTING permit 5 match ip address LOCAL_TRAFFIC ! route-map GLOBAL_ROUTING permit 10 match ip address ACL_NAT_BEECLOUD set ip next-hop 195.239.120.224 ! route-map GLOBAL_ROUTING permit 20 ! route-map RM_KAZAN_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! route-map RM_GLAZOV_IN permit 20 match ip address prefix-list IN_FROM_PS_GLAZOV ! route-map RM_PERM_IN permit 20 match ip address prefix-list IN_FROM_PS_PERM ! route-map RM_SPOKE_OUT deny 10 match ip address prefix-list PL_DF_GW ! route-map RM_SPOKE_OUT permit 20 ! route-map RM_TO_BEECLOUD permit 10 match ip address prefix-list PL_TO_BEECLOUD set as-path prepend 64513 ! route-map RM_SARAPUL_OUT permit 20 match ip address prefix-list OUT_ALL_PS_MILKOM ! route-map RM_FROM_BEECLOUD permit 10 match ip address prefix-list PL_FROM_BEECLOUD set as-path prepend 64554 ! route-map RM_KOMOS_MEDIA_OUT permit 10 match ip address prefix-list OUT_TO_KOMOS_MEDIA ! route-map RM_BGP_FROM_SPOKE permit 10 set local-preference 900 ! route-map RM_NAT_RT permit 10 match ip address ACL_NAT_RT_CLOUD match interface GigabitEthernet0/0/0.3074 ! route-map RM_TO_MILKON_MAIN_OUT permit 20 match ip address prefix-list PFL_ROUTE_TO_MLK ! route-map RM_KAZAN_IN permit 20 match ip address prefix-list IN_FROM_PS_KAZAN ! route-map RM_KEZ_IN permit 20 match ip address prefix-list IN_FROM_PS_KEZ ! route-map RM_SARAPUL_IN permit 20 match ip address prefix-list IN_FROM_PS_SARAPUL ! route-map RM_MEAT_COMPANY_OUT permit 10 match ip address prefix-list OUT_TO_MEAT_COMPANY ! route-map RM_KOMOS_MEDIA_IN permit 10 match ip address prefix-list IN_FROM_KOMOS_MEDIA ! route-map RM_GLAZOV_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! route-map RM_PERM_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! snmp-server community lmTUEsk6Yvlv RO snmp-server host 10.1.122.227 lmTUEsk6Yvlv ! ! ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E ! ! control-plane ! privilege exec all level 7 show cdp privilege exec all level 7 show running-config privilege exec all level 7 show configuration privilege exec level 7 show alias exec q exit alias exec sib sh ip int brief ! line con 0 login authentication CONSOLE transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 120 0 login authentication NPS length 0 transport input ssh line vty 5 15 exec-timeout 120 0 login authentication NPS transport input ssh ! ntp source GigabitEthernet0/0/1.100 ntp server 10.1.8.1 ntp server 10.1.8.2 ! ! ! ! ! end