pycm1k/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/backup/files/cisco/IZH-MLK-IZM-RT-1-2.txt
Ахметзянов Рустам Рамилевич af70a6a354 first commit
2025-10-31 08:47:26 +04:00

1263 lines
40 KiB
Plaintext
Raw Permalink Blame History

Building configuration...
Current configuration : 40946 bytes
!
! Last configuration change at 13:47:17 SAMT Thu Jul 28 2022 by akhmetzyanovrr_adm
! NVRAM config last updated at 08:25:47 SAMT Wed Jul 20 2022 by akhmetzyanovrr_adm
!
version 15.4
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname IZH-MLK-IZM-RT-1-2
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
logging buffered 65536
enable secret 5 $1$QW0D$QYciH.O0GY9GW37Ao2khP1
!
aaa new-model
!
!
aaa group server radius NPS
server name IZH-RDS002
server name P11-RDS003
ip radius source-interface GigabitEthernet0/2.300
load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authentication ppp default local
aaa authorization exec default group NPS local if-authenticated
!
!
!
!
!
aaa session-id common
clock timezone SAMT 4 0
!
!
crypto pki trustpoint vpnmilkom.komos.ru
subject-name CN=vpnmilkom.komos.ru
revocation-check crl
rsakeypair vpnmilkom.komos.ru
!
crypto pki trustpoint vpnmilkom.komos.ru-rrr1
revocation-check crl
!
!
crypto pki certificate chain vpnmilkom.komos.ru
certificate 6E9CA2B6908068523AFE68A6FCACE30D
308205EE 308204D6 A0030201 0202106E 9CA2B690 8068523A FE68A6FC ACE30D30
0D06092A 864886F7 0D01010B 05003081 96310B30 09060355 04061302 4742311B
30190603 55040813 12477265 61746572 204D616E 63686573 74657231 10300E06
03550407 13075361 6C666F72 64311A30 18060355 040A1311 434F4D4F 444F2043
41204C69 6D697465 64313C30 3A060355 04031333 434F4D4F 444F2052 5341204F
7267616E 697A6174 696F6E20 56616C69 64617469 6F6E2053 65637572 65205365
72766572 20434130 1E170D31 37303531 37303030 3030305A 170D3138 30353234
32333539 35395A30 81EC310B 30090603 55040613 02525531 0F300D06 03550411
13063132 37303135 31193017 06035504 08131055 646D7572 74736B61 79612072
65737031 0F300D06 03550407 13064D6F 73636F77 313C303A 06035504 09133364
2E203220 6B6F7270 2E203120 706F6D65 73686368 656E6965 20584C49 2C20756C
2E204E6F 766F646D 6974726F 76736B61 79613119 30170603 55040A13 104B4F4D
4F532047 524F5550 204C7464 2E310C30 0A060355 040B1303 6A6F6231 24302206
0355040B 131B456E 74657270 72697365 2053534C 2050726F 2057696C 64636172
64311330 11060355 04030C0A 2A2E6B6F 6D6F732E 72753082 0122300D 06092A86
4886F70D 01010105 00038201 0F003082 010A0282 010100D9 45689F48 A528DF71
32D710E2 1F860909 DA3D3386 65024C1E D3359ACF FB105C36 1D11E0DE 2DBABABC
53A174D3 EC848C3A 8F6627F9 C1EECC9B 6E8C4CD2 EF4A279E 1527E842 CCA6DC68
F832B657 00BDD6D1 2BBB0480 BD8C4363 2681DD24 B77AB15A 802D78B5 BB49C63C
43E088DA 509B5F89 5066097D 6443ECCE E47155FC 9CF4C708 901811E5 C1C0338B
68F812CD EB26A516 F391B22F 7E638CC3 543D30F9 E2355FBA 363F6FC2 963209AF
334414CD 2C1F5D5D 4326279A 97FBCE20 42720B91 420FBFC1 ADE31F15 9F66F652
41424C76 BCFBD8D5 CAFD70C7 85EA72FB 6431E7F2 1D006989 2D592DE0 5F05C35E
9265B2BF B6E47AE2 B74BAFBF 8F2FA74D 14E1909B 69E4E902 03010001 A38201DE
308201DA 301F0603 551D2304 18301680 149AF32B DACFAD4F B62FBB2A 48482A12
B71B42C1 24301D06 03551D0E 04160414 8D0C82E5 CC4DB7C4 E90F461A 7B3DB3F9
A035AFC8 300E0603 551D0F01 01FF0404 030205A0 300C0603 551D1301 01FF0402
3000301D 0603551D 25041630 1406082B 06010505 07030106 082B0601 05050703
02305006 03551D20 04493047 303B060C 2B060104 01B23101 02010304 302B3029
06082B06 01050507 0201161D 68747470 733A2F2F 73656375 72652E63 6F6D6F64
6F2E636F 6D2F4350 53300806 0667810C 01020230 5A060355 1D1F0453 3051304F
A04DA04B 86496874 74703A2F 2F63726C 2E636F6D 6F646F63 612E636F 6D2F434F
4D4F444F 5253414F 7267616E 697A6174 696F6E56 616C6964 6174696F 6E536563
75726553 65727665 7243412E 63726C30 818B0608 2B060105 05070101 047F307D
30550608 2B060105 05073002 86496874 74703A2F 2F637274 2E636F6D 6F646F63
612E636F 6D2F434F 4D4F444F 5253414F 7267616E 697A6174 696F6E56 616C6964
6174696F 6E536563 75726553 65727665 7243412E 63727430 2406082B 06010505
07300186 18687474 703A2F2F 6F637370 2E636F6D 6F646F63 612E636F 6D301F06
03551D11 04183016 820A2A2E 6B6F6D6F 732E7275 82086B6F 6D6F732E 7275300D
06092A86 4886F70D 01010B05 00038201 01008E64 FE265CD3 27AE5D1E E53416A3
411B548E 5FE981E6 E90E133A 0BC38A46 A443BBAA C935A17C 776070DD 7002E567
5F85230C 8468428D 33C11A3F C11254BB 96F3EB45 261DA9F3 DF020A46 F12E9764
0A80D33E C75C8CBE 44A88E16 F2CDA3C3 634D1262 8E7A70E5 9FEC1B13 50939791
E4F6725D 909751A7 8BC5EF6A EEB1D98D A03848D8 2E4B6880 332A5DB3 451E51D3
45A84A57 7BC4B5E7 DCA00D55 49090F08 4FE80D42 59D0E492 9CCDC6CA D4D9E629
790E6C4F 45C428DF 11473F74 BD1B70D4 32C12484 9A373113 6BCBFF94 167F7C22
3BF6C196 B6F7CECB E85281FD C8DC0E9C 52F23C97 055E1606 64287CF5 F588DB81
A936F2A2 BD62DBF6 353CE39B 8D75C4B0 EAB0
quit
certificate ca 36825E7FB5A481937EF6D1736BB93CA6
3082060E 308203F6 A0030201 02021036 825E7FB5 A481937E F6D1736B B93CA630
0D06092A 864886F7 0D01010C 05003081 85310B30 09060355 04061302 4742311B
30190603 55040813 12477265 61746572 204D616E 63686573 74657231 10300E06
03550407 13075361 6C666F72 64311A30 18060355 040A1311 434F4D4F 444F2043
41204C69 6D697465 64312B30 29060355 04031322 434F4D4F 444F2052 53412043
65727469 66696361 74696F6E 20417574 686F7269 7479301E 170D3134 30323132
30303030 30305A17 0D323930 32313132 33353935 395A3081 96310B30 09060355
04061302 4742311B 30190603 55040813 12477265 61746572 204D616E 63686573
74657231 10300E06 03550407 13075361 6C666F72 64311A30 18060355 040A1311
434F4D4F 444F2043 41204C69 6D697465 64313C30 3A060355 04031333 434F4D4F
444F2052 5341204F 7267616E 697A6174 696F6E20 56616C69 64617469 6F6E2053
65637572 65205365 72766572 20434130 82012230 0D06092A 864886F7 0D010101
05000382 010F0030 82010A02 82010100 B914D985 F2414457 FF30441E DC3C44A3
17B86E01 F8A35FC2 A9211DCE 59F4ECF3 88A90932 3CB18B63 A43E2736 F38FF938
662E0797 418F4BA6 DDC35F9E 733CE7CA 200D4F7C 3205CFC1 2E48654A 85D01F56
316D8EE5 C632D41B BC9F7D96 FC98D74F F8F45856 F8E345BE 911882E4 8ABEAFCD
52375187 4F1E97C1 E83AAEF9 FF46E465 3F3FC347 832FCCB8 425E2D7E F75A68AE
5D4BC0A6 3521F586 A3C8498B 9863600D C92148C2 92306546 B2863504 42257EAD
A74E4B12 40007A88 685C6F9F A3A47811 21AE3D0B 0EBE4514 23CFEB75 D7F6A0F1
BC456C5E BCA132EC F3587842 280B3A01 76F0C5A0 9EC16970 DE8F4BA6 79DFF276
B6E30F13 7C183BB1 516C6A20 39CE9E69 02030100 01A38201 65308201 61301F06
03551D23 04183016 8014BBAF 7E023DFA A6F13C84 8EADEE38 98ECD932 32D4301D
0603551D 0E041604 149AF32B DACFAD4F B62FBB2A 48482A12 B71B42C1 24300E06
03551D0F 0101FF04 04030201 86301206 03551D13 0101FF04 08300601 01FF0201
00301D06 03551D25 04163014 06082B06 01050507 03010608 2B060105 05070302
301B0603 551D2004 14301230 06060455 1D200030 08060667 810C0102 02304C06
03551D1F 04453043 3041A03F A03D863B 68747470 3A2F2F63 726C2E63 6F6D6F64
6F63612E 636F6D2F 434F4D4F 444F5253 41436572 74696669 63617469 6F6E4175
74686F72 6974792E 63726C30 7106082B 06010505 07010104 65306330 3B06082B
06010505 07300286 2F687474 703A2F2F 6372742E 636F6D6F 646F6361 2E636F6D
2F434F4D 4F444F52 53414164 64547275 73744341 2E637274 30240608 2B060105
05073001 86186874 74703A2F 2F6F6373 702E636F 6D6F646F 63612E63 6F6D300D
06092A86 4886F70D 01010C05 00038202 0100698A 36689A1E 3B650BE0 7CCFA6AB
713BAF61 A43FE464 014910D3 1D8FE2D5 ED67D39E 5B97BD42 1E07F9D0 BB6DF732
955A2229 62F80C9C 59562736 A0221211 FA47F451 C9597B29 4AA54835 7CC59766
E027253B 157A3275 4A91FBA6 6B9EE253 FA0D8C13 FB23B80B 122CAEED DB1D4790
D5D09369 76913815 34D718EA 7EBC6B58 DE2A3990 0344044A 56D868E5 F57C697E
9E7D544B D0D886AB 67661357 5E892A17 AD2DAEBD 400E66ED 8AFF54B4 C101CBA9
E047BA11 618FADAE 23482AC6 2579891C 410495C0 11EA572B D6B497FA B1E91562
EC4A7177 FDF3A19C DAF66B00 29C532E7 FA4EEAB3 2AA71897 1C58A742 365FEC14
CFF87B0E F7DDCC88 159A9A5C C8F120C7 D18672A1 179BAEBA FE6CA832 D1007649
73F73F27 873CB6C9 2DFAAA90 90C90A09 9FC9691F 0719A9BF DEBAF80B 88824416
107F07C0 80225F7F BC30DEBA CD077964 56D8FFF3 4F9C30BB 6E1E514B E6CDBD17
C4C5BFC8 3F8EB11F 8A46B706 436F622D CF519D45 CA8AE913 8BC0C791 BE5BB6FA
374A89FE F09DDA13 26222C06 903E8B13 98A019D6 DDDA4A48 7F3D0F89 9D24724B
0E7B44FF D436B683 7623588B 146CB85D F7616D39 76EDDD12 3D6B8788 9791BEC0
46021E76 1CDDB6AF 5C4FF500 D69C4DA9 E09EA28E FCB11679 5C21D345 819A0C39
6C6D28D7 25D2B711 90D0F6DE 6F5EF4FA A48B6677 722F9B90 402C5212 60F9FFB5
702E899A 79098981 2DEC5C78 6F8187F1 FC55
quit
crypto pki certificate chain vpnmilkom.komos.ru-rrr1
certificate ca 2766EE56EB49F38EABD770A2FC84DE22
30820574 3082045C A0030201 02021027 66EE56EB 49F38EAB D770A2FC 84DE2230
0D06092A 864886F7 0D01010C 0500306F 310B3009 06035504 06130253 45311430
12060355 040A130B 41646454 72757374 20414231 26302406 0355040B 131D4164
64547275 73742045 78746572 6E616C20 54545020 4E657477 6F726B31 22302006
03550403 13194164 64547275 73742045 78746572 6E616C20 43412052 6F6F7430
1E170D30 30303533 30313034 3833385A 170D3230 30353330 31303438 33385A30
8185310B 30090603 55040613 02474231 1B301906 03550408 13124772 65617465
72204D61 6E636865 73746572 3110300E 06035504 07130753 616C666F 7264311A
30180603 55040A13 11434F4D 4F444F20 4341204C 696D6974 6564312B 30290603
55040313 22434F4D 4F444F20 52534120 43657274 69666963 6174696F 6E204175
74686F72 69747930 82022230 0D06092A 864886F7 0D010101 05000382 020F0030
82020A02 82020100 91E85492 D20A56B1 AC0D24DD C5CF4467 74992B37 A37D2370
0071BC53 DFC4FA2A 128F4B7F 1056BD9F 7072B761 7FC94B0F 17A73DE3 B00461EE
FF1197C7 F4863E0A FA3E5CF9 93E6347A D9146BE7 9CB385A0 827A76AF 7190D7EC
FD0DFA9C 6CFADFB0 82F4147E F9BEC4A6 2F4F7F99 7FB5FC67 4372BD0C 00D689EB
6B2CD3ED 8F981C14 AB7EE5E3 6EFCD8A8 E49224DA 436B62B8 55FDEAC1 BC6CB68B
F30E8D9A E49B6C69 99F87848 3045D5AD E10D3C45 60FC3296 5127BC67 C3CA2EB6
6BEA46C7 C720A0B1 1F65DE48 08BAA44E A9F28346 3784EBE8 CC814843 674E722A
9B5CBD4C 1B288A5C 227BB4AB 98D9EEE0 5183C309 464E6D3E 99FA9517 DA7C3357
413C8D51 ED0BB65C AF2C631A DF57C83F BCE95DC4 9BAF4599 E2A35A24 B4BAA956
3DCF6FAA FF4958BE F0A8FFF4 B8ADE937 FBBAB8F4 0B3AF9E8 43421E89 D884CB13
F1D9BBE1 8960B88C 2856AC14 1D9C0AE7 71EBCF0E DD3DA996 A148BD3C F7AFB50D
224CC011 81EC563B F6D3A2E2 5BB7B204 22529580 9369E88E 4C65F191 032D7074
02EA8B67 15296952 02BBD7DF 506A5546 BFA0A328 617F70D0 C3A2AA2C 21AA47CE
289C0645 76BF8218 27B4D5AE B4CB50E6 6BF44C86 7130E9A6 DF1686E0 D8FF40DD
FBD04288 7FA3333A 2E5C1E41 118163CE 18716B2B ECA68AB7 315C3A6A 47E0C379
59D6201A AFF26A98 AA72BC57 4AD24B9D BB10FCB0 4C41E5ED 1D3D5E28 9D9CCCBF
B351DAA7 47E58453 02030100 01A381F4 3081F130 1F060355 1D230418 30168014
ADBD987A 34B426F7 FAC42654 EF03BDE0 24CB541A 301D0603 551D0E04 160414BB
AF7E023D FAA6F13C 848EADEE 3898ECD9 3232D430 0E060355 1D0F0101 FF040403
02018630 0F060355 1D130101 FF040530 030101FF 30110603 551D2004 0A300830
06060455 1D200030 44060355 1D1F043D 303B3039 A037A035 86336874 74703A2F
2F63726C 2E757365 72747275 73742E63 6F6D2F41 64645472 75737445 78746572
6E616C43 41526F6F 742E6372 6C303506 082B0601 05050701 01042930 27302506
082B0601 05050730 01861968 7474703A 2F2F6F63 73702E75 73657274 72757374
2E636F6D 300D0609 2A864886 F70D0101 0C050003 82010100 64BF83F1 5F9A85D0
CDB8A129 570DE85A F7D1E93E F276046E F15270BB 1E3CFF4D 0D746ACC 818225D3
C3A02A5D 4CF5BA8B A16DC454 0975C7E3 270E5D84 79374013 77F5B4AC 1CD03BAB
1712D6EF 34187E2B E979D3AB 57450CAF 28FAD0DB E5509588 BBDF8557 697D92D8
52CA7381 BF1CF3E6 B86E6611 05B31E94 2D7F9195 9259F14C CEA39171 4C7C470C
3B0B19F6 A1B16C86 3E5CAAC4 2E82CBF9 0796BA48 4D90F294 C8A973A2 EB067B23
9DDEA2F3 4D559F7A 61459818 68C75E40 6B23F579 7AEF8CB5 6B8BB76F 46F47BF1
3D4B04D8 9380595A E041241D B28F1560 5847DBEF 6E46FD15 F5D95F9A B3DBD8B8
E440B3CD 9739AE85 BB1D8EBC DC879BD1 A6EFF13B 6F10386F
quit
!
!
!
!
!
!
!
!
!
!
!
!
!
ip flow-cache timeout inactive 60
ip flow-cache timeout active 5
no ip domain lookup
ip domain name milkom-komos.ru
ip host tftp 10.4.0.214
ip name-server 8.8.8.8
ip inspect name Internet tcp router-traffic
ip inspect name Internet udp
ip inspect name Internet icmp router-traffic
ip inspect name Internet http
ip inspect name Internet https
ip cef
login on-failure log
login on-success log
no ipv6 cef
!
!
flow exporter NAT_FLOW
destination 10.4.0.214
transport udp 2055
!
!
flow monitor NAT_FLOW
record netflow-original
!
!
multilink bundle-name authenticated
!
vpdn enable
vpdn session-limit 5000
!
vpdn-group L2TP_SECONDARY
! Default L2TP VPDN group
description Secondary L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
no virtual-template subinterface
cts logging verbose
license udi pid C3900-SPE100/K9 sn FOC18488K8P
license boot module c3900 technology-package securityk9
!
!
archive
log config
logging enable
logging size 900
notify syslog contenttype plaintext
hidekeys
path tftp://tftp/IZH/3925/$H-$T
write-memory
time-period 10080
object-group network GRE_SRC_IP
host 31.173.105.66
host 85.140.32.30
host 78.85.13.52
host 46.146.210.68
host 178.161.175.54
host 83.69.126.54
host 78.138.171.82
host 78.85.13.165
host 185.62.195.150
host 185.6.175.101
host 31.173.105.58
host 85.140.32.28
host 78.85.13.53
host 85.140.32.29
host 31.173.105.62
host 85.140.32.166
host 31.173.105.46
host 78.85.35.164
host 178.47.128.18
host 91.240.179.254
!
object-group network IP_ELAR-TEST
host 213.208.168.3
host 88.80.33.50
91.240.179.0 255.255.255.0
host 94.181.95.136
host 78.85.33.50
host 85.140.32.178
!
object-group network LAINER_TELECOM
host 87.249.224.136
host 87.249.231.218
host 87.249.244.255
host 178.219.174.122
!
object-group network OBJ_BBN_RN_BBN
host 85.140.32.104
host 78.85.13.205
!
object-group network OBJ_BBN_VST_BBN
host 85.140.32.103
host 83.169.220.204
!
object-group network OBJ_IZH_MLK_IZM
host 85.140.32.27
host 78.85.13.42
host 5.227.126.169
host 31.173.105.54
host 217.14.195.253
host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11
91.240.179.0 255.255.255.0
host 5.227.124.143
host 78.85.13.93
host 62.141.96.126
host 84.201.247.190
host 88.80.33.50
host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM
host 5.227.124.82
host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44
host 212.46.204.74
host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48
host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR
host 87.249.239.226
host 88.80.33.42
!
object-group network OBJ_MZH_TK_TKM
host 88.80.32.230
host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG
host 95.215.208.240
host 146.120.104.235
host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21
host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP
host 92.61.17.250
!
object-group network OBJ_MSK_KG_MSK
host 185.62.195.150
host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK
host 31.173.105.62
host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK
host 83.69.126.54
host 94.180.253.210
host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS
host 31.173.105.66
host 78.85.13.52
host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK
host 178.47.128.18
host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM
host 31.173.105.58
host 78.85.13.53
host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK
host 37.113.128.241
host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ
host 78.85.13.94
host 146.120.104.181
!
object-group network OBJ_YAN_GKZ_YEL
host 77.94.97.222
host 213.87.197.29
!
object-group network OBJ_KIA_RN_KIA
host 78.85.14.97
!
object-group network OBJ_KGB_RN_KGB
host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH
host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI
host 78.85.13.167
!
object-group network OBJ_URN_RN_URN
host 78.85.20.49
!
object-group network OBJ_IZH_TZK_TZK
host 78.25.80.134
host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17
host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI
host 78.85.15.85
host 84.201.247.24
host 79.175.36.97
host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB
host 62.168.232.182
host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56
host 83.143.54.246
host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM
host 85.140.32.177
host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF
host 95.215.208.234
host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF
host 85.140.32.141
host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV
host 85.140.32.178
host 94.181.119.90
host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF
host 78.85.13.118
host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF
host 178.47.130.10
host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF
host 178.205.241.114
host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL
host 5.227.124.130
host 78.85.34.99
host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH
host 88.80.33.250
host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA
host 85.140.32.24
host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB
host 78.85.37.88
host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK
host 78.85.19.93
host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK
host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM
host 89.232.91.106
host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB
host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL
host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB
host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61
host 84.201.247.32
host 88.80.33.194
!
object-group network OBJ_KUN_KMK_B2
94.138.150.0 255.255.255.0
host 178.47.138.134
!
object-group network OBJ_KUN_KMK_H80
host 178.161.207.26
host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9
host 178.47.128.98
host 195.69.159.2
!
object-group network OBJ_IZH_HLA_UHK
host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17
host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17
85.140.32.64 255.255.255.252
host 85.140.32.63
host 85.140.32.68
!
object-group network OBJ_IZH_KI_VOR158
host 46.147.130.59
host 5.227.125.126
!
object-group network OBJ_SPB_KG_SPB
host 62.141.114.190
host 94.72.27.43
!
object-group network OBJ_BRANCHES
group-object OBJ_IZH_MLK_IZM
group-object OBJ_IZH_KG_P11
group-object OBJ_IZH_VST_IZM
group-object OBJ_IZH_TK_M44
group-object OBJ_IZH_TK_M48
group-object OBJ_IZH_TK_SMR
group-object OBJ_MZH_TK_TKM
group-object OBJ_GLZ_TK_TKG
group-object OBJ_IZH_TK_M21
group-object OBJ_IZH_HLA_PP
group-object OBJ_MSK_KG_MSK
group-object OBJ_GLZ_MLK_GMK
group-object OBJ_KZN_MLK_KMK
group-object OBJ_KEZ_MLK_KZS
group-object OBJ_PRM_MLK_PHK
group-object OBJ_SAR_MLK_SRM
group-object OBJ_CLB_MLK_CMK
group-object OBJ_GLZ_GKZ_GKZ
group-object OBJ_YAN_GKZ_YEL
group-object OBJ_KIA_RN_KIA
group-object OBJ_BBN_RN_BBN
group-object OBJ_KGB_RN_KGB
group-object OBJ_NCH_RN_NCH
group-object OBJ_PRI_RN_PRI
group-object OBJ_URN_RN_URN
group-object OBJ_IZH_TZK_TZK
group-object OBJ_IZH_MK_VS17
group-object OBJ_IZH_KL_KLI
group-object OBJ_EKB_KG_EKB
group-object OBJ_IZH_KEN_VS56
group-object OBJ_IZH_VRS_IZM
group-object OBJ_GLZ_VRS_UPF
group-object OBJ_IZH_VRS_IPF
group-object OBJ_IZH_VRS_PFV
group-object OBJ_VOT_VRS_VPF
group-object OBJ_PRM_VRS_MPF
group-object OBJ_LAI_VRS_DPF
group-object OBJ_ITL_VST_ITL
group-object OBJ_MZH_VST_MZH
group-object OBJ_KIA_VST_KIA
group-object OBJ_KGB_VST_KBB
group-object OBJ_SAR_VST_SMK
group-object OBJ_KNK_VST_KMK
group-object OBJ_BBN_VST_BBN
group-object OBJ_SHM_TMA_SHM
group-object OBJ_MSB_TMA_MSB
group-object OBJ_EVL_TMA_EVL
group-object OBJ_KIB_TMA_KIB
group-object OBJ_IZH_KM_S61
group-object OBJ_KUN_KMK_B2
group-object OBJ_KUN_KMK_H80
group-object OBJ_KUN_KMK_CH9
group-object OBJ_IZH_HLA_UHK
group-object OBJ_IZH_VD_VS17
group-object OBJ_IZH_KS_H17
group-object OBJ_IZH_KI_VOR158
group-object OBJ_SPB_KG_SPB
!
object-group service SERVICE_L2TP
udp eq isakmp
udp eq non500-isakmp
udp eq 1701
tcp eq 1701
esp
!
object-group service SERVICE_PPTP
tcp eq 1723
gre
!
object-group network SITEC
host 92.55.27.180
host 94.181.95.136
!
object-group network STATIC_ISP_IP
host 31.173.105.54
host 5.227.126.169
!
username netadmin privilege 15 secret 5 $1$WlM1$s.g6AUtDGqpQm2lM1pbQl0
!
redundancy
!
!
!
!
!
track 1 ip sla 1 reachability
delay down 10 up 5
!
track 2 ip sla 2 reachability
delay down 10 up 5
!
track 3 ip sla 3 reachability
delay down 10 up 5
!
track 4 ip sla 4 reachability
delay down 10 up 5
!
track 5 ip sla 5 reachability
delay down 10 up 5
!
track 6 ip sla 6 reachability
delay down 10 up 5
!
track 10 list boolean or
object 1
object 2
object 3
object 4
object 5
object 6
delay down 5 up 30
!
track 11 ip sla 11 reachability
delay down 10 up 5
!
track 12 ip sla 12 reachability
delay down 10 up 5
!
track 13 ip sla 13 reachability
delay down 10 up 5
!
track 14 ip sla 14 reachability
delay down 10 up 5
!
track 15 ip sla 15 reachability
delay down 10 up 5
!
track 16 ip sla 16 reachability
delay down 10 up 5
!
track 20 list boolean or
object 11
object 12
object 13
object 14
object 15
object 16
delay down 5 up 30
!
track 30 list boolean or
object 10
object 20
!
ip ssh authentication-retries 2
ip ssh port 2253 rotary 1
ip ssh version 2
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 500
crypto isakmp key fjhJSHpUcnqbpGfI address 0.0.0.0 no-xauth
crypto isakmp keepalive 20
!
!
crypto ipsec transform-set L2TP_PRIMARY_TR esp-3des esp-sha-hmac
mode transport
crypto ipsec transform-set tr-3des esp-3des
mode tunnel
crypto ipsec transform-set ipsec-transform esp-3des esp-md5-hmac
mode transport require
crypto ipsec transform-set ipsec-transform-aes esp-aes esp-md5-hmac
mode transport require
crypto ipsec df-bit clear
!
!
crypto ipsec profile gre-gre-3des
set transform-set ipsec-transform
!
!
!
!
!
!
interface Loopback30
no ip address
!
interface Tunnel46
description KGB-RN-KGB-RT-1-1
bandwidth 100000
ip address 10.4.50.17 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 5 5
tunnel source GigabitEthernet0/1
tunnel destination 78.85.13.165
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel52
no ip address
!
interface Tunnel53
description --SAR_SKLAD_KY-01-SW1--
bandwidth 100000
ip address 10.70.70.122 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 5 5
tunnel source 31.173.105.54
tunnel destination 85.140.32.166
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel55
description KEZ-Autokolona
bandwidth 100000
ip address 10.70.70.130 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 5 5
tunnel source 31.173.105.54
tunnel destination 31.173.105.46
tunnel protection ipsec profile gre-gre-3des
!
interface Tunnel57
description STR-KY-01-SW1
bandwidth 100000
ip address 10.70.70.146 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 5 5
tunnel source 31.173.105.54
tunnel destination 78.85.35.164
tunnel protection ipsec profile gre-gre-3des
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description [100M] --ISP_MTS--
ip address dhcp
ip access-group FIREWALL in
ip nat outside
ip inspect Internet out
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description [100M] --ISP_MEGAFON--
ip address 31.173.105.54 255.255.255.252
ip access-group FIREWALL in
ip nat outside
ip inspect Internet out
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
description [CORE] SW-1-1
no ip address
media-type sfp
!
interface GigabitEthernet0/2.300
encapsulation dot1Q 300
ip address 10.4.254.252 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.551
description --TRANSIT_HSRP--
encapsulation dot1Q 551
ip address 10.4.239.19 255.255.255.240
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
standby 1 ip 10.4.239.17
standby 1 priority 115
standby 1 preempt
standby 1 track 30 decrement 10
ip policy route-map PBR_GLOBAL
ip ospf cost 120
!
interface GigabitEthernet0/2.597
description --BGP_TRANSIT--
encapsulation dot1Q 597
ip address 172.30.30.61 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
!
interface Virtual-Template1
ip address 10.10.15.254 255.255.255.0
ip mtu 1400
ip ospf network point-to-point
peer default ip address pool DHCP-L2TP-SECONDARY
no keepalive
ppp encrypt mppe auto
ppp authentication ms-chap-v2
!
!
router eigrp 254
network 10.4.239.16 0.0.0.15
network 10.80.80.0 0.0.0.255
redistribute ospf 1 metric 10000 100 255 1 1500
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
!
router ospf 1
router-id 10.70.70.98
redistribute static subnets
redistribute eigrp 254 subnets
network 10.10.15.0 0.0.0.255 area 1
network 10.70.70.0 0.0.0.255 area 1
distribute-list prefix PFL_OSPF_FILTER in
!
router bgp 64512
bgp router-id 172.30.30.61
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
network 10.4.50.16 mask 255.255.255.252
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA prefix-list PFL_FROM_RUSSIAN_NIVA in
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA prefix-list PFL_TO_RUSSIAN_NIVA out
neighbor PG_BGP_MILKOM peer-group
neighbor PG_BGP_MILKOM remote-as 64512
neighbor PG_BGP_MILKOM next-hop-self all
neighbor PG_BGP_MILKOM soft-reconfiguration inbound
neighbor 10.4.50.18 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 10.70.70.129 remote-as 65503
neighbor 10.70.70.129 description --KEZ_AUTOKOLONNA--
neighbor 10.70.70.129 soft-reconfiguration inbound
neighbor 172.30.30.57 peer-group PG_BGP_MILKOM
neighbor 172.30.30.57 description --IZH-MLK-IZM-RT-1-3--
neighbor 172.30.30.58 peer-group PG_BGP_MILKOM
neighbor 172.30.30.58 description --IZH-MLK-IZM-RT-1-4--
neighbor 172.30.30.62 peer-group PG_BGP_MILKOM
neighbor 172.30.30.62 description --IZH-MLK-IZM-SW-1-1--
distance bgp 150 150 150
!
ip local policy route-map PBR_LP
ip local pool DHCP-L2TP-SECONDARY 10.10.15.21 10.10.15.253
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip flow-export source GigabitEthernet0/2.300
ip flow-export version 5
ip flow-export destination 10.4.0.215 9995
ip flow-export destination 10.4.0.217 9995
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 20000
!
ip dns server
ip nat translation timeout 450
ip nat translation tcp-timeout 300
ip nat translation pptp-timeout 1800
ip nat translation udp-timeout 310
ip nat translation dns-timeout 5
ip nat translation routemap-entry-timeout 300
ip nat translation icmp-timeout 10
ip nat translation port-timeout tcp 110 60
ip nat translation port-timeout tcp 25 60
ip nat translation port-timeout tcp 80 300
ip nat translation port-timeout tcp 443 300
ip nat translation port-timeout udp 5060 300
ip nat translation max-entries all-host 400
ip nat translation max-entries host 192.168.8.99 1000
ip nat translation max-entries host 10.4.7.5 400
ip nat translation max-entries host 10.4.7.4 400
ip nat translation max-entries host 10.4.7.6 1024
ip nat translation max-entries host 192.168.8.71 400
ip nat translation max-entries host 192.168.8.72 400
ip nat translation max-entries host 192.168.8.73 400
ip nat translation max-entries host 192.168.8.74 400
ip nat translation max-entries host 192.168.8.75 400
ip nat translation max-entries host 10.4.32.2 400
ip nat translation max-entries host 192.168.8.77 400
ip nat translation max-entries host 192.168.8.163 400
ip nat pool NAT_SIP_ASTERISK 172.17.100.1 172.17.100.1 netmask 255.255.255.0 type rotary
ip nat pool NAT_FTP4 192.168.8.138 192.168.8.138 netmask 255.255.255.0 type rotary
ip nat inside source route-map ISP_MEGAFON interface GigabitEthernet0/1 overload
ip nat inside source route-map ISP_MTS interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.4.7.6 25 5.227.126.169 25 extendable
ip nat inside source static tcp 10.4.7.6 443 5.227.126.169 443 extendable
ip nat inside source static tcp 10.4.0.180 3389 5.227.126.169 3389 extendable
ip nat inside source static tcp 10.4.7.17 22 5.227.126.169 8089 extendable
ip nat inside source static tcp 10.4.7.17 80 5.227.126.169 8090 extendable
ip nat inside source static tcp 10.4.7.17 8081 5.227.126.169 8091 extendable
ip nat inside source static tcp 10.4.7.17 8082 5.227.126.169 8092 extendable
ip nat inside source static tcp 10.4.7.6 25 31.173.105.54 25 extendable
ip nat inside source static tcp 10.4.7.6 443 31.173.105.54 443 extendable
ip nat inside source static tcp 192.168.8.29 1194 31.173.105.54 3394 extendable
ip nat inside source static tcp 192.168.8.177 3389 31.173.105.54 4494 extendable
ip nat inside source static tcp 172.30.35.254 7789 31.173.105.54 7789 extendable
ip nat inside source static tcp 172.17.100.1 8081 31.173.105.54 8081 extendable
ip nat inside source static tcp 172.17.100.1 8082 31.173.105.54 8082 extendable
ip nat inside source static tcp 172.17.100.2 8081 31.173.105.54 8084 extendable
ip nat inside source static tcp 172.17.100.2 8082 31.173.105.54 8085 extendable
ip nat inside source static tcp 172.17.100.5 8081 31.173.105.54 8087 extendable
ip nat inside source static tcp 172.17.100.5 8082 31.173.105.54 8088 extendable
ip nat inside source static tcp 10.4.0.184 80 31.173.105.54 29714 extendable
ip nat inside source static tcp 192.168.8.176 3389 31.173.105.54 56548 extendable
ip nat inside source static tcp 192.168.8.159 3389 31.173.105.54 56549 extendable
ip nat inside source static tcp 192.168.8.138 21 31.173.105.54 58000 extendable
ip nat inside source static tcp 192.168.8.187 3389 31.173.105.54 59136 extendable
ip nat inside source static tcp 10.4.36.21 80 31.173.105.54 61231 extendable
ip nat inside destination list ACL_FTP4 pool NAT_FTP4
ip nat inside destination list ACL_SIP_ASTERISK pool NAT_SIP_ASTERISK
ip route 0.0.0.0 0.0.0.0 31.173.105.53 50 name --MEGAFON--
ip route 0.0.0.0 0.0.0.0 5.227.126.129 60 name --MTS--
ip route 172.30.35.254 255.255.255.255 10.4.239.22 200 name --MIKROTIK_VPN--
ip route 192.168.101.152 255.255.255.248 10.70.70.145 200 name --STROYLANDIYA_SARAPUL--
!
ip access-list standard ACL_ASTERISK_VIA_MTS
permit 10.4.7.16 0.0.0.15
ip access-list standard ACL_MAIL_VIA_KG
deny 10.4.7.7
permit 10.4.7.0 0.0.0.7
ip access-list standard ACL_MAIL_VIA_MTS
deny 10.4.7.7
ip access-list standard ACL_NAT_ELAR-TEST
permit 10.4.160.0 0.0.0.255
ip access-list standard ACL_NAT_MGMT
permit 10.4.254.0 0.0.0.255
ip access-list standard ACL_NAT_PET_PRODACTION
permit 10.4.37.1
ip access-list standard ACL_NAT_SRV
permit 10.4.3.0 0.0.0.255
permit 10.4.6.0 0.0.0.255
ip access-list standard ACL_NAT_VCOD_SRV
permit 10.100.0.0 0.0.0.255
ip access-list standard ACL_NAT_Wi-Fi
permit 10.4.32.0 0.0.0.255
permit 10.4.35.0 0.0.0.255
permit 10.4.255.0 0.0.0.255
permit 10.4.252.0 0.0.0.255
ip access-list standard ACL_SIP_KOMOS
permit 10.4.7.17
ip access-list standard NOBEL_USERS
permit 10.5.208.0 0.0.7.255
!
ip access-list extended ACL_FOR_LP_MEGAFON
permit ip host 31.173.105.54 any
ip access-list extended ACL_FOR_LP_MTS
permit ip host 5.227.126.169 any
permit ip 10.5.208.0 0.0.7.255 any
permit ip host 10.4.8.4 any
ip access-list extended ACL_FTP4
permit tcp any any range 58600 58900
ip access-list extended ACL_NAT_EXCHANGE_TEMP
permit ip 10.4.44.0 0.0.0.255 any
ip access-list extended ACL_NAT_PRODACTION
permit tcp host 10.4.39.1 any eq 443
permit ip host 10.4.38.1 any
permit ip host 10.4.38.2 any
permit ip host 10.4.39.65 any
permit ip 10.4.39.64 0.0.0.63 any
ip access-list extended ACL_SIP_ASTERISK
permit udp any any range 10000 20000
ip access-list extended ACL_VTY
permit ip 10.1.0.0 0.0.255.255 any
permit ip 10.4.0.0 0.0.255.255 any
permit ip 10.14.112.0 0.0.15.255 any
deny ip any any log
ip access-list extended FIREWALL
deny tcp any any eq 22 log
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
permit ip object-group GRE_SRC_IP object-group STATIC_ISP_IP
permit tcp any object-group STATIC_ISP_IP eq smtp pop3 143 443 993 2109 7789 7000 7001 7789
permit tcp any object-group STATIC_ISP_IP eq 15971 38511 43611 50569 50592 50718 50783 51811 51891 55480
permit tcp any object-group STATIC_ISP_IP eq 55481 55482 55483 55484 56548 56549 58000 59136 61751 62006
permit tcp any object-group STATIC_ISP_IP eq 4494
permit tcp any object-group STATIC_ISP_IP eq 3394
permit tcp object-group LAINER_TELECOM object-group STATIC_ISP_IP range 8081 8092
permit tcp any object-group STATIC_ISP_IP range 58600 58900
permit tcp object-group SITEC object-group STATIC_ISP_IP eq 61231
permit udp any object-group STATIC_ISP_IP range 10000 20000
permit object-group SERVICE_L2TP any object-group STATIC_ISP_IP
permit tcp any object-group STATIC_ISP_IP eq 2253
permit icmp any object-group STATIC_ISP_IP
permit udp host 5.227.126.129 eq bootps host 5.227.126.169 eq bootpc
permit udp host 5.227.126.129 eq 0 bootps host 255.255.255.255 eq 0 bootpc
permit tcp any host 5.227.126.169 eq 443
ip access-list extended LOCAL_TRAFFIC
permit ip any 192.168.0.0 0.0.255.255
permit ip any 10.0.0.0 0.255.255.255
permit ip any 172.16.0.0 0.15.255.255
!
!
ip prefix-list PFL_FROM_RUSSIAN_NIVA seq 10 permit 10.5.192.0/19
!
ip prefix-list PFL_OSPF_FILTER seq 10 deny 10.0.0.0/14 le 32
ip prefix-list PFL_OSPF_FILTER seq 20 deny 10.8.0.0/13 le 32
ip prefix-list PFL_OSPF_FILTER seq 30 deny 10.16.0.0/12 le 32
ip prefix-list PFL_OSPF_FILTER seq 100 permit 0.0.0.0/0 le 24
!
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 10 permit 10.4.0.0/16
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 15 permit 10.1.0.0/16
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 20 permit 192.168.8.0/24
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 25 permit 192.168.0.0/22
ip prefix-list PFL_TO_RUSSIAN_NIVA seq 35 permit 10.14.112.0/20
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
threshold 2000
timeout 3000
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.4.4 source-interface GigabitEthernet0/0
threshold 2000
timeout 3000
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 77.88.8.8 source-interface GigabitEthernet0/0
threshold 2000
timeout 3000
frequency 10
ip sla schedule 3 life forever start-time now
ip sla 4
icmp-echo 77.88.8.1 source-interface GigabitEthernet0/0
threshold 2000
timeout 3000
frequency 10
ip sla schedule 4 life forever start-time now
ip sla 5
icmp-echo 77.88.8.88 source-interface GigabitEthernet0/0
threshold 2000
timeout 3000
frequency 10
ip sla schedule 5 life forever start-time now
ip sla 6
icmp-echo 77.88.8.2 source-interface GigabitEthernet0/0
threshold 2000
timeout 3000
frequency 10
ip sla schedule 6 life forever start-time now
ip sla 11
icmp-echo 8.8.8.8 source-ip 31.173.105.54
threshold 2000
timeout 3000
frequency 10
ip sla schedule 11 life forever start-time now
ip sla 12
icmp-echo 8.8.4.4 source-ip 31.173.105.54
threshold 2000
timeout 3000
frequency 10
ip sla schedule 12 life forever start-time now
ip sla 13
icmp-echo 77.88.8.8 source-ip 31.173.105.54
threshold 2000
timeout 3000
frequency 10
ip sla schedule 13 life forever start-time now
ip sla 14
icmp-echo 77.88.8.1 source-ip 31.173.105.54
threshold 2000
timeout 3000
frequency 10
ip sla schedule 14 life forever start-time now
ip sla 15
icmp-echo 77.88.8.88 source-ip 31.173.105.54
threshold 2000
timeout 3000
frequency 10
ip sla schedule 15 life forever start-time now
ip sla 16
icmp-echo 77.88.8.2 source-ip 31.173.105.54
threshold 2000
timeout 3000
frequency 10
ip sla schedule 16 life forever start-time now
logging origin-id hostname
logging facility local2
logging source-interface GigabitEthernet0/2.300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
!
route-map PBR_LP deny 10
match ip address LOCAL_TRAFFIC
!
route-map PBR_LP permit 20
match ip address ACL_FOR_LP_MTS
set ip next-hop verify-availability 5.227.126.129 10 track 10
set ip next-hop 5.227.126.129
!
route-map PBR_LP permit 30
match ip address ACL_FOR_LP_MEGAFON
set ip next-hop 31.173.105.53
!
route-map PBR_GLOBAL deny 10
description --DENY_LOCAL_TRAFFIC--
match ip address LOCAL_TRAFFIC
!
route-map PBR_GLOBAL permit 15
match ip address ACL_FOR_LP_MTS
set ip next-hop verify-availability 5.227.126.129 10 track 10
set ip next-hop 5.227.126.129
!
route-map PBR_GLOBAL permit 20
match ip address ACL_MAIL_VIA_MTS ACL_ASTERISK_VIA_MTS
set ip default next-hop 5.227.126.129
!
route-map ISP_MEGAFON permit 10
match ip address 25 26 27 28 29 32 ACL_NAT_ELAR-TEST 41 42 43 44 45 ACL_NAT_Wi-Fi ACL_NAT_MGMT 46 ACL_NAT_PET_PRODACTION ACL_NAT_PRODACTION 40 NOBEL_USERS ACL_NAT_VCOD_SRV ACL_NAT_EXCHANGE_TEMP ACL_ASTERISK_VIA_MTS ACL_NAT_SRV
match interface GigabitEthernet0/1
!
route-map ISP_MTS permit 10
match ip address ACL_MAIL_VIA_MTS ACL_ASTERISK_VIA_MTS 25 26 27 28 29 32 ACL_NAT_ELAR-TEST 40 41 42 43 44 45 ACL_NAT_Wi-Fi ACL_NAT_MGMT 46 ACL_NAT_PET_PRODACTION ACL_NAT_PRODACTION NOBEL_USERS ACL_NAT_VCOD_SRV ACL_NAT_SRV
match interface GigabitEthernet0/0
!
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server ifindex persist
access-list 25 deny 192.168.8.120
access-list 25 remark -===NET SERVER 8===-
access-list 25 permit 192.168.8.0 0.0.0.255
access-list 25 permit 10.4.41.0 0.0.0.255
access-list 26 remark -===NET SERVER 9===-
access-list 26 permit 192.168.9.0 0.0.0.255
access-list 27 remark -===NET KIP===-
access-list 27 permit 192.168.110.0 0.0.0.255
access-list 28 remark -===NET SERVER 150===-
access-list 28 permit 192.168.150.0 0.0.0.255
access-list 29 remark -===NET_VPN===-
access-list 29 permit 172.30.34.0 0.0.1.255
access-list 32 permit 172.17.100.1
access-list 32 permit 172.17.100.2
access-list 32 permit 172.17.100.5
access-list 40 permit 10.4.8.0 0.0.7.255
access-list 40 permit 10.4.16.0 0.0.7.255
access-list 41 deny 10.4.0.90
access-list 41 deny 10.4.0.241
access-list 41 remark -=ServerNetNew=-
access-list 41 permit 10.4.0.0 0.0.3.255
access-list 41 permit 10.4.0.0 0.0.0.255
access-list 41 permit 10.4.1.0 0.0.0.255
access-list 41 permit 10.4.2.0 0.0.0.255
access-list 41 permit 10.4.3.0 0.0.0.255
access-list 42 remark -=WifiUserNetNew=-
access-list 42 permit 10.4.32.0 0.0.0.255
access-list 44 remark -=ServProcContNet=-
access-list 44 permit 10.4.36.0 0.0.0.255
access-list 45 remark -=ServMailNet=-
access-list 45 permit 10.4.7.0 0.0.0.15
access-list 46 remark -=BackupNet=-
access-list 46 permit 10.4.243.0 0.0.0.255
access-list 80 remark *** ospf redistribute route ***
access-list 80 permit 192.168.48.0 0.0.3.255
access-list 80 permit 192.168.52.0 0.0.0.255
access-list 80 permit 192.168.55.0 0.0.0.127
access-list 80 permit 192.168.56.0 0.0.0.255
!
radius server IZH-RDS002
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
!
control-plane
!
!
no vstack
alias exec sib sh ip int brief
!
line con 0
logging synchronous
login authentication CONSOLE
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class ACL_VTY in vrf-also
exec-timeout 120 0
logging synchronous
rotary 1
transport input ssh
line vty 5 15
access-class ACL_VTY in vrf-also
exec-timeout 120 0
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp server 10.4.0.1
ntp server 10.4.0.2
event manager applet --MTS_UP--
event track 10 state up
action 001 cli command "enable"
action 002 cli command "conf t"
action 003 cli command "interface GigabitEthernet0/0"
action 004 cli command "ip nat outside"
action 005 cli command "end"
action 006 cli command "clear ip nat translation *"
action 007 syslog msg "MTS is UP"
event manager applet --MTS_DOWN--
event track 10 state down
action 001 cli command "enable"
action 002 cli command "conf t"
action 003 cli command "interface GigabitEthernet0/0"
action 004 cli command "no ip nat outside"
action 005 cli command "end"
action 006 cli command "clear ip nat translation *"
action 007 syslog msg "MTS is DOWN"
!
event manager history size events 20
end
Reference in New Issue View Git Blame Copy Permalink