1562 lines
52 KiB
Plaintext
1562 lines
52 KiB
Plaintext
Building configuration...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Current configuration : 53237 bytes
|
|
!
|
|
! Last configuration change at 07:54:40 GLZ Tue May 31 2022 by beltukov
|
|
! NVRAM config last updated at 01:30:01 GLZ Thu Jul 28 2022
|
|
!
|
|
version 15.7
|
|
no service pad
|
|
service tcp-keepalives-in
|
|
service tcp-keepalives-out
|
|
service timestamps debug datetime msec localtime show-timezone year
|
|
service timestamps log datetime msec localtime show-timezone year
|
|
service password-encryption
|
|
service sequence-numbers
|
|
!
|
|
hostname GLZ-VRS-UPF-RT-1-2
|
|
!
|
|
boot-start-marker
|
|
boot system flash:c2900-universalk9-mz.SPA.157-3.M.bin
|
|
boot-end-marker
|
|
!
|
|
!
|
|
security authentication failure rate 3 log
|
|
logging buffered 16386
|
|
logging rate-limit 100 except warnings
|
|
logging console critical
|
|
!
|
|
aaa new-model
|
|
!
|
|
!
|
|
aaa group server radius NPS
|
|
server name IZH-RDS002
|
|
server name P11-RDS003
|
|
ip radius source-interface GigabitEthernet0/2.311
|
|
load-balance method least-outstanding
|
|
!
|
|
aaa authentication login default local group NPS enable
|
|
aaa authentication login LOCAL_AUTH local
|
|
aaa authentication login sslvpn local
|
|
aaa authentication login CONSOLE local group NPS
|
|
aaa authorization exec default local group NPS if-authenticated
|
|
aaa authorization network sslvpn local
|
|
!
|
|
aaa attribute list ANYCONNECT_RDP
|
|
attribute type user-vpn-group "WEBVPN_POLICY_RDP"
|
|
!
|
|
aaa attribute list ANYCONNECT_FULL
|
|
attribute type user-vpn-group "WEBVPN_POLICY_FULL"
|
|
!
|
|
aaa attribute list ANYCONNECT_FULL_SIP
|
|
attribute type user-vpn-group "WEBVPN_POLICY_FULL_SIP"
|
|
!
|
|
aaa attribute list ANYCONNECT_ADMIN
|
|
attribute type user-vpn-group "WEBVPN_POLICY_ADMIN"
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
aaa session-id common
|
|
clock timezone GLZ 4 0
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
no ip source-route
|
|
no ip gratuitous-arps
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
ip flow-cache timeout inactive 60
|
|
ip flow-cache timeout active 5
|
|
no ip bootp server
|
|
ip domain timeout 2
|
|
ip domain name udmpf.local
|
|
ip host tftp 10.4.0.214
|
|
ip name-server 8.8.8.8
|
|
ip name-server 78.85.0.1
|
|
ip name-server 78.85.1.1
|
|
ip inspect tcp reassembly queue length 128
|
|
ip inspect tcp reassembly timeout 10
|
|
ip inspect name INTERNET tcp router-traffic
|
|
ip inspect name INTERNET udp router-traffic
|
|
ip inspect name INTERNET icmp router-traffic
|
|
ip cef
|
|
login block-for 60 attempts 3 within 20
|
|
no ipv6 cef
|
|
!
|
|
multilink bundle-name authenticated
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
cts logging verbose
|
|
!
|
|
crypto pki trustpoint CA_VPNUPF_KOMOS_RU
|
|
enrollment terminal pem
|
|
revocation-check none
|
|
!
|
|
crypto pki trustpoint VPNUPF_KOMOS_RU
|
|
enrollment pkcs12
|
|
revocation-check none
|
|
rsakeypair VPNUPF_KOMOS_RU
|
|
!
|
|
crypto pki trustpoint UDMPF_RU_2022
|
|
enrollment pkcs12
|
|
revocation-check crl
|
|
rsakeypair UDMPF_RU_2022
|
|
!
|
|
crypto pki trustpoint UDMPF_RU_2022-rrr1
|
|
revocation-check crl
|
|
!
|
|
!
|
|
crypto pki certificate chain CA_VPNUPF_KOMOS_RU
|
|
certificate ca 01FD6D30FCA3CA51A81BBC640E35032D
|
|
308205DE 308203C6 A0030201 02021001 FD6D30FC A3CA51A8 1BBC640E 35032D30
|
|
0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113
|
|
30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65
|
|
72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553
|
|
54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253
|
|
41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313030
|
|
32303130 30303030 305A170D 33383031 31383233 35393539 5A308188 310B3009
|
|
06035504 06130255 53311330 11060355 0408130A 4E657720 4A657273 65793114
|
|
30120603 55040713 0B4A6572 73657920 43697479 311E301C 06035504 0A131554
|
|
68652055 53455254 52555354 204E6574 776F726B 312E302C 06035504 03132555
|
|
53455254 72757374 20525341 20436572 74696669 63617469 6F6E2041 7574686F
|
|
72697479 30820222 300D0609 2A864886 F70D0101 01050003 82020F00 3082020A
|
|
02820201 00801265 17360EC3 DB08B3D0 AC570D76 EDCD27D3 4CAD5083 61E2AA20
|
|
4D092D64 09DCCE89 9FCC3DA9 ECF6CFC1 DCF1D3B1 D67B3728 112B47DA 39C6BC3A
|
|
19B45FA6 BD7D9DA3 6342B676 F2A93B2B 91F8E26F D0EC1620 90093EE2 E874C918
|
|
B491D462 64DB7FA3 06F18818 6A90223C BCFE13F0 87147BF6 E41F8ED4 E451C611
|
|
67460851 CB861454 3FBC33FE 7E6C9CFF 169D18BD 518E35A6 A766C872 67DB2166
|
|
B1D49B78 03C0503A E8CCF0DC BC9E4CFE AF059635 1F575AB7 FFCEF93D B72CB6F6
|
|
54DDC8E7 123A4DAE 4C8AB75C 9AB4B720 3DCA7F22 34AE7E3B 68660144 E7014E46
|
|
539B3360 F794BE53 37907343 F332C353 EFDBAAFE 744E69C7 6B8C6093 DEC4C70C
|
|
DFE132AE CC933B51 7895678B EE3D56FE 0CD0690F 1B0FF325 266B336D F76E47FA
|
|
7343E57E 0EA566B1 297C3284 635589C4 0DC19354 301913AC D37D37A7 EB5D3A6C
|
|
355CDB41 D712DAA9 490BDFD8 808A0993 628EB566 CF2588CD 84B8B13F A4390FD9
|
|
029EEB12 4C957CF3 6B05A95E 1683CCB8 67E2E813 9DCC5B82 D34CB3ED 5BFFDEE5
|
|
73AC233B 2D00BF35 55740949 D849581A 7F9236E6 51920EF3 267D1C4D 17BCC9EC
|
|
4326D0BF 415F40A9 4444F499 E757879E 501F5754 A83EFD74 632FB150 6509E658
|
|
422E431A 4CB4F025 4759FA04 1E93D426 464A5081 B2DEBE78 B7FC6715 E1C95784
|
|
1E0F63D6 E962BAD6 5F552EEA 5CC62808 042539B8 0E2BA9F2 4C971C07 3F0D52F5
|
|
EDEF2F82 0F020301 0001A342 3040301D 0603551D 0E041604 145379BF 5AAA2B4A
|
|
CF5480E1 D89BC09D F2B20366 CB300E06 03551D0F 0101FF04 04030201 06300F06
|
|
03551D13 0101FF04 05300301 01FF300D 06092A86 4886F70D 01010C05 00038202
|
|
01005CD4 7C0DCFF7 017D4199 650C73C5 529FCBF8 CF99067F 1BDA4315 9F9E0255
|
|
579614F1 523C2787 9428ED1F 3A0137A2 76FC5350 C0849BC6 6B4EBA8C 214FA28E
|
|
556291F3 6915D8BC 88E3C4AA 0BFDEFA8 E94B552A 06206D55 782919EE 5F305C4B
|
|
241155FF 249A6E5E 2A2BEE0B 4D9F7FF7 01389414 95430709 FB60A9EE 1CAB128C
|
|
A09A5EA7 986A596D 8B3F08FB C8D145AF 18156490 120F7328 2EC5E224 4EFC58EC
|
|
F0F445FE 22B3EB2F 8ED2D945 6105C197 6FA87672 8F8B8C36 AFBF0D05 CE718DE6
|
|
A66F1F6C A67162C5 D8D08372 0CF16711 890C9C13 4C7234DF BCD571DF AA71DDE1
|
|
B96C8C3C 125D65DA BD5712B6 436BFFE5 DE4D6611 51CF99AE EC17B6E8 71918CDE
|
|
49FEDD35 71A21527 941CCF61 E326BB6F A3672521 5DE6DD1D 0B2E681B 3B82AFEC
|
|
836785D4 985174B1 B9998089 FF7F7819 5C794A60 2E9240AE 4C372A2C C9C762C8
|
|
0E5DF736 5BCAE025 2501B4DD 1A079C77 003FD0DC D5EC3DD4 FABB3FCC 85D66F7F
|
|
A92DDFB9 02F7F597 9AB535DA C367B087 4AA9289E 238EFF5C 276BE1B0 4FF307EE
|
|
002ED459 87CB5241 95EAF447 D7EE6441 557C8D59 0295DD62 9DC2B9EE 5A287484
|
|
A59BB790 C70C07DF F5893674 32D628C1 B0B00BE0 9C4CC31C D6FCE369 B5474681
|
|
2FA282AB D3634470 C48DFF2D 33BAAD8F 7BB57088 AE3E19CF 4028D8FC C890BB5D
|
|
9922F552 E658C51F 883143EE 881DD7C6 8E3C436A 1DA718DE 7D3D16F1 62F9CA90 A8FD
|
|
quit
|
|
crypto pki certificate chain VPNUPF_KOMOS_RU
|
|
certificate 0093FAAC8A0C37F508F5D3C800883BFDB6
|
|
308206C2 308205AA A0030201 02021100 93FAAC8A 0C37F508 F5D3C800 883BFDB6
|
|
300D0609 2A864886 F70D0101 0B050030 8195310B 30090603 55040613 02474231
|
|
1B301906 03550408 13124772 65617465 72204D61 6E636865 73746572 3110300E
|
|
06035504 07130753 616C666F 72643118 30160603 55040A13 0F536563 7469676F
|
|
204C696D 69746564 313D303B 06035504 03133453 65637469 676F2052 5341204F
|
|
7267616E 697A6174 696F6E20 56616C69 64617469 6F6E2053 65637572 65205365
|
|
72766572 20434130 1E170D32 30303532 31303030 3030305A 170D3231 30363036
|
|
32333539 35395A30 81BF310B 30090603 55040613 02525531 0F300D06 03550411
|
|
13063132 37303135 31193017 06035504 08131055 646D7572 74736B61 79612052
|
|
65737031 0F300D06 03550407 13064D6F 73636F77 31433041 06035504 09133A64
|
|
2E203220 6B6F7270 2E203120 706F6D2E 20584C49 206B6F6D 2E203120 6574617A
|
|
6820352C 20756C2E 204E6F76 6F646D69 74726F76 736B6179 61311930 17060355
|
|
040A1310 4B4F4D4F 53204752 5550502C 204F4F4F 31133011 06035504 030C0A2A
|
|
2E6B6F6D 6F732E72 75308201 22300D06 092A8648 86F70D01 01010500 0382010F
|
|
00308201 0A028201 0100A9BC A8041307 C2830836 182F1AD2 C9D774D7 E50702F9
|
|
60DC1C7B BBD56BD9 398B8CDB F56C4BD7 F6F0C489 EC427A54 B89402D5 B305D795
|
|
0F52D67A D6F82E80 89650879 4F719B66 21C14B0D 0FABC31E 6FE730EF 71B553C8
|
|
DBE2A5C4 F069BB0D 3C141AC6 3DA12719 31D1DE66 D34DCCCB 490B0FAA D68C5E15
|
|
7A9962FD 09E2B17D 74115809 B1ABDE35 323B7E3E 48816379 338849E9 5F906B3E
|
|
A711DBBC 1C3C76C2 2E5FE73C E67A9249 90347DE7 79623B3D 42D48F61 C745B439
|
|
54B21C99 9FB93878 F298AB84 53CFF3CC A34C039E 89393DF1 80192065 DCDA3811
|
|
291251A8 43C27A6D A5119AB1 9BECCF61 B14BE8B9 5822B8E0 07DF763F E688AB56
|
|
F630725B 040F0C58 86010203 010001A3 8202DF30 8202DB30 1F060355 1D230418
|
|
30168014 17D9D625 2767F931 C24943D9 3036448C 6CA94FEB 301D0603 551D0E04
|
|
1604144D 10DBEA91 956D4FC3 2B72ED20 556CFA1E 38927130 0E060355 1D0F0101
|
|
FF040403 0205A030 0C060355 1D130101 FF040230 00301D06 03551D25 04163014
|
|
06082B06 01050507 03010608 2B060105 05070302 304A0603 551D2004 43304130
|
|
35060C2B 06010401 B2310102 01030430 25302306 082B0601 05050702 01161768
|
|
74747073 3A2F2F73 65637469 676F2E63 6F6D2F43 50533008 06066781 0C010202
|
|
305A0603 551D1F04 53305130 4FA04DA0 4B864968 7474703A 2F2F6372 6C2E7365
|
|
63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761 6E697A61 74696F6E
|
|
56616C69 64617469 6F6E5365 63757265 53657276 65724341 2E63726C 30818A06
|
|
082B0601 05050701 01047E30 7C305506 082B0601 05050730 02864968 7474703A
|
|
2F2F6372 742E7365 63746967 6F2E636F 6D2F5365 63746967 6F525341 4F726761
|
|
6E697A61 74696F6E 56616C69 64617469 6F6E5365 63757265 53657276 65724341
|
|
2E637274 30230608 2B060105 05073001 86176874 74703A2F 2F6F6373 702E7365
|
|
63746967 6F2E636F 6D301F06 03551D11 04183016 820A2A2E 6B6F6D6F 732E7275
|
|
82086B6F 6D6F732E 72753082 0104060A 2B060104 01D67902 04020481 F50481F2
|
|
00F00076 007D3EF2 F88FFF88 556824C2 C0CA9E52 89792BC5 0E78097F 2E6A9768
|
|
997E22F0 D7000001 7236A9F2 D2000004 03004730 45022100 BACB9772 4718DCE5
|
|
AFEED323 E69255EB F80BC770 691BC5CC 6ED46DC0 7B943C7A 02206694 07DA794C
|
|
00D45D62 77AE3C67 551C8579 1809B227 1DB745AD 453697BE 07130076 009420BC
|
|
1E8ED58D 6C88731F 828B222C 0DD1DA4D 5E6C4F94 3D61DB4E 2F584DA2 C2000001
|
|
7236A9F3 87000004 03004730 45022100 F36F3BC4 9BA01275 14F2FF66 148551B5
|
|
C6A70EBE 09A65A0D CCF96BF1 92C2B748 02207971 87B7F2D7 A2E5C871 A2643DCB
|
|
F9D929BA 8FA907CC B13764C8 087C64E5 E33E300D 06092A86 4886F70D 01010B05
|
|
00038201 010091BE 0134215B E5683466 47B8CBD4 95E668A9 E30DE2EA A58F0276
|
|
88F68F0B D5656A80 642FB4C4 633C68E5 FB95144E 185DDB2A 9E796A26 2F0147D8
|
|
6850CEFC A41D8856 A62E9EBF 907523C5 AB9F25C0 E0556618 2416F912 AE30B0F1
|
|
C4621BDB AEF3E06F 55FA13E9 F9549290 3AD8617F BCEE2058 4B04A901 4C1E9A18
|
|
D5FD603C C92178FB 1ABC12E8 84E8F30E 3E08F04F D8544887 460AC53B 78A06E0E
|
|
27EC0426 2AA9E09D A5EF10C1 1EEA1FA4 CE572F16 9081F5CE 94371A35 35B32B0B
|
|
DCB1BCD8 A872E24D A7045002 52764CAD F80FAC74 FBF9EF0F DD9F3397 DAE4CE81
|
|
BB504649 0A2DE226 8E037485 4392319B 7116D45E B8D40724 FC487229 4651A35D
|
|
0483B01E E61E
|
|
quit
|
|
certificate ca 137D539CAA7C31A9A433701968847A8D
|
|
30820619 30820401 A0030201 02021013 7D539CAA 7C31A9A4 33701968 847A8D30
|
|
0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113
|
|
30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65
|
|
72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553
|
|
54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253
|
|
41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313831
|
|
31303230 30303030 305A170D 33303132 33313233 35393539 5A308195 310B3009
|
|
06035504 06130247 42311B30 19060355 04081312 47726561 74657220 4D616E63
|
|
68657374 65723110 300E0603 55040713 0753616C 666F7264 31183016 06035504
|
|
0A130F53 65637469 676F204C 696D6974 6564313D 303B0603 55040313 34536563
|
|
7469676F 20525341 204F7267 616E697A 6174696F 6E205661 6C696461 74696F6E
|
|
20536563 75726520 53657276 65722043 41308201 22300D06 092A8648 86F70D01
|
|
01010500 0382010F 00308201 0A028201 01009C93 0246454A 524892FC 578DF92D
|
|
EA53BEB3 2CD5D8A8 A5EC5B69 03C01D10 F65933DE FE0748A8 E88C7A67 4AF1F58D
|
|
C33766D0 3291F7C4 9D0460C4 B54AE283 8BA7AE26 D45D3A5E F8D11671 BB8ABD71
|
|
A27DC8CE A26024B0 52A03A45 51DE7893 6C6260F1 E4569CB7 3BF73C55 D8DFD57A
|
|
317C357F 125170E1 2CBE04AC CBFA4FE1 7C656AC0 40A7D97C A5638419 E1F7CAEF
|
|
AAB4E858 5AD999E3 26DF8E12 B2B8DC33 B236DA14 1D965842 406E0B22 851C5122
|
|
AEC4C806 456D92E6 67B71923 E4D8366B 85D07FC7 52E3CFB0 7501E089 B4A8BF8A
|
|
364EA3E0 6CEB8441 CEA52F48 22139750 62451E09 A5CC9F6C 57704006 DB20E81B
|
|
D6F3938B A7329EB7 441509D7 AFFD7C01 1CDB0203 010001A3 82016E30 82016A30
|
|
1F060355 1D230418 30168014 5379BF5A AA2B4ACF 5480E1D8 9BC09DF2 B20366CB
|
|
301D0603 551D0E04 16041417 D9D62527 67F931C2 4943D930 36448C6C A94FEB30
|
|
0E060355 1D0F0101 FF040403 02018630 12060355 1D130101 FF040830 060101FF
|
|
02010030 1D060355 1D250416 30140608 2B060105 05070301 06082B06 01050507
|
|
0302301B 0603551D 20041430 12300606 04551D20 00300806 0667810C 01020230
|
|
50060355 1D1F0449 30473045 A043A041 863F6874 74703A2F 2F63726C 2E757365
|
|
72747275 73742E63 6F6D2F55 53455254 72757374 52534143 65727469 66696361
|
|
74696F6E 41757468 6F726974 792E6372 6C307606 082B0601 05050701 01046A30
|
|
68303F06 082B0601 05050730 02863368 7474703A 2F2F6372 742E7573 65727472
|
|
7573742E 636F6D2F 55534552 54727573 74525341 41646454 72757374 43412E63
|
|
72743025 06082B06 01050507 30018619 68747470 3A2F2F6F 6373702E 75736572
|
|
74727573 742E636F 6D300D06 092A8648 86F70D01 010C0500 03820201 004E1340
|
|
96C9C3E6 6E5BC0E3 BAF417E1 AE091FC9 BFCB0C25 16F27353 B3761AB7 AB4806D6
|
|
CD007C20 4543456C 165A1B13 61D749BA A402A4AC E8CECE2D C92A74A3 DCDEAEAB
|
|
D06836F8 91AF3C01 F777D50B CF97ABEB 87E715A8 FA305A61 7120B1C0 43C4B98F
|
|
6D8A31EB 153624FB 62D50B9C 8FE966BD E6615197 93B61D87 BDB0B56C FEA61129
|
|
06613431 303D2027 7351D0DE 8583D377 39204696 DAA7C65A 162785B2 CF4E0F4E
|
|
8C5CBEBE 3800F84B F9727BD4 F27AD7A2 2985D004 BAD3422C 5188522E D13D2467
|
|
47EC55CC 1BF4CA34 EA26C1DE DDC42189 F6BA7B32 1E8E965E 844538CF 80AA3769
|
|
8B601774 1548919C 6DF04EA3 77CA1B1C 48FAF9CF 49E85F4F 850AE28F 901BAB70
|
|
4C9AEBB7 A63FB4AC 5DA45FCF E6D88A96 90F74F26 8160765D 0F247791 B32A319F
|
|
165AB25D 8C1C29AA 489C8E6F D3784070 DB77ECDD E3D15705 702DE649 98880584
|
|
62057056 7686394E D3226F1D FE6DF10E B362C43C CBC085B9 611EBAE1 15805994
|
|
0CAE05BB 8C7F56BE 1CD25ABF 97F26A4C B0C67076 B0908DC1 0B36B911 D8D6285C
|
|
EA4FFE24 B7180A9B 0CD0C17C 5CFB69BD CCA24DC6 90BCA64D F2B1BAD6 9A675B96
|
|
0252D082 F9C40A5C 0D28E03F C8FA9595 89D5A4BE 496C40B2 3EA86BB8 D525B2C4
|
|
FEF1D3D7 E7D6DC43 017630FB 3B8B5DF7 4A897C9A 35BEFCCA F05701F0 8D3FA087
|
|
327B475A 974B82D2 66C2C42D EA3F24F4 A7F9A8B9 E36AD918 61A03B8C 15
|
|
quit
|
|
crypto pki certificate chain UDMPF_RU_2022
|
|
certificate 36AEAC3B6D1121B8DFB09479
|
|
30820698 30820580 A0030201 02020C36 AEAC3B6D 1121B8DF B0947930 0D06092A
|
|
864886F7 0D01010B 05003050 310B3009 06035504 06130242 45311930 17060355
|
|
040A1310 476C6F62 616C5369 676E206E 762D7361 31263024 06035504 03131D47
|
|
6C6F6261 6C536967 6E205253 41204F56 2053534C 20434120 32303138 301E170D
|
|
32313035 31373132 33323538 5A170D32 32303631 38313233 3235385A 3074310B
|
|
30090603 55040613 02525531 18301606 03550408 130F5564 6D757274 20526570
|
|
75626C69 63310F30 0D060355 04071306 476C617A 6F763125 30230603 55040A13
|
|
1C4C4C43 2055646D 75727473 6B617961 20707469 63656661 6272696B 61311330
|
|
11060355 04030C0A 2A2E7564 6D70662E 72753082 0122300D 06092A86 4886F70D
|
|
01010105 00038201 0F003082 010A0282 010100AE B0F4E7BA AF4D8330 0A40CDC7
|
|
BAF06FC3 485BD3E9 479B929F AA49719C 6F98BCC4 FECD3B84 A5D377B6 0127AC97
|
|
DC734276 01FDDDCF 22347B65 BC7208B3 ADDFDD53 FF56D0A4 A6F2CC6D 9FD9F6AE
|
|
A098182B 9C398183 395A1B0F 94B25598 0013C727 4CA91B66 A4556814 CDB7C637
|
|
6F1B0A51 89F6397E B1DA82AB F6CC57CA 7019DB97 D1854E03 8FC1D51B 4687A9AE
|
|
854C717A 5637E0F3 5AD48B96 76E38F5E 4C065A02 64F1ED56 15D30EF0 EFBDE3BD
|
|
E6C675C9 BC1C9117 831E8A54 E73AE92B CC9318D3 966AA945 4C0ED6E8 6E99C323
|
|
59F0593A 4092A45A 5C1EAD99 116E41BB B01238FA 7924B3FE DAD8B605 F9CCB159
|
|
64F9AB6A 9EAEE21D 303FDBE6 B569725D 5C8C3102 03010001 A382034C 30820348
|
|
300E0603 551D0F01 01FF0404 030205A0 30818E06 082B0601 05050701 01048181
|
|
307F3044 06082B06 01050507 30028638 68747470 3A2F2F73 65637572 652E676C
|
|
6F62616C 7369676E 2E636F6D 2F636163 6572742F 67737273 616F7673 736C6361
|
|
32303138 2E637274 30370608 2B060105 05073001 862B6874 74703A2F 2F6F6373
|
|
702E676C 6F62616C 7369676E 2E636F6D 2F677372 73616F76 73736C63 61323031
|
|
38305606 03551D20 044F304D 30410609 2B060104 01A03201 14303430 3206082B
|
|
06010505 07020116 26687474 70733A2F 2F777777 2E676C6F 62616C73 69676E2E
|
|
636F6D2F 7265706F 7369746F 72792F30 08060667 810C0102 02300906 03551D13
|
|
04023000 303F0603 551D1F04 38303630 34A032A0 30862E68 7474703A 2F2F6372
|
|
6C2E676C 6F62616C 7369676E 2E636F6D 2F677372 73616F76 73736C63 61323031
|
|
382E6372 6C301F06 03551D11 04183016 820A2A2E 75646D70 662E7275 82087564
|
|
6D70662E 7275301D 0603551D 25041630 1406082B 06010505 07030106 082B0601
|
|
05050703 02301F06 03551D23 04183016 8014F8EF 7FF2CD78 67A8DE6F 8F248D88
|
|
F1870302 B3EB301D 0603551D 0E041604 14316968 3538F249 EE165269 989B77D3
|
|
C7FC1A26 81308201 7F060A2B 06010401 D6790204 02048201 6F048201 6B016900
|
|
76006F53 76AC31F0 3119D899 00A45115 FF77151C 11D902C1 0029068D B2089A37
|
|
D9130000 01797A50 B86A0000 04030047 30450220 551CC3D2 72DB8D36 C83DBA5F
|
|
2131E9D9 77C3F934 3C7E50AD 9CDC27FF 1CF78430 022100E1 45D7E0BB 8F9EF94A
|
|
B56F91A3 344D5926 A28C533B DF021AD1 E4F7D0B1 BF0A0D00 76002979 BEF09E39
|
|
3921F056 739F63A5 77E5BE57 7D9C600A F8F94D5D 265C255D C7840000 01797A50
|
|
B9C00000 04030047 30450221 009CC6C1 7DEAD0B9 36257B96 A003BBE4 E8C85979
|
|
D0D40DFC D4DDEB2E E6E809EC E0022023 AD108258 C6C13EB1 1DA568D0 EDB3C362
|
|
7F1B919B D6642EBF 365C1B70 B85FBB00 770051A3 B0F5FD01 799C566D B837788F
|
|
0CA47ACC 1B27CBF7 9E88429A 0DFED48B 05E50000 01797A50 B96F0000 04030048
|
|
30460221 009C2F0F 974D90DE B37D4C9E 61740775 FD00F549 98208ABA 1C0C0AB2
|
|
5DC75FE2 2C022100 ACAC9356 7D692121 7833488C B0BC9453 538ED9BA 08D056E3
|
|
90F406F7 69AF2FE5 300D0609 2A864886 F70D0101 0B050003 82010100 661ADC6B
|
|
6C11AAAC 30BAFA40 F0CD31A9 27A0A456 FBAE139F FD085FF5 E7834057 B0137DF2
|
|
7C388102 7121EFE6 E8B278D8 0908D154 BD5BB1CB 8B5DE43A 9651B030 EC344FE5
|
|
D48E58A8 422C2873 C075466C 20A30CA7 A3B877AE 0E08B611 4478731A 3083B573
|
|
62A8E2CC E1328E6C C17741CC 15B8A0D5 125CE940 A2F9A417 992C8F7D 786B2B0C
|
|
106E6471 6D679173 B4C51C6D 99A3626E 4AE7BBB1 6471C0BB 24FEC309 FA46B414
|
|
0C09F8BB 0211E36E A0A461FE 5E8859CF F4588930 BCAEA1F3 E8AA2A66 F954DC88
|
|
0C19570D D685BD4E D5634B51 5BE3EB90 54A195B5 18D07FD9 C309A182 36588DA1
|
|
35F3E07C 2F40CBD3 68EBE169 C975C333 3EF453B7 D94A8DD9 7D807312
|
|
quit
|
|
certificate ca 01EE5F221DFC623BD4333A8557
|
|
3082044E 30820336 A0030201 02020D01 EE5F221D FC623BD4 333A8557 300D0609
|
|
2A864886 F70D0101 0B050030 4C312030 1E060355 040B1317 476C6F62 616C5369
|
|
676E2052 6F6F7420 4341202D 20523331 13301106 0355040A 130A476C 6F62616C
|
|
5369676E 31133011 06035504 03130A47 6C6F6261 6C536967 6E301E17 0D313831
|
|
31323130 30303030 305A170D 32383131 32313030 30303030 5A305031 0B300906
|
|
03550406 13024245 31193017 06035504 0A131047 6C6F6261 6C536967 6E206E76
|
|
2D736131 26302406 03550403 131D476C 6F62616C 5369676E 20525341 204F5620
|
|
53534C20 43412032 30313830 82012230 0D06092A 864886F7 0D010101 05000382
|
|
010F0030 82010A02 82010100 A75AC9D5 0C182100 23D5970F EBAEDD5C 686B6B8F
|
|
5060137A 81CB97EE 8E8A6194 4B2679F6 04A72AFB A4DA56BB EEA0A4F0 7B8A7F55
|
|
1F479361 0D6E7151 3A252408 2F8CE1F7 89D692CF AFB3A73F 30EDB5DF 21AEFEF5
|
|
4417FDD8 63D92FD3 815A6B5F D347B0AC F2AB3B24 794F1FC7 2EEAB915 3A7C184C
|
|
69B3B520 59095E29 C363E62E 465BAA94 90490EB9 F0F54AA1 092F7C34 4DD0BC00
|
|
C5065579 06CEA2D0 10F14843 E8B95AB5 9555BD31 D21B3D86 BEA1EC0D 12DB2C99
|
|
24AD47C2 6F03E67A 70B570CC CD272CA5 8C8EC218 3C92C92E 736F0610 569340AA
|
|
A3C552FB E5C505D6 69685C06 B9EE5189 E18A0E41 4D9B9290 0A89E916 6BEFEF75
|
|
BE7A46B8 E3478A1D 1C2EA74F 02030100 01A38201 29308201 25300E06 03551D0F
|
|
0101FF04 04030201 86301206 03551D13 0101FF04 08300601 01FF0201 00301D06
|
|
03551D0E 04160414 F8EF7FF2 CD7867A8 DE6F8F24 8D88F187 0302B3EB 301F0603
|
|
551D2304 18301680 148FF04B 7FA82E45 24AE4D50 FA639A8B DEE2DD1B BC303E06
|
|
082B0601 05050701 01043230 30302E06 082B0601 05050730 01862268 7474703A
|
|
2F2F6F63 7370322E 676C6F62 616C7369 676E2E63 6F6D2F72 6F6F7472 33303606
|
|
03551D1F 042F302D 302BA029 A0278625 68747470 3A2F2F63 726C2E67 6C6F6261
|
|
6C736967 6E2E636F 6D2F726F 6F742D72 332E6372 6C304706 03551D20 0440303E
|
|
303C0604 551D2000 30343032 06082B06 01050507 02011626 68747470 733A2F2F
|
|
7777772E 676C6F62 616C7369 676E2E63 6F6D2F72 65706F73 69746F72 792F300D
|
|
06092A86 4886F70D 01010B05 00038201 01009990 C82D5F42 8AD40B66 DB980373
|
|
11D48886 5228538A FBADDFFD 738E3A67 04DBC353 14701409 7CC3E0F8 D71C981A
|
|
A2C43EDB E900E3CA 70B2F122 302156DB D3AD795E 81580B6D 148035F5 6F5D1DEB
|
|
9A4705FF 598D00B1 40DA9098 961ABA6C 6D7F8CF5 B380DF8C 64733696 79796974
|
|
EABFF89E 018FA095 698DE984 BAE9E5D4 8838DB78 3B98D036 7B29B0D2 521890DE
|
|
524300AE 6A27C814 9E8695AC E1803130 7E9A25BB 8BAC0423 A69900E8 F1D226EC
|
|
0F7E3B8A 2B923813 1D8F86CD 865247E6 347C5BA4 023E8A61 7C227653 5A945333
|
|
86B892A8 72AFA1F9 52871F31 A5FCB081 572FCDF4 CEDCF624 CFA7E234 90689DFE
|
|
AAF1A99A 12CC9BC0 C6C3A8A5 B0217EDE 48F6
|
|
quit
|
|
crypto pki certificate chain UDMPF_RU_2022-rrr1
|
|
certificate ca 04000000000121585308A2
|
|
3082035F 30820247 A0030201 02020B04 00000000 01215853 08A2300D 06092A86
|
|
4886F70D 01010B05 00304C31 20301E06 0355040B 1317476C 6F62616C 5369676E
|
|
20526F6F 74204341 202D2052 33311330 11060355 040A130A 476C6F62 616C5369
|
|
676E3113 30110603 55040313 0A476C6F 62616C53 69676E30 1E170D30 39303331
|
|
38313030 3030305A 170D3239 30333138 31303030 30305A30 4C312030 1E060355
|
|
040B1317 476C6F62 616C5369 676E2052 6F6F7420 4341202D 20523331 13301106
|
|
0355040A 130A476C 6F62616C 5369676E 31133011 06035504 03130A47 6C6F6261
|
|
6C536967 6E308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
|
|
0A028201 0100CC25 76907906 782216F5 C083B684 CA289EFD 057611C5 AD8872FC
|
|
460243C7 B28A9D04 5F24CB2E 4BE16082 46E152AB 0C814770 6CDD64D1 EBF52CA3
|
|
0F823D0C 2BAE97D7 B6148610 79BB3B13 80778C08 E149D26A 622F1F5E FA9668DF
|
|
89279538 9F06D73E C9CB2659 0D73DEB0 C8E9260E 8315C6EF 5B8BD204 60CA49A6
|
|
28F6693B F6CBC828 91E59D8A 615737AC 7414DC74 E03AEE72 2F2E9CFB D0BBBFF5
|
|
3D00E106 33E8822B AE53A63A 16738CDD 410E203A C0B4A7A1 E9B24F90 2E3260E9
|
|
57CBB904 926868E5 38266075 B29F77FF 9114EFAE 2049FCAD 401548D1 02316119
|
|
5EB897EF AD77B764 9A7ABF5F C113EF9B 62FB0D6C E0546916 A903DA6E E9839371
|
|
76C66985 82170203 010001A3 42304030 0E060355 1D0F0101 FF040403 02010630
|
|
0F060355 1D130101 FF040530 030101FF 301D0603 551D0E04 1604148F F04B7FA8
|
|
2E4524AE 4D50FA63 9A8BDEE2 DD1BBC30 0D06092A 864886F7 0D01010B 05000382
|
|
0101004B 40DBC050 AAFEC80C EFF79654 4549BB96 000941AC B3138686 280733CA
|
|
6BE674B9 BA002DAE A40AD3F5 F1F10F8A BF73674A 83C7447B 78E0AF6E 6C6F0329
|
|
8E333945 C38EE4B9 576CAAFC 1296EC53 C62DE424 6CB99463 FBDC5368 67563E83
|
|
B8CF3521 C3C968FE CEDAC253 AACC908A E9F05D46 8C95DD7A 58281A2F 1DDECD00
|
|
37418FED 446DD753 28977EF3 67041E15 D78A96B4 D3DE4C27 A44C1B73 7376F417
|
|
99C21F7A 0EE32D08 AD0A1C2C FF3CAB55 0E0F917E 36EBC357 49BEE12E 2D7C608B
|
|
C3415113 239DCEF7 326B9401 A899E72C 331F3A3B 25D28640 CE3B2C86 78C9612F
|
|
14BAEEDB 556FDF84 EE05094D BD28D872 CED36250 651EEB92 978331D9 B3B5CA47 583F5F
|
|
quit
|
|
voice-card 0
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
license udi pid C2911R-CME-SRST/K9 sn JTV2029TJ9Y
|
|
license accept end user agreement
|
|
license boot module c2900 technology-package securityk9
|
|
!
|
|
!
|
|
archive
|
|
log config
|
|
logging enable
|
|
logging size 200
|
|
notify syslog contenttype plaintext
|
|
hidekeys
|
|
path tftp://tftp/GLZ/VRS/UPF-RT/$H.$T.conf
|
|
write-memory
|
|
time-period 10080
|
|
object-group service KERIO_VPN
|
|
tcp eq 4090
|
|
udp eq 4090
|
|
!
|
|
object-group network KONTUR
|
|
host 46.17.201.72
|
|
host 46.17.201.76
|
|
host 46.17.201.78
|
|
host 46.17.201.71
|
|
host 46.17.201.73
|
|
host 91.191.245.11
|
|
host 46.48.66.80
|
|
46.17.201.0 255.255.255.0
|
|
!
|
|
object-group network NET_AUDIT_PRICE
|
|
host 217.30.254.106
|
|
!
|
|
object-group network NET_AUDIT_RSM
|
|
host 92.55.47.17
|
|
!
|
|
object-group network NET_CITEK
|
|
host 92.55.27.180
|
|
!
|
|
object-group network NET_MLK
|
|
description :: MILKOM_DATACENTER
|
|
host 85.140.32.177
|
|
host 78.85.14.98
|
|
!
|
|
object-group network NET_IZH_MLK
|
|
description --IZHMOLOKO--
|
|
host 78.85.13.42
|
|
host 85.140.32.27
|
|
host 31.173.105.54
|
|
host 217.14.195.253
|
|
host 84.201.247.157
|
|
!
|
|
object-group network NET_PS_PF
|
|
host 5.227.121.127
|
|
host 46.232.164.108
|
|
host 78.85.13.117
|
|
host 78.85.13.118
|
|
host 78.85.13.119
|
|
host 78.85.14.98
|
|
host 78.85.33.50
|
|
host 85.140.32.141
|
|
host 85.140.32.177
|
|
host 85.140.32.178
|
|
host 88.80.33.14
|
|
host 95.215.208.234
|
|
host 178.47.130.10
|
|
host 178.205.241.114
|
|
!
|
|
object-group network NET_KOMOSGROUP
|
|
91.240.179.0 255.255.255.0
|
|
host 5.227.124.143
|
|
host 62.141.96.126
|
|
host 84.201.247.190
|
|
host 88.80.33.10
|
|
host 88.80.33.50
|
|
host 94.25.46.122
|
|
!
|
|
object-group network NET_DMVPN_NBRS
|
|
group-object NET_MLK
|
|
group-object NET_IZH_MLK
|
|
group-object NET_PS_PF
|
|
group-object NET_KOMOSGROUP
|
|
!
|
|
object-group network NET_LOTSMAN
|
|
host 91.210.192.218
|
|
host 146.120.105.190
|
|
host 91.228.57.11
|
|
!
|
|
object-group network NET_REMOTE_SITES
|
|
group-object NET_IZH_MLK
|
|
group-object NET_KOMOSGROUP
|
|
!
|
|
object-group network NET_SIP_PROVIDERS
|
|
host 195.34.37.35
|
|
host 178.45.249.116
|
|
host 213.219.235.45
|
|
host 185.127.149.60
|
|
!
|
|
object-group network NET_SIP_TRUNK
|
|
host 178.45.249.116
|
|
!
|
|
object-group network NET_UNIKON
|
|
host 85.143.250.30
|
|
!
|
|
object-group network NET_VARAKSINO
|
|
host 78.85.33.50
|
|
host 94.181.119.90
|
|
host 85.140.32.177
|
|
!
|
|
object-group network OBJ_BBN_RN_BBN
|
|
host 85.140.32.104
|
|
host 78.85.13.205
|
|
!
|
|
object-group network OBJ_BBN_VST_BBN
|
|
host 85.140.32.103
|
|
host 83.169.220.204
|
|
!
|
|
object-group network OBJ_IZH_MLK_IZM
|
|
host 85.140.32.27
|
|
host 78.85.13.42
|
|
host 5.227.126.169
|
|
host 31.173.105.54
|
|
host 217.14.195.253
|
|
host 85.175.86.74
|
|
!
|
|
object-group network OBJ_IZH_KG_P11
|
|
91.240.179.0 255.255.255.0
|
|
host 5.227.124.143
|
|
host 78.85.13.93
|
|
host 62.141.96.126
|
|
host 84.201.247.190
|
|
host 88.80.33.50
|
|
host 94.25.46.122
|
|
range 91.240.179.1 91.240.179.254
|
|
!
|
|
object-group network OBJ_IZH_VST_IZM
|
|
host 5.227.124.82
|
|
host 78.85.13.38
|
|
!
|
|
object-group network OBJ_IZH_TK_M44
|
|
host 212.46.204.74
|
|
host 88.80.33.162
|
|
!
|
|
object-group network OBJ_IZH_TK_M48
|
|
host 87.249.237.250
|
|
!
|
|
object-group network OBJ_IZH_TK_SMR
|
|
host 87.249.239.226
|
|
host 88.80.33.42
|
|
!
|
|
object-group network OBJ_MSK_KG_MSK
|
|
host 185.62.195.150
|
|
host 185.6.175.101
|
|
!
|
|
object-group network OBJ_GLZ_MLK_GMK
|
|
host 31.173.105.62
|
|
host 85.140.32.29
|
|
!
|
|
object-group network OBJ_KZN_MLK_KMK
|
|
host 83.69.126.54
|
|
host 94.180.253.210
|
|
host 78.138.171.82
|
|
!
|
|
object-group network OBJ_KEZ_MLK_KZS
|
|
host 31.173.105.66
|
|
host 78.85.13.52
|
|
host 85.140.32.30
|
|
!
|
|
object-group network OBJ_PRM_MLK_PHK
|
|
host 178.47.128.18
|
|
host 46.146.210.68
|
|
!
|
|
object-group network OBJ_SAR_MLK_SRM
|
|
host 31.173.105.58
|
|
host 78.85.13.53
|
|
host 85.140.32.28
|
|
!
|
|
object-group network OBJ_CLB_MLK_CMK
|
|
host 37.113.128.241
|
|
host 149.255.6.35
|
|
!
|
|
object-group network OBJ_GLZ_GKZ_GKZ
|
|
host 78.85.13.94
|
|
host 146.120.104.181
|
|
!
|
|
object-group network OBJ_KIA_RN_KIA
|
|
host 78.85.14.97
|
|
!
|
|
object-group network OBJ_IZH_TZK_TZK
|
|
host 78.25.80.134
|
|
host 5.227.124.235
|
|
!
|
|
object-group network OBJ_IZH_MK_VS17
|
|
host 5.227.124.141
|
|
!
|
|
object-group network OBJ_IZH_KL_KLI
|
|
host 78.85.15.85
|
|
host 84.201.247.24
|
|
host 79.175.36.97
|
|
host 84.201.244.235
|
|
!
|
|
object-group network OBJ_EKB_KG_EKB
|
|
host 62.168.232.182
|
|
host 176.215.14.11
|
|
!
|
|
object-group network OBJ_IZH_KEN_VS56
|
|
host 83.143.54.246
|
|
host 92.55.54.109
|
|
!
|
|
object-group network OBJ_IZH_VRS_IZM
|
|
host 85.140.32.177
|
|
host 78.85.14.98
|
|
!
|
|
object-group network OBJ_GLZ_VRS_UPF
|
|
host 95.215.208.234
|
|
host 78.85.13.119
|
|
!
|
|
object-group network OBJ_IZH_VRS_IPF
|
|
host 85.140.32.141
|
|
host 78.85.13.117
|
|
!
|
|
object-group network OBJ_IZH_VRS_PFV
|
|
host 85.140.32.178
|
|
host 94.181.119.90
|
|
host 78.85.33.50
|
|
!
|
|
object-group network OBJ_VOT_VRS_VPF
|
|
host 78.85.13.118
|
|
host 88.80.33.14
|
|
!
|
|
object-group network OBJ_MSB_TMA_MSB
|
|
host 78.138.182.214
|
|
!
|
|
object-group network OBJ_KIB_TMA_KIB
|
|
host 78.138.182.126
|
|
!
|
|
object-group network OBJ_PRM_VRS_MPF
|
|
host 178.47.130.10
|
|
host 5.227.121.127
|
|
!
|
|
object-group network OBJ_LAI_VRS_DPF
|
|
host 178.205.241.114
|
|
host 46.232.164.108
|
|
!
|
|
object-group network OBJ_SHM_TMA_SHM
|
|
host 89.232.91.106
|
|
host 31.173.182.210
|
|
!
|
|
object-group network OBJ_EVL_TMA_EVL
|
|
host 89.232.102.166
|
|
!
|
|
object-group network OBJ_ITL_VST_ITL
|
|
host 5.227.124.130
|
|
host 78.85.34.99
|
|
host 81.211.13.82
|
|
!
|
|
object-group network OBJ_MZH_VST_MZH
|
|
host 88.80.33.250
|
|
host 83.169.220.171
|
|
!
|
|
object-group network OBJ_KIA_VST_KIA
|
|
host 85.140.32.24
|
|
host 188.94.168.238
|
|
!
|
|
object-group network OBJ_KGB_VST_KBB
|
|
host 78.85.37.88
|
|
host 88.80.33.154
|
|
!
|
|
object-group network OBJ_SAR_VST_SMK
|
|
host 78.85.19.93
|
|
host 88.80.33.234
|
|
!
|
|
object-group network OBJ_KNK_VST_KMK
|
|
host 178.161.242.67
|
|
!
|
|
object-group network OBJ_IZH_KM_S61
|
|
host 84.201.247.32
|
|
host 88.80.33.194
|
|
!
|
|
object-group network OBJ_YAN_GKZ_YEL
|
|
host 77.94.97.222
|
|
!
|
|
object-group network OBJ_KUN_KMK_B2
|
|
94.138.150.0 255.255.255.0
|
|
!
|
|
object-group network OBJ_KUN_KMK_H80
|
|
host 178.161.207.26
|
|
host 77.43.193.88
|
|
!
|
|
object-group network OBJ_KUN_KMK_CH9
|
|
host 178.47.128.98
|
|
host 194.150.90.20
|
|
!
|
|
object-group network OBJ_KGB_RN_KGB
|
|
host 78.85.13.165
|
|
!
|
|
object-group network OBJ_NCH_RN_NCH
|
|
host 78.85.13.166
|
|
!
|
|
object-group network OBJ_PRI_RN_PRI
|
|
host 78.85.13.167
|
|
!
|
|
object-group network OBJ_URN_RN_URN
|
|
host 78.85.20.49
|
|
!
|
|
object-group network OBJ_MZH_TK_TKM
|
|
host 88.80.32.230
|
|
host 78.85.35.34
|
|
!
|
|
object-group network OBJ_GLZ_TK_TKG
|
|
host 95.215.208.240
|
|
host 146.120.104.235
|
|
host 95.215.208.173
|
|
!
|
|
object-group network OBJ_IZH_TK_M21
|
|
host 84.201.242.133
|
|
!
|
|
object-group network OBJ_IZH_HLA_PP
|
|
host 92.61.17.250
|
|
!
|
|
object-group network OBJ_IZH_HLA_UHK
|
|
host 92.55.7.148
|
|
!
|
|
object-group network OBJ_IZH_VD_VS17
|
|
host 84.201.247.100
|
|
!
|
|
object-group network OBJ_IZH_KS_H17
|
|
85.140.32.64 255.255.255.252
|
|
host 85.140.32.63
|
|
host 85.140.32.68
|
|
!
|
|
object-group network OBJ_SPB_KG_SPB
|
|
host 62.141.114.190
|
|
host 94.72.27.43
|
|
!
|
|
object-group network OBJ_BRANCHES
|
|
group-object OBJ_IZH_MLK_IZM
|
|
group-object OBJ_IZH_KG_P11
|
|
group-object OBJ_IZH_VST_IZM
|
|
group-object OBJ_IZH_TK_M44
|
|
group-object OBJ_IZH_TK_M48
|
|
group-object OBJ_IZH_TK_SMR
|
|
group-object OBJ_MSK_KG_MSK
|
|
group-object OBJ_GLZ_MLK_GMK
|
|
group-object OBJ_KZN_MLK_KMK
|
|
group-object OBJ_KEZ_MLK_KZS
|
|
group-object OBJ_PRM_MLK_PHK
|
|
group-object OBJ_SAR_MLK_SRM
|
|
group-object OBJ_CLB_MLK_CMK
|
|
group-object OBJ_BBN_RN_BBN
|
|
group-object OBJ_GLZ_GKZ_GKZ
|
|
group-object OBJ_KIA_RN_KIA
|
|
group-object OBJ_IZH_TZK_TZK
|
|
group-object OBJ_IZH_MK_VS17
|
|
group-object OBJ_IZH_KL_KLI
|
|
group-object OBJ_EKB_KG_EKB
|
|
group-object OBJ_IZH_KEN_VS56
|
|
group-object OBJ_IZH_VRS_IZM
|
|
group-object OBJ_GLZ_VRS_UPF
|
|
group-object OBJ_IZH_VRS_IPF
|
|
group-object OBJ_IZH_VRS_PFV
|
|
group-object OBJ_VOT_VRS_VPF
|
|
group-object OBJ_MSB_TMA_MSB
|
|
group-object OBJ_KIB_TMA_KIB
|
|
group-object OBJ_PRM_VRS_MPF
|
|
group-object OBJ_LAI_VRS_DPF
|
|
group-object OBJ_BBN_VST_BBN
|
|
group-object OBJ_SHM_TMA_SHM
|
|
group-object OBJ_EVL_TMA_EVL
|
|
group-object OBJ_ITL_VST_ITL
|
|
group-object OBJ_MZH_VST_MZH
|
|
group-object OBJ_KIA_VST_KIA
|
|
group-object OBJ_KGB_VST_KBB
|
|
group-object OBJ_SAR_VST_SMK
|
|
group-object OBJ_KNK_VST_KMK
|
|
group-object OBJ_IZH_KM_S61
|
|
group-object OBJ_YAN_GKZ_YEL
|
|
group-object OBJ_KUN_KMK_B2
|
|
group-object OBJ_KUN_KMK_H80
|
|
group-object OBJ_KUN_KMK_CH9
|
|
group-object OBJ_KGB_RN_KGB
|
|
group-object OBJ_NCH_RN_NCH
|
|
group-object OBJ_PRI_RN_PRI
|
|
group-object OBJ_URN_RN_URN
|
|
group-object OBJ_MZH_TK_TKM
|
|
group-object OBJ_GLZ_TK_TKG
|
|
group-object OBJ_IZH_TK_M21
|
|
group-object OBJ_IZH_HLA_PP
|
|
group-object OBJ_IZH_HLA_UHK
|
|
group-object OBJ_IZH_VD_VS17
|
|
group-object OBJ_IZH_KS_H17
|
|
group-object OBJ_SPB_KG_SPB
|
|
!
|
|
object-group network TORG_KOMP_KOMOS
|
|
host 87.249.237.250
|
|
host 88.80.33.162
|
|
host 212.46.204.74
|
|
!
|
|
object-group network OG_MOI_PLOSHADKI
|
|
group-object NET_VARAKSINO
|
|
group-object NET_LOTSMAN
|
|
group-object NET_AUDIT_RSM
|
|
group-object NET_UNIKON
|
|
group-object TORG_KOMP_KOMOS
|
|
group-object NET_AUDIT_PRICE
|
|
group-object NET_KOMOSGROUP
|
|
group-object KONTUR
|
|
group-object NET_CITEK
|
|
!
|
|
object-group network RT_VOIP
|
|
description --569641.17.rt.ru--
|
|
host 178.45.249.116
|
|
!
|
|
object-group network STATIC_ISP_IP
|
|
host 78.85.13.119
|
|
!
|
|
object-group service SVC_ANYCONNECT
|
|
tcp eq 443
|
|
!
|
|
object-group service SVC_EMAIL
|
|
tcp eq smtp
|
|
!
|
|
object-group service SVC_SNMP
|
|
udp eq snmp
|
|
udp eq snmptrap
|
|
!
|
|
username beltukov privilege 15 secret 5 $1$mnI8$Ll8gGvBeqUYRe82Wv.JfT/
|
|
username beltukov aaa attribute list ANYCONNECT_FULL_SIP
|
|
username emelyanov_mv privilege 2 secret 5 $1$rENx$JfKcYzrJY9dxwuX9V/9JY0
|
|
username emelyanov_mv aaa attribute list ANYCONNECT_RDP
|
|
username epifanov_ag privilege 2 secret 5 $1$qY56$qcddjdHQzPV/3eWIb9JJU/
|
|
username epifanov_ag aaa attribute list ANYCONNECT_RDP
|
|
username yalochkina_tv privilege 2 secret 5 $1$Ewwf$geZ4TJCsPLE/wA00wyGFX/
|
|
username yalochkina_tv aaa attribute list ANYCONNECT_RDP
|
|
username sudnishikov_as privilege 2 secret 5 $1$DWNd$TN6/Ni0Qeya33o43.GJ9C/
|
|
username sudnishikov_as aaa attribute list ANYCONNECT_RDP
|
|
username admin_avv privilege 15 secret 5 $1$NHbB$f8s2mF7A87XJK/V8O3Kj31
|
|
username pershin_an privilege 15 secret 5 $1$vnxI$hUZloCHJ0MALJI/aww7ZE.
|
|
username pershin_an aaa attribute list ANYCONNECT_FULL_SIP
|
|
username PWC1 privilege 2 secret 5 $1$pVm7$EDB3r3dFGGU6xF3udC0yk1
|
|
username PWC1 aaa attribute list ANYCONNECT_RDP
|
|
username PWC2 privilege 2 secret 5 $1$K62C$TDZ1GbRggadbShZzA9Kyb.
|
|
username PWC2 aaa attribute list ANYCONNECT_RDP
|
|
username PWC3 privilege 2 secret 5 $1$sA1W$oIDi5XIU0c2u2.679vbeI/
|
|
username PWC3 aaa attribute list ANYCONNECT_RDP
|
|
username fedotov_ni privilege 15 secret 5 $1$rc8o$0xTdVcKBhiJrXT1HRt4wg0
|
|
username fedotov_ni aaa attribute list ANYCONNECT_FULL_SIP
|
|
username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/
|
|
username PWC4 privilege 2 secret 5 $1$T8vs$JpCReqcvmwjYoov/JA7wx.
|
|
username PWC4 aaa attribute list ANYCONNECT_RDP
|
|
username PWC5 privilege 2 secret 5 $1$Pz7f$hAJrYQy.y3HPI4/SwQAnb0
|
|
username PWC5 aaa attribute list ANYCONNECT_RDP
|
|
username PWC6 privilege 2 secret 5 $1$Vc8e$TZ7CYPwx3BPKKx2m2mtgo1
|
|
username PWC6 aaa attribute list ANYCONNECT_RDP
|
|
username akhmetzyanovrr privilege 15 secret 5 $1$WzoX$SjIT.N621r3E.dAyBw0ae0
|
|
!
|
|
redundancy
|
|
!
|
|
!
|
|
!
|
|
!
|
|
lldp run
|
|
!
|
|
track 1 ip sla 1 reachability
|
|
delay down 26 up 11
|
|
!
|
|
track 11 ip sla 11 reachability
|
|
delay down 26 up 11
|
|
!
|
|
track 15 ip sla 15 reachability
|
|
delay down 26 up 11
|
|
!
|
|
!
|
|
!
|
|
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.10.03104-webdeploy-k9.pkg sequence 1
|
|
!
|
|
crypto vpn anyconnect flash0:/webvpn/anyconnect-macos-4.5.04029-webdeploy-k9.pkg sequence 2
|
|
!
|
|
crypto isakmp policy 150
|
|
encr aes
|
|
authentication pre-share
|
|
group 2
|
|
crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth
|
|
crypto isakmp keepalive 30
|
|
crypto isakmp nat keepalive 10
|
|
!
|
|
!
|
|
crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac
|
|
mode transport
|
|
!
|
|
crypto ipsec profile CRYPTO_IPSEC_DMVPN
|
|
description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE--
|
|
set transform-set CRYPTO_TS_DMVPN
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
interface Loopback0
|
|
description WEBVPN_ANYCONNECT_LOOPBACK
|
|
ip address 172.26.15.62 255.255.255.224
|
|
!
|
|
interface Loopback1
|
|
description -== REMOTE SENSOR ==-
|
|
ip address 10.1.72.6 255.255.255.255
|
|
!
|
|
interface Tunnel1
|
|
description BACKUP_CONNECTION_TO_MILKOM
|
|
bandwidth 100000
|
|
ip address 172.16.254.33 255.255.255.224
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip mtu 1400
|
|
ip nhrp authentication nh10002
|
|
ip nhrp map 172.16.254.62 78.85.14.98
|
|
ip nhrp map multicast 78.85.14.98
|
|
ip nhrp network-id 10002
|
|
ip nhrp holdtime 300
|
|
ip nhrp nhs 172.16.254.62
|
|
ip tcp adjust-mss 1360
|
|
tunnel source GigabitEthernet0/0
|
|
tunnel mode gre multipoint
|
|
tunnel key 34
|
|
!
|
|
interface Tunnel1001
|
|
description --DMVPN_SPOKE_24_CLOUD_1--
|
|
ip address 172.30.1.26 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip mtu 1400
|
|
ip flow ingress
|
|
ip flow egress
|
|
ip nhrp authentication M_K.Cl01
|
|
ip nhrp map 172.30.1.1 85.140.32.27
|
|
ip nhrp map 172.30.1.2 78.85.13.42
|
|
ip nhrp map multicast 85.140.32.27
|
|
ip nhrp map multicast 78.85.13.42
|
|
ip nhrp network-id 1001
|
|
ip nhrp holdtime 300
|
|
ip nhrp nhs 172.30.1.1
|
|
ip nhrp nhs 172.30.1.2
|
|
ip tcp adjust-mss 1360
|
|
tunnel source GigabitEthernet0/0
|
|
tunnel mode gre multipoint
|
|
tunnel key 1001
|
|
tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
|
|
!
|
|
interface Tunnel1002
|
|
description --DMVPN_SPOKE_24_CLOUD_2--
|
|
ip address 172.30.2.26 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip mtu 1400
|
|
ip flow ingress
|
|
ip flow egress
|
|
ip nhrp authentication M_K.Cl02
|
|
ip nhrp map 172.30.2.1 5.227.124.143
|
|
ip nhrp map 172.30.2.2 78.85.13.93
|
|
ip nhrp map multicast 5.227.124.143
|
|
ip nhrp map multicast 78.85.13.93
|
|
ip nhrp network-id 1002
|
|
ip nhrp holdtime 300
|
|
ip nhrp nhs 172.30.2.1
|
|
ip nhrp nhs 172.30.2.2
|
|
ip tcp adjust-mss 1360
|
|
tunnel source GigabitEthernet0/0
|
|
tunnel mode gre multipoint
|
|
tunnel key 1002
|
|
tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
|
|
!
|
|
interface Embedded-Service-Engine0/0
|
|
no ip address
|
|
shutdown
|
|
!
|
|
interface GigabitEthernet0/0
|
|
description ISP_ROSTELEKOM
|
|
ip address 78.85.13.119 255.255.255.0
|
|
ip access-group ACL_FIREWALL in
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat outside
|
|
ip inspect INTERNET out
|
|
ip virtual-reassembly in
|
|
duplex auto
|
|
speed auto
|
|
!
|
|
interface GigabitEthernet0/1
|
|
no ip address
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip flow ingress
|
|
ip flow egress
|
|
shutdown
|
|
duplex auto
|
|
speed auto
|
|
!
|
|
interface GigabitEthernet0/2
|
|
description LOCAL_NETWORK
|
|
no ip address
|
|
no ip redirects
|
|
no ip unreachables
|
|
duplex auto
|
|
speed auto
|
|
!
|
|
interface GigabitEthernet0/2.11
|
|
description LOCAL_NETWORK_AREA
|
|
encapsulation dot1Q 11
|
|
ip address 10.8.0.3 255.255.252.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 11 ip 10.8.0.1
|
|
standby 11 timers 5 15
|
|
standby 11 priority 110
|
|
standby 11 preempt delay minimum 30
|
|
standby 11 authentication upf2017
|
|
standby 11 name R2-LOCAL_NETWORK-HSRP
|
|
ip policy route-map RM_ROUTE_VIA_KERIO_VLAN_1
|
|
!
|
|
interface GigabitEthernet0/2.111
|
|
description PRINTERS_AREA
|
|
encapsulation dot1Q 111
|
|
ip address 10.8.4.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 111 ip 10.8.4.1
|
|
standby 111 timers 5 15
|
|
standby 111 priority 110
|
|
standby 111 preempt delay minimum 30
|
|
standby 111 authentication upf2017
|
|
standby 111 name R2-PRINTERS-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.112
|
|
description WEIGHT_DEVICE_AREA
|
|
encapsulation dot1Q 112
|
|
ip address 10.8.5.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 112 ip 10.8.5.1
|
|
standby 112 timers 5 15
|
|
standby 112 priority 110
|
|
standby 112 preempt delay minimum 30
|
|
standby 112 authentication upf2017
|
|
standby 112 name R2-WEIGHT_DEVICE-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.113
|
|
description USB_NETWORK_AREA
|
|
encapsulation dot1Q 113
|
|
ip address 10.8.6.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 113 ip 10.8.6.1
|
|
standby 113 timers 5 15
|
|
standby 113 priority 110
|
|
standby 113 preempt delay minimum 30
|
|
standby 113 authentication upf2017
|
|
standby 113 name R2-USB_NETWORK-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.114
|
|
description SKUD_AREA
|
|
encapsulation dot1Q 114
|
|
ip address 10.8.7.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 114 ip 10.8.7.1
|
|
standby 114 timers 5 15
|
|
standby 114 priority 110
|
|
standby 114 preempt delay minimum 30
|
|
standby 114 authentication upf2017
|
|
standby 114 name R2-SKUD-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.161
|
|
description WIRELESS_USERS_AREA
|
|
encapsulation dot1Q 161
|
|
ip address 10.8.8.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 161 ip 10.8.8.1
|
|
standby 161 timers 5 15
|
|
standby 161 priority 110
|
|
standby 161 preempt delay minimum 30
|
|
standby 161 authentication upf2017
|
|
standby 161 name R2-WIRELESS_USERS-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.211
|
|
description SERVERS_MGT_AREA
|
|
encapsulation dot1Q 211
|
|
ip address 10.8.9.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 211 ip 10.8.9.1
|
|
standby 211 timers 5 15
|
|
standby 211 priority 110
|
|
standby 211 preempt delay minimum 30
|
|
standby 211 authentication upf2017
|
|
standby 211 name R2-SERVERS_MGT-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.311
|
|
description NETWORK_MGT_AREA
|
|
encapsulation dot1Q 311
|
|
ip address 10.8.10.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 311 ip 10.8.10.1
|
|
standby 311 timers 5 15
|
|
standby 311 priority 110
|
|
standby 311 preempt delay minimum 30
|
|
standby 311 authentication upf2017
|
|
standby 311 name R2-NETWORK_MGT-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.361
|
|
description VOICE_AREA
|
|
encapsulation dot1Q 361
|
|
ip address 10.8.72.3 255.255.252.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 361 ip 10.8.72.1
|
|
standby 361 timers 5 15
|
|
standby 361 priority 110
|
|
standby 361 preempt delay minimum 30
|
|
standby 361 authentication upf2017
|
|
standby 361 name R2-VOICE-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.411
|
|
description VIDEO_AREA
|
|
encapsulation dot1Q 411
|
|
ip address 10.8.12.3 255.255.254.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 411 ip 10.8.12.1
|
|
standby 411 timers 5 15
|
|
standby 411 priority 110
|
|
standby 411 preempt delay minimum 30
|
|
standby 411 authentication upf2017
|
|
standby 411 name R2-VIDEO-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.511
|
|
description WIRELESS_GUEST_AREA
|
|
encapsulation dot1Q 511
|
|
ip address 10.8.14.3 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
standby version 2
|
|
standby 511 ip 10.8.14.1
|
|
standby 511 timers 5 15
|
|
standby 511 priority 110
|
|
standby 511 preempt delay minimum 30
|
|
standby 511 authentication upf2017
|
|
standby 511 name R2-WIRELESS_GUEST-HSRP
|
|
!
|
|
interface GigabitEthernet0/2.555
|
|
description --BGP_TRANSIT--
|
|
encapsulation dot1Q 555
|
|
ip address 172.30.30.154 255.255.255.248
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
router bgp 64524
|
|
bgp router-id 172.30.30.154
|
|
bgp log-neighbor-changes
|
|
bgp graceful-restart
|
|
aggregate-address 10.8.72.0 255.255.248.0
|
|
aggregate-address 10.8.0.0 255.255.240.0
|
|
redistribute connected route-map RM_BGP_REDISTR_CON
|
|
neighbor PG_BGP_OCOD peer-group
|
|
neighbor PG_BGP_OCOD remote-as 64512
|
|
neighbor PG_BGP_OCOD next-hop-self
|
|
neighbor PG_BGP_OCOD soft-reconfiguration inbound
|
|
neighbor PG_BGP_OCOD route-map RM_BGP_TO_HUB out
|
|
neighbor PG_BGP_RCOD peer-group
|
|
neighbor PG_BGP_RCOD remote-as 64513
|
|
neighbor PG_BGP_RCOD next-hop-self
|
|
neighbor PG_BGP_RCOD soft-reconfiguration inbound
|
|
neighbor PG_BGP_RCOD route-map RM_BGP_TO_HUB out
|
|
neighbor PG_BGP_MLK peer-group
|
|
neighbor PG_BGP_MLK remote-as 64523
|
|
neighbor PG_BGP_MLK next-hop-self
|
|
neighbor PG_BGP_MLK soft-reconfiguration inbound
|
|
neighbor PG_BGP_MLK prefix-list PFL_FROM_MLK in
|
|
neighbor PG_BGP_MLK prefix-list PFL_TO_MLK out
|
|
neighbor 172.16.254.62 peer-group PG_BGP_MLK
|
|
neighbor 172.30.1.1 peer-group PG_BGP_OCOD
|
|
neighbor 172.30.1.2 peer-group PG_BGP_OCOD
|
|
neighbor 172.30.1.2 route-map RM_BGP_FROM_HUB in
|
|
neighbor 172.30.2.1 peer-group PG_BGP_RCOD
|
|
neighbor 172.30.2.2 peer-group PG_BGP_RCOD
|
|
neighbor 172.30.30.153 remote-as 64524
|
|
neighbor 172.30.30.153 next-hop-self
|
|
distance bgp 150 150 150
|
|
!
|
|
ip local pool ANYCONNECT_POOL 172.26.15.33 172.26.15.61
|
|
ip default-gateway 78.85.13.1
|
|
ip forward-protocol nd
|
|
!
|
|
no ip http server
|
|
no ip http secure-server
|
|
ip http secure-ciphersuite
|
|
ip flow-export source GigabitEthernet0/2.311
|
|
ip flow-export version 5
|
|
ip flow-export destination 10.4.0.215 9995
|
|
ip flow-export destination 10.4.0.217 9995
|
|
!
|
|
ip tftp source-interface GigabitEthernet0/2.311
|
|
ip dns view default
|
|
domain timeout 2
|
|
ip dns server
|
|
ip nat translation timeout 450
|
|
ip nat translation tcp-timeout 300
|
|
ip nat translation pptp-timeout 1800
|
|
ip nat translation udp-timeout 45
|
|
ip nat translation dns-timeout 5
|
|
ip nat translation port-timeout tcp 110 60
|
|
ip nat translation port-timeout tcp 25 60
|
|
ip nat translation port-timeout tcp 80 15
|
|
ip nat translation port-timeout udp 5060 180
|
|
ip nat translation max-entries all-host 400
|
|
ip nat translation max-entries host 10.8.0.4 30000
|
|
ip nat translation max-entries host 10.8.0.11 10000
|
|
ip nat translation max-entries host 172.16.2.2 40000
|
|
ip nat inside source route-map ISP_RT interface GigabitEthernet0/0 overload
|
|
ip nat inside source static tcp 10.8.0.4 3389 78.85.13.119 3389 extendable
|
|
ip nat inside source static tcp 10.8.0.4 4090 78.85.13.119 4090 extendable
|
|
ip nat inside source static udp 10.8.0.4 4090 78.85.13.119 4090 extendable
|
|
ip nat inside source static tcp 10.8.72.10 5060 78.85.13.119 5060 extendable
|
|
ip nat inside source static udp 10.8.72.10 5060 78.85.13.119 5060 extendable
|
|
ip nat inside source static tcp 10.8.0.4 443 78.85.13.119 9443 extendable
|
|
ip route 0.0.0.0 0.0.0.0 78.85.13.1
|
|
ip route 172.26.15.0 255.255.255.224 10.8.0.4 name --LAN--
|
|
ip route 172.26.15.64 255.255.255.192 10.8.10.2
|
|
ip route 172.26.15.128 255.255.255.252 10.8.0.4
|
|
ip route 172.26.15.144 255.255.255.240 10.8.0.4
|
|
ip route 172.26.15.160 255.255.255.240 10.8.0.4
|
|
ip route 172.26.15.176 255.255.255.240 10.8.0.4
|
|
ip route 192.168.15.0 255.255.255.0 10.8.0.4 name --PRODACTION--
|
|
ip ssh source-interface GigabitEthernet0/2.311
|
|
ip ssh version 2
|
|
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
|
|
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
|
|
!
|
|
ip access-list standard ACL_LOCAL_NETWORK_NET
|
|
permit 10.8.0.0 0.0.3.255
|
|
ip access-list standard ACL_NETWORK_MGT_NET
|
|
permit 10.8.10.0 0.0.0.255
|
|
ip access-list standard ACL_NTP_CLIENTS
|
|
permit 10.8.0.0 0.0.15.255
|
|
ip access-list standard ACL_NTP_SERVERS
|
|
permit 91.226.136.136
|
|
permit 91.226.136.142
|
|
deny any
|
|
ip access-list standard ACL_PRINTERS_NET
|
|
permit 10.8.4.0 0.0.0.255
|
|
ip access-list standard ACL_SERVERS_MGT_NET
|
|
permit 10.8.9.0 0.0.0.255
|
|
ip access-list standard ACL_SKUD_NET
|
|
permit 10.8.7.0 0.0.0.255
|
|
ip access-list standard ACL_SPLIT_ADMIN
|
|
permit 192.168.72.64 0.0.0.63
|
|
permit 192.168.72.192 0.0.0.63
|
|
permit 10.8.0.0 0.0.15.255
|
|
ip access-list standard ACL_SPLIT_FULL
|
|
permit 192.168.72.64 0.0.0.63
|
|
permit 10.8.0.0 0.0.15.255
|
|
ip access-list standard ACL_SPLIT_FULL_SIP
|
|
permit 192.168.72.64 0.0.0.63
|
|
permit 10.8.0.0 0.0.15.255
|
|
permit 10.8.72.0 0.0.3.255
|
|
ip access-list standard ACL_SPLIT_RDP
|
|
permit 10.8.0.4
|
|
permit 10.8.0.11
|
|
permit 10.8.0.12
|
|
permit 192.168.72.66
|
|
permit 192.168.72.79
|
|
ip access-list standard ACL_USB_NETWORK_NET
|
|
permit 10.8.6.0 0.0.0.255
|
|
ip access-list standard ACL_VIDEO_NET
|
|
permit 10.8.12.0 0.0.1.255
|
|
ip access-list standard ACL_VOICE_NET
|
|
permit 10.8.11.0 0.0.0.255
|
|
permit 10.8.72.0 0.0.3.255
|
|
ip access-list standard ACL_WEIGHT_DEVICE_NET
|
|
permit 10.8.5.0 0.0.0.255
|
|
ip access-list standard ACL_WIRELESS_GUEST_NET
|
|
permit 10.8.14.0 0.0.0.255
|
|
ip access-list standard ACL_WIRELESS_USERS_NET
|
|
permit 10.8.8.0 0.0.0.255
|
|
!
|
|
ip access-list extended ACL_ANYCONNECT_RDP
|
|
permit tcp any host 10.8.0.11 eq domain
|
|
permit udp any host 10.8.0.11 eq domain
|
|
permit tcp any host 10.8.0.12 eq domain
|
|
permit udp any host 10.8.0.12 eq domain
|
|
permit tcp any host 192.168.72.66 eq 443
|
|
permit tcp any host 10.8.0.14 eq 3389
|
|
permit tcp any host 10.8.0.4 eq 3389
|
|
permit tcp any host 192.168.72.79 eq 3389
|
|
permit tcp any host 10.8.0.4 eq 443
|
|
ip access-list extended ACL_FIREWALL
|
|
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
|
|
permit udp any eq domain object-group STATIC_ISP_IP
|
|
permit object-group KERIO_VPN any object-group STATIC_ISP_IP
|
|
permit ip object-group NET_SIP_PROVIDERS object-group STATIC_ISP_IP
|
|
permit udp any eq ntp object-group STATIC_ISP_IP
|
|
permit object-group SVC_EMAIL any object-group STATIC_ISP_IP
|
|
permit icmp any any unreachable
|
|
permit icmp any any echo-reply
|
|
permit icmp any any packet-too-big
|
|
permit icmp any any time-exceeded
|
|
permit icmp any any traceroute
|
|
permit icmp any any administratively-prohibited
|
|
permit icmp any any echo
|
|
permit object-group SVC_ANYCONNECT any object-group STATIC_ISP_IP
|
|
permit tcp object-group OG_MOI_PLOSHADKI object-group STATIC_ISP_IP eq 3389
|
|
permit tcp object-group OG_MOI_PLOSHADKI object-group STATIC_ISP_IP eq 9443
|
|
permit tcp object-group NET_SIP_TRUNK object-group STATIC_ISP_IP eq 5060
|
|
permit udp object-group NET_SIP_TRUNK object-group STATIC_ISP_IP eq 5060
|
|
permit tcp object-group OG_MOI_PLOSHADKI object-group STATIC_ISP_IP eq www
|
|
ip access-list extended ACL_LOCAL_TRAFFIC
|
|
permit ip any 10.8.0.0 0.0.255.255
|
|
permit ip any 172.16.0.0 0.15.255.255
|
|
permit ip any 10.8.72.0 0.0.3.255
|
|
permit tcp host 10.8.0.14 eq 3389 any
|
|
permit tcp host 10.8.0.4 eq 3389 any
|
|
permit tcp host 192.168.72.79 eq 3389 any
|
|
permit tcp host 10.8.0.4 eq 443 any
|
|
!
|
|
!
|
|
ip prefix-list PFL_BGP_REDISTR_CON seq 10 permit 10.0.0.0/8 le 24
|
|
ip prefix-list PFL_BGP_REDISTR_CON seq 20 permit 172.26.15.0/24 le 25
|
|
!
|
|
ip prefix-list PFL_FROM_MLK seq 10 permit 192.168.72.0/24 le 26
|
|
!
|
|
ip prefix-list PFL_TO_HUB seq 10 permit 10.8.0.0/20
|
|
ip prefix-list PFL_TO_HUB seq 20 permit 10.8.72.0/21
|
|
!
|
|
ip prefix-list PFL_TO_MLK seq 10 permit 10.8.0.0/20 le 24
|
|
ip prefix-list PFL_TO_MLK seq 20 permit 10.8.72.0/21 le 24
|
|
ip prefix-list PFL_TO_MLK seq 30 permit 172.26.15.0/24 le 25
|
|
ip sla 1
|
|
icmp-echo 78.85.13.1 source-interface GigabitEthernet0/0
|
|
threshold 2
|
|
timeout 2000
|
|
frequency 5
|
|
ip sla schedule 1 life forever start-time now
|
|
kron occurrence EveryDay at 1:30 recurring
|
|
policy-list SaveBackup
|
|
!
|
|
kron policy-list SaveBackup
|
|
cli write memory
|
|
!
|
|
logging trap debugging
|
|
!
|
|
route-map ISP_RT permit 10
|
|
match ip address ACL_WIRELESS_GUEST_NET ACL_ACCESS_NET ACL_GUEST_NET ACL_KERIO_GATEWAY ACL_VOICE_NET ACL_LOCAL_NETWORK_NET
|
|
match interface GigabitEthernet0/0
|
|
!
|
|
route-map RM_BGP_REDISTR_CON permit 10
|
|
match ip address prefix-list PFL_BGP_REDISTR_CON
|
|
!
|
|
route-map RM_ROUTE_VIA_KERIO_VLAN_1 permit 5
|
|
match ip address ACL_LOCAL_TRAFFIC
|
|
!
|
|
route-map RM_ROUTE_VIA_KERIO_VLAN_1 permit 10
|
|
set ip next-hop verify-availability 10.8.0.4 10 track 11
|
|
!
|
|
route-map RM_BGP_TO_HUB permit 10
|
|
match ip address prefix-list PFL_TO_HUB
|
|
!
|
|
route-map RM_BGP_FROM_HUB permit 10
|
|
set local-preference 1000
|
|
!
|
|
!
|
|
snmp-server community public RO
|
|
snmp-server community lmTUEsk6Yvlv RO
|
|
!
|
|
radius server IZH-RDS002
|
|
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
|
|
timeout 3
|
|
retransmit 2
|
|
key 7 07073847682838253F1552345D2C382B23043D77025F01061B151F66520D022A110C555C7F784A59660E4955357D00251115304821110B03727C2C2A235317215C
|
|
!
|
|
radius server IZH-RDS003
|
|
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
|
|
timeout 3
|
|
retransmit 2
|
|
key 7 104610122336332B240373137D2E203A29240F431259415C4210123002411A70514D5F567D7F135734024A04363651255918321C0B5B4A2B273732212D4801007B
|
|
!
|
|
!
|
|
!
|
|
control-plane
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
mgcp behavior rsip-range tgcp-only
|
|
mgcp behavior comedia-role none
|
|
mgcp behavior comedia-check-media-src disable
|
|
mgcp behavior comedia-sdp-force disable
|
|
!
|
|
mgcp profile default
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
gatekeeper
|
|
shutdown
|
|
!
|
|
!
|
|
no vstack
|
|
alias exec q exit
|
|
!
|
|
line con 0
|
|
logging synchronous
|
|
login authentication CONSOLE
|
|
line aux 0
|
|
line 2
|
|
no activation-character
|
|
no exec
|
|
transport preferred none
|
|
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
|
|
stopbits 1
|
|
line vty 0 4
|
|
exec-timeout 120 0
|
|
logging synchronous
|
|
length 0
|
|
transport input ssh
|
|
line vty 5 15
|
|
exec-timeout 120 0
|
|
logging synchronous
|
|
transport input ssh
|
|
!
|
|
scheduler allocate 20000 1000
|
|
ntp source GigabitEthernet0/0
|
|
ntp access-group peer ACL_NTP_SERVERS
|
|
ntp access-group serve-only ACL_NTP_CLIENTS
|
|
ntp master 3
|
|
ntp update-calendar
|
|
ntp server 91.226.136.136 prefer
|
|
ntp server 91.226.136.142
|
|
!
|
|
!
|
|
webvpn gateway ANYCONNECT-WEBVPN-GATEWAY
|
|
ip interface GigabitEthernet0/0 port 443
|
|
ssl encryption aes128-sha1 aes256-sha1 rsa-dhe-aes256-sha1
|
|
ssl trustpoint UDMPF_RU_2022
|
|
inservice
|
|
!
|
|
webvpn context ANYCONNECT-WEBVPN
|
|
title " KOMOS.RU WebVPN - Powered By Cisco Systems "
|
|
aaa authentication list sslvpn
|
|
aaa authorization list sslvpn
|
|
gateway ANYCONNECT-WEBVPN-GATEWAY
|
|
max-users 50
|
|
!
|
|
ssl authenticate verify all
|
|
!
|
|
url-list "rewrite"
|
|
inservice
|
|
!
|
|
policy group WEBVPN_POLICY_RDP
|
|
functions svc-enabled
|
|
filter tunnel ACL_ANYCONNECT_RDP
|
|
svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
|
|
svc rekey method new-tunnel
|
|
svc split include acl ACL_SPLIT_RDP
|
|
svc dns-server primary 10.8.0.11
|
|
svc dns-server secondary 10.8.0.12
|
|
!
|
|
policy group WEBVPN_POLICY_FULL
|
|
functions svc-enabled
|
|
svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
|
|
svc rekey method new-tunnel
|
|
svc split include acl ACL_SPLIT_FULL
|
|
svc dns-server primary 10.8.0.11
|
|
svc dns-server secondary 10.8.0.12
|
|
!
|
|
policy group WEBVPN_POLICY_FULL_SIP
|
|
functions svc-enabled
|
|
svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
|
|
svc rekey method new-tunnel
|
|
svc split include acl ACL_SPLIT_FULL_SIP
|
|
svc dns-server primary 10.8.0.11
|
|
svc dns-server secondary 10.8.0.12
|
|
!
|
|
policy group WEBVPN_POLICY_ADMIN
|
|
functions svc-enabled
|
|
svc address-pool "ANYCONNECT_POOL" netmask 255.255.255.128
|
|
svc rekey method new-tunnel
|
|
svc split include acl ACL_SPLIT_ADMIN
|
|
svc dns-server primary 10.8.0.11
|
|
svc dns-server secondary 10.8.0.12
|
|
default-group-policy WEBVPN_POLICY_RDP
|
|
!
|
|
end |