msk-arbat-gw1
hostname msk-arbat-gw1
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key DMVPNpass address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set AES128-SHA esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-P
set transform-set AES128-SHA
!
!
!
!
!
interface Loopback0
ip address 172.16.255.1 255.255.255.255
!
interface Tunnel0
ip address 172.16.254.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip ospf network broadcast
tunnel source FastEthernet0/1.6
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN-P
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0.2
description Management
encapsulation dot1Q 2
ip address 172.16.1.1 255.255.255.0
ip access-group Management-out out
!
interface FastEthernet0/0.3
description Servers
encapsulation dot1Q 3
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.101
description PTO
encapsulation dot1Q 101
ip address 172.16.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.102
description FEO
encapsulation dot1Q 102
ip address 172.16.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.103
description Accounting
encapsulation dot1Q 103
ip address 172.16.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.104
description Other
encapsulation dot1Q 104
ip address 172.16.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.4
description SPB
encapsulation dot1Q 4
ip address 172.16.2.1 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.5
description KMR
encapsulation dot1Q 5
ip address 172.16.2.17 255.255.255.252
!
interface FastEthernet0/1.6
description Internet
encapsulation dot1Q 6
ip address 198.51.100.2 255.255.255.240
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/1.7
description KLGR
encapsulation dot1Q 7
ip address 172.16.2.33 255.255.255.252
!
interface FastEthernet0/1.8
description KRS
encapsulation dot1Q 8
ip address 172.16.2.129 255.255.255.252
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0.911
description VLD
encapsulation dot1Q 911
ip address 172.16.2.198 255.255.255.252
!
!
router ospf 1
router-id 172.16.255.1
log-adjacency-changes
passive-interface FastEthernet0/0.2
passive-interface FastEthernet0/0.3
passive-interface FastEthernet0/0.101
passive-interface FastEthernet0/0.102
passive-interface FastEthernet0/0.103
passive-interface FastEthernet0/0.104
passive-interface FastEthernet0/1.6
network 172.16.0.0 0.0.255.255 area 0
default-information originate
!
ip route 0.0.0.0 0.0.0.0 198.51.100.1
!
!
no ip http server
no ip http secure-server
ip nat pool main_pool 198.51.100.2 198.51.100.14 netmask 255.255.255.240
ip nat inside source list nat-inet pool main_pool overload
ip nat inside source static tcp 172.16.0.2 80 198.51.100.2 80 extendable
ip nat inside source static tcp 172.16.0.3 21 198.51.100.3 21 extendable
ip nat inside source static tcp 172.16.0.4 25 198.51.100.4 25 extendable
ip nat inside source static tcp 172.16.0.4 110 198.51.100.4 110 extendable
!
ip access-list extended Management-out
remark IAM
permit ip host 172.16.6.61 172.16.1.0 0.0.0.255
remark ADMIN
permit ip host 172.16.6.66 172.16.1.0 0.0.0.255
ip access-list extended Servers-out
permit icmp any any
remark WEB
permit tcp any host 172.16.0.2 eq www
permit tcp host 172.16.6.66 host 172.16.0.2 range ftp-data ftp
permit tcp host 172.16.6.66 host 172.16.0.2 eq telnet
remark FILE
permit tcp 172.16.0.0 0.0.255.255 host 172.16.0.3 eq 445
permit tcp any host 172.16.0.3 range ftp-data ftp
remark MAIL
permit tcp any host 172.16.0.4 eq pop3
permit tcp any host 172.16.0.4 eq smtp
remark DNS
permit udp 172.16.0.0 0.0.255.255 host 172.16.0.5 eq domain
ip access-list extended nat-inet
remark PTO
remark ACCOUNTING
remark MAIL
remark PTO
permit tcp 172.16.3.0 0.0.0.255 host 192.0.2.2 eq www
remark ACCOUNTING
permit ip 172.16.5.0 0.0.0.255 host 192.0.2.3
permit ip 172.16.5.0 0.0.0.255 host 192.0.2.4
remark FEO
permit ip host 172.16.4.123 any
remark IAM
permit ip host 172.16.6.61 any
remark ADMIN
permit ip host 172.16.6.66 any
remark SPB_VSL_ISLAND
permit ip host 172.16.16.222 any
remark SPB_OZERKI
permit ip host 172.16.17.222 any
remark KMR
permit ip host 172.16.24.222 any
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 0822455D0A16
logging synchronous
login
Internet
hostname Internet
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.6
encapsulation dot1Q 6
ip address 198.51.100.1 255.255.255.240
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 198.51.101.1 255.255.255.252
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 198.51.102.1 255.255.255.252
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 198.51.103.1 255.255.255.252
nsk-obsea-gw1
hostname nsk-obsea-gw1
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key DMVPNpass address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set AES128-SHA esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-P
set transform-set AES128-SHA
!
!
!
!
!
interface Loopback0
ip address 172.16.255.128 255.255.255.255
!
interface Tunnel0
ip address 172.16.254.2 255.255.255.0
no ip redirects
ip nhrp map 172.16.254.1 198.51.100.2
ip nhrp map multicast 198.51.100.2
ip nhrp network-id 1
ip nhrp nhs 172.16.254.1
ip ospf network broadcast
ip ospf priority 0
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN-P
!
interface FastEthernet0/0
description Internet
ip address 198.51.101.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
router ospf 1
router-id 172.16.255.2
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
!
ip route 0.0.0.0 0.0.0.0 198.51.101.1
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 0822455D0A16
logging synchronous
login
tmsk-lenina-gw1
hostname tmsk-lenina-gw1
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key DMVPNpass address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set AES128-SHA esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-P
set transform-set AES128-SHA
!
!
!
!
!
interface Loopback0
ip address 172.16.255.132 255.255.255.255
!
interface Tunnel0
ip address 172.16.254.3 255.255.255.0
no ip redirects
ip nhrp map 172.16.254.1 198.51.100.2
ip nhrp map multicast 198.51.100.2
ip nhrp network-id 1
ip nhrp nhs 172.16.254.1
ip ospf network broadcast
ip ospf priority 0
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN-P
!
interface FastEthernet0/0
ip address 198.51.102.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
router ospf 1
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
!
ip route 0.0.0.0 0.0.0.0 198.51.102.1
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 0822455D0A16
logging synchronous
login