Untitled

hub-cnt-01#sh run

Building configuration...
Current configuration : 3989 bytes
!
! Last configuration change at 13:48:41 GMT Mon May 6 2019 by admin
! NVRAM config last updated at 13:58:38 GMT Mon May 6 2019 by admin
!
version 15.7
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname hub-cnt-01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 UQO0
!
aa new-model
!
!
aaa authentication login default local
aaa authentication login local_access local
aaa authorization exec default local
!
!
!
!
!
!
aaa session-id common
clock timezone GMT 10 0
clock calendar-valid
!
!
!
!
ip domain name corp.ххх.ru
ip host hub-cnt-01 172.16.100.3
ip cef
login block-for 60 attempts 3 within 30
login delay 5
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
multilink bundle-name authenticated
!
!
!
password encryption aes
!
!
license udi pid CISCO2911/K9 sn FHK1452F1Q6
!
!
object-group service DENY_PORTS_IN
tcp eq 22
tcp eq www
tcp eq telnet
!
object-group network local_cws_net
!
object-group network local_lan_subnets
any
!
object-group network vpn_remote_subnets
any
!
username admin secret 5 $1$
!
redundancy
!
!
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
crypto isakmp policy 10
encr aes 256
hash md5
authentication pre-share

crypto isakmp key 6 HLVAYOcAAB address 0.0.0.0
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set TRANS_SET esp-aes 256 esp-md5-hmac
mode transport
!
crypto ipsec profile IPSEC_PROF
set transform-set TRANS_SET
!
!
!
!
interface Tunnel1
description ***PRIMARY DMVPN CLOUD PODRYAD***
bandwidth 10000
ip address 10.10.1.1 255.255.255.0
no ip redirects
ip mtu 1472
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp authentication 67
ip nhrp network-id 1
ip nhrp redirect
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile IPSEC_PROF
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1

ip address 31.хх.хх.204 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0/0/0
no ip address
!
interface FastEthernet0/0/1
no ip address
!
interface FastEthernet0/0/2
no ip address
!
interface FastEthernet0/0/3
no ip address
!
interface Vlan1
ip address 172.16.100.3 255.255.255.0
!
!
!
router eigrp 1
network 10.10.1.0 0.0.0.255
network 172.16.100.0 0.0.0.255
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 31.хх.хх.201
ip ssh logging events
ip ssh version 2
!
ip access-list extended ACCESS_SSH
permit ip host 172.16.100.127 any log
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
ipv6 ioam timestamp
!
!
!
!
!
control-plane
!
!
vstack
!
line con 0
logging synchronous
login authentication local_access
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class ACCESS_SSH in
privilege level 15
logging synchronous
login authentication local_access
transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 91.206.16.3
ntp server 89.109.251.23
ntp server 88.212.196.95
!
end