Just to clarify  that you mentioned source as below IP  - what is the reason they access your network ?

Tomas Subnets ( 185.128.38.128/29 and 185.128.38.200/30 ) 

GGC ( Google Cache ) Ips (185.128.39.0/29 and 62.201.204.0/27)

FNA ( Facebook Cache ) Ips (62.201.192.0/26)

I  believe you are looking from LAN network to reach above address ? is this correct ? 

GGC = 50m

Fna = 20m

all other traffice =10m

yessssssss

Now I'm lost honestly. You answered my question saying these public IPs are your source.But you replied Yes to Balaji who's saying LAN is trying to reach these IPs, which means your LAN is your source and these IPs are destination.

If I assume these IPs are destination and no matter which subnet from your LAN access these IPs, you want to apply the following policies, the configuration would look like:
Tomas Subnets ( 185.128.38.128/29 and 185.128.38.200/30 )

GGC ( Google Cache ) Ips (185.128.39.0/29 and 62.201.204.0/27)

FNA ( Facebook Cache ) Ips (62.201.192.0/26)

i want do this:

Tomas limit

GGC = 50m

Fna = 20m

all other traffice =10m

ip access-list extended Tomas

 permit ip any 185.128.38.128 0.0.0.7

 permit ip any 185.128.38.200 0.0.0.3

!

ip access-list extended GGC

 permit ip any 185.128.39.0 0.0.0.7

 permit ip any 62.201.204.0 0.0.0.31

!

ip access-list extended FNA

 permit ip any 62.201.192.0 0.0.0.63

!

class-map match-any CMAP-Tomas

  match ip address Tomas

class-map match-any CMAP-GGC

  match ip address GGC

class-map match-any CMAP-FNA

  match ip address FNA

!

policy-map PMAP-BANDWIDTH

 class CMAP-Tomas

   police xxx --> You didn't say the limit you want for those IPs

 class CMAP-GGC

   police 50m

 class CMAP-FNA

   police 20m

 class class-default

   police 10m

!

Then apply it on your interface to access outside (internet) or the one before your firewall....

interface giga x/x/x

 service-policy output PMAP-BANDWIDTH

hello,

those public ip is source for Tomas and GGC, FNA, other are the destination . can you please check where is my fault here : 

101 GGC-CNC
102 GGC-IQ
103 FNA-IQ
104 CDN-IQ
105 internet

access-list 101 permit ip 185.128.39.0 255.255.255.224 any
access-list 102 permit ip 62.201.204.0 255.255.255.224 any
access-list 102 permit ip 62.201.216.128 255.255.255.128 any
access-list 103 permit ip 62.201.204.192 255.255.255.192 any
access-list 104 permit ip 62.201.250.0 255.255.254.0 any

access-list 105 permit ip 185.128.37.144 255.255.255.240 any
access-list 105 permit ip 185.128.37.228 255.255.255.252 any
access-list 105 permit ip 185.128.37.40 255.255.255.248 any
access-list 105 permit ip 185.128.38.144 255.255.255.252 any

class-map GGC-CNC-QQQ
match access-group 101

class-map GGC-IQ-QQQ
match access-group 102


class-map FNA-IQ-QQQ
match access-group 103

class-map CDN-IQ-QQQ
match access-group 104

class-map M.Hurriya-Internet
match access-group 105




policy-map M.Hurriya
class GGC-CNC-QQQ
police 20000000000 conform transmit exceed drop

class GGC-IQ-QQQ
police 20000000000 conform transmit exceed drop

class FNA-IQ-QQQ
police 20000000000 conform transmit exceed drop

class CDN-IQ-QQQ
police 20000000000 conform transmit exceed drop

class M.Hurriya-Internet
police 20000000000 conform transmit exceed drop

this way fails too,

object-group ip address M.hurriya-GGC-CNC
185.128.39.0 255.255.255.224

object-group ip address M.hurriya-GGC-IQ
62.201.204.0 255.255.255.224
62.201.216.128 255.255.255.128

object-group ip address M.hurriya-FNA
62.201.204.192 255.255.255.192

object-group ip address M.hurriya-CDN
62.201.250.0 255.255.254.0

object-group ip address M.hurriya-Internet
185.128.37.144 255.255.255.240
185.128.37.228 255.255.255.252
185.128.37.40 255.255.255.248
185.128.38.144 255.255.255.252

class-map match-all M.hurriya-GGC-CNC
match access-group name M.hurriya-GGC-CNC

class-map match-all M.hurriya-GGC-IQ
match access-group name M.hurriya-GGC-IQ

class-map match-all M.hurriya-FNA
match access-group name M.hurriya-FNA

class-map match-all M.hurriya-CDN
match access-group name M.hurriya-CDN

class-map match-all M.hurriya-Internet
match access-group name M.hurriya-Internet




policy-map M.Hurriya
class M.hurriya-GGC-CNC
police rate 20000000000
conform-action transmit
exceed-action drop

class M.hurriya-GGC-IQ
police rate 20000000000
conform-action transmit
exceed-action drop

class M.hurriya-FNA
police rate 20000000000
conform-action transmit
exceed-action drop

class M.hurriya-CDN
police rate 20000
conform-action transmit
exceed-action drop

class M.hurriya-Internet
police rate 20000000000
conform-action transmit
exceed-action drop

ip access-list extended M.Hurriya
permit ip any addrgroup M.Hurriya

this is the full configuration please can you check why i cant limit m.hurriya on 20m ?

!
version 15.1
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
service counters max age 5
service unsupported-transceiver
!
hostname CNC-GW

!
!
!
!
!
!
!
ip domain-name cnc-iq.com
ip name-server 62.201.201.201
ip name-server 8.8.8.8
ipv6 unicast-routing
mls netflow interface
mls qos
mls cef error action reset
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
object-group ip address Akamai
62.201.250.0 255.255.254.0
!
object-group ip address FACEBOOK
31.13.24.0 255.255.248.0
31.13.64.0 255.255.192.0
45.64.40.0 255.255.252.0
66.220.144.0 255.255.240.0
69.63.176.0 255.255.240.0
69.171.224.0 255.255.224.0
74.119.76.0 255.255.252.0
103.4.96.0 255.255.252.0
157.240.0.0 255.255.128.0
173.252.64.0 255.255.192.0
179.60.192.0 255.255.252.0
185.60.216.0 255.255.252.0
204.15.20.0 255.255.252.0
!
object-group ip address FNA
62.201.204.192 255.255.255.192
!
object-group ip address GGC-CNC
185.128.39.0 255.255.255.224
!
object-group ip address GGC-IQ
62.201.216.128 255.255.255.128
62.201.204.0 255.255.255.192
!
object-group ip address GOOGLE
74.125.0.0 255.255.0.0
173.194.0.0 255.255.0.0
173.255.112.0 255.255.240.0
!
object-group ip address ISTAR
185.128.37.0 255.255.255.248
185.128.37.12 255.255.255.252
62.201.200.32 255.255.255.248
!
object-group ip address M.hurriya-CDN
62.201.250.0 255.255.254.0
!
object-group ip address M.hurriya-FNA
62.201.204.192 255.255.255.192
!
object-group ip address M.hurriya-GGC-CNC
185.128.39.0 255.255.255.224
!
object-group ip address M.hurriya-GGC-IQ
62.201.204.0 255.255.255.224
62.201.216.128 255.255.255.128
!
object-group ip address M.hurriya-Internet
185.128.37.144 255.255.255.240
185.128.37.228 255.255.255.252
185.128.37.40 255.255.255.248
185.128.38.144 255.255.255.252
!
object-group ip address SuperSell
185.128.38.136 255.255.255.248
185.128.37.208 255.255.255.240
185.128.38.168 255.255.255.252
185.128.38.164 255.255.255.252
185.128.37.88 255.255.255.252
185.128.38.140 255.255.255.252
185.128.38.172 255.255.255.252
!
!
spanning-tree mode pvst
!
redundancy
main-cpu
auto-sync running-config
mode sso
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
ip ftp source-interface GigabitEthernet7/1
ip ftp username 1
ip ftp password 7 075E731F1A
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
class-map match-all M.hurriya-GGC-CNC
match access-group name M.hurriya-GGC-CNC
class-map match-all FACEBOOK
match access-group name FACEBOOK
class-map match-all AKAMAI
match access-group name AKAMAI
class-map match-all M.hurriya-Internet
match access-group name M.hurriya-Internet
class-map match-all PURE-NODE
match access-group name PURE-NODE
class-map match-all GGC
match access-group name GGC
class-map match-all FNA
match access-group name FNA
class-map match-all M.hurriya-GGC-IQ
match access-group name M.hurriya-GGC-IQ
class-map match-all ISTAR
match access-group name ISTAR
class-map match-all M.hurriya-FNA
match access-group name M.hurriya-FNA
class-map match-all M.hurriya-CDN
match access-group name M.hurriya-CDN
class-map match-all SuperSell
match access-group name SuperSell
!
!
policy-map M.Hurriya
class M.hurriya-GGC-CNC
police rate 20000000
conform-action transmit
exceed-action drop
class M.hurriya-GGC-IQ
police rate 20000000
conform-action transmit
exceed-action drop
class M.hurriya-FNA
police rate 20000000
conform-action transmit
exceed-action drop
class M.hurriya-CDN
police rate 20000000
conform-action transmit
exceed-action drop
class M.hurriya-Internet
police rate 20000000
conform-action transmit
exceed-action drop
policy-map IQ-IN
class AKAMAI
police rate 20000000000
conform-action transmit
exceed-action drop
class FNA
police rate 20000000000
conform-action transmit
exceed-action drop
class GGC
police rate 30000000000
conform-action transmit
exceed-action drop
class FACEBOOK
police rate 20000000000
conform-action transmit
exceed-action drop
class ISTAR
police rate 20000000
conform-action transmit
exceed-action drop
class PURE-NODE
police rate 250000000
conform-action transmit
exceed-action drop
class SuperSell
police rate 20000000
conform-action transmit
exceed-action drop
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
ip nat outside
!
interface Port-channel1
description IQ
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 231,737,738,890
switchport mode trunk
mls qos vlan-based
spanning-tree portfast edge
!
interface TenGigabitEthernet1/1
no ip address
!
interface TenGigabitEthernet1/2
description Band-Router
ip address 192.168.251.1 255.255.255.0
ip policy route-map CACHE
spanning-tree portfast edge
!
interface TenGigabitEthernet1/3
description Hassan
switchport
switchport access vlan 890
switchport mode access
!
interface TenGigabitEthernet1/4
no ip address
!
interface TenGigabitEthernet2/1
switchport
switchport access vlan 999
switchport mode access
mls qos vlan-based
spanning-tree portfast edge
!
interface TenGigabitEthernet2/2
switchport
switchport access vlan 999
switchport mode access
mls qos vlan-based
spanning-tree portfast edge
!
interface TenGigabitEthernet2/3
switchport
switchport access vlan 999
switchport mode access
mls qos vlan-based
spanning-tree portfast edge
!
interface TenGigabitEthernet2/4
no ip address
spanning-tree portfast edge
!
interface TenGigabitEthernet2/5
description iSTAR
switchport
switchport access vlan 998
switchport mode access
!
interface TenGigabitEthernet2/6
no ip address
spanning-tree portfast edge
!
interface TenGigabitEthernet2/7
description Hassan-Router
ip address 185.128.37.89 255.255.255.252 secondary
ip address 185.128.38.137 255.255.255.252
no ip redirects
!
interface TenGigabitEthernet2/8
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet3/1
description Qudama-Router
ip address 192.168.250.1 255.255.255.0
ip policy route-map CACHE
speed nonegotiate
!
interface GigabitEthernet3/2
switchport
switchport access vlan 1000
switchport mode access
speed nonegotiate
!
interface GigabitEthernet3/3
switchport
switchport access vlan 1000
switchport mode access
speed nonegotiate
!
interface GigabitEthernet3/4
switchport
switchport access vlan 1000
switchport mode access
speed nonegotiate
!
interface GigabitEthernet3/5
description FB-BANDS
no ip address
!
interface GigabitEthernet3/6
switchport
switchport access vlan 1000
switchport mode access
speed nonegotiate
!
interface GigabitEthernet3/7
description for hassan
ip address 192.168.249.1 255.255.255.0
speed nonegotiate
!
interface GigabitEthernet3/8
no ip address
speed nonegotiate
!
interface GigabitEthernet3/9
no ip address
speed nonegotiate
!
interface GigabitEthernet3/10
switchport
switchport access vlan 1000
switchport mode access
speed nonegotiate
!
interface GigabitEthernet3/11
no ip address
speed nonegotiate
!
interface GigabitEthernet3/12
no ip address
speed nonegotiate
!
interface GigabitEthernet3/13
no ip address
speed nonegotiate
!
interface GigabitEthernet3/14
no ip address
speed nonegotiate
!
interface GigabitEthernet3/15
no ip address
speed nonegotiate
!
interface GigabitEthernet3/16
no ip address
speed nonegotiate
!
interface GigabitEthernet3/17
no ip address
speed nonegotiate
!
interface GigabitEthernet3/18
no ip address
speed nonegotiate
!
interface GigabitEthernet3/19
no ip address
speed nonegotiate
!
interface GigabitEthernet3/20
switchport
switchport mode access
!
interface GigabitEthernet3/21
no ip address
speed nonegotiate
!
interface GigabitEthernet3/22
no ip address
!
interface GigabitEthernet3/23
switchport
switchport access vlan 998
switchport mode access
speed nonegotiate
!
interface GigabitEthernet3/24
switchport
switchport access vlan 738
switchport mode access
speed nonegotiate
!
interface GigabitEthernet5/1
no ip address
!
interface GigabitEthernet5/2
no ip address
!
interface GigabitEthernet5/3
no ip address
!
interface TenGigabitEthernet5/4
description IQ
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 231,737,738,890
switchport mode trunk
mls qos vlan-based
channel-group 1 mode on
!
interface TenGigabitEthernet5/5
description IQ
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 231,737,738,890
switchport mode trunk
mls qos vlan-based
channel-group 1 mode on
!
interface GigabitEthernet7/1
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/2
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/3
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/4
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/5
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/6
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/7
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/8
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/9
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/10
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/11
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/12
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/13
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/14
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/15
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/16
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/17
description iStar-request
no ip address
!
interface GigabitEthernet7/18
no ip address
!
interface GigabitEthernet7/19
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/20
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/21
description test
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/22
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/23
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/24
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/25
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/26
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/27
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/28
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/29
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/30
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/31
no ip address
!
interface GigabitEthernet7/32
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/33
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/34
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/35
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/36
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/37
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/38
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/39
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/40
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/41
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/42
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/43
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/44
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/45
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/46
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/47
description DNS-New
switchport
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet7/48
no ip address
!
interface GigabitEthernet8/1
switchport
switchport access vlan 738
switchport mode access
!
interface GigabitEthernet8/2
no ip address
!
interface GigabitEthernet8/3
switchport
switchport access vlan 738
switchport mode access
!
interface GigabitEthernet8/4
no ip address
!
interface GigabitEthernet8/5
no ip address
!
interface GigabitEthernet8/6
no ip address
!
interface GigabitEthernet8/7
no ip address
!
interface GigabitEthernet8/8
no ip address
!
interface GigabitEthernet8/9
no ip address
!
interface GigabitEthernet8/10
no ip address
!
interface GigabitEthernet8/11
no ip address
!
interface GigabitEthernet8/12
no ip address
!
interface GigabitEthernet8/13
no ip address
!
interface GigabitEthernet8/14
no ip address
!
interface GigabitEthernet8/15
no ip address
!
interface GigabitEthernet8/16
no ip address
!
interface GigabitEthernet8/17
no ip address
!
interface GigabitEthernet8/18
no ip address
!
interface GigabitEthernet8/19
no ip address
!
interface GigabitEthernet8/20
no ip address
!
interface GigabitEthernet8/21
no ip address
!
interface GigabitEthernet8/22
no ip address
!
interface GigabitEthernet8/23
no ip address
!
interface GigabitEthernet8/24
no ip address
!
interface GigabitEthernet8/25
no ip address
!
interface GigabitEthernet8/26
no ip address
!
interface GigabitEthernet8/27
no ip address
!
interface GigabitEthernet8/28
no ip address
!
interface GigabitEthernet8/29
no ip address
!
interface GigabitEthernet8/30
no ip address
!
interface GigabitEthernet8/31
no ip address
!
interface GigabitEthernet8/32
no ip address
!
interface GigabitEthernet8/33
no ip address
!
interface GigabitEthernet8/34
no ip address
!
interface GigabitEthernet8/35
no ip address
!
interface GigabitEthernet8/36
no ip address
!
interface GigabitEthernet8/37
no ip address
!
interface GigabitEthernet8/38
no ip address
!
interface GigabitEthernet8/39
no ip address
!
interface GigabitEthernet8/40
no ip address
!
interface GigabitEthernet8/41
description for hassan
switchport
switchport access vlan 890
switchport mode access
!
interface GigabitEthernet8/42
no ip address
!
interface GigabitEthernet8/43
no ip address
!
interface GigabitEthernet8/44
no ip address
!
interface GigabitEthernet8/45
no ip address
!
interface GigabitEthernet8/46
no ip address
!
interface GigabitEthernet8/47
switchport
switchport trunk encapsulation dot1q
!
interface GigabitEthernet8/48
switchport
switchport trunk encapsulation dot1q
!
interface GigabitEthernet9/1
no ip address
!
interface GigabitEthernet9/2
no ip address
!
interface GigabitEthernet9/3
no ip address
!
interface GigabitEthernet9/4
no ip address
!
interface GigabitEthernet9/5
no ip address
!
interface GigabitEthernet9/6
no ip address
!
interface GigabitEthernet9/7
no ip address
!
interface GigabitEthernet9/8
no ip address
!
interface GigabitEthernet9/9
no ip address
!
interface GigabitEthernet9/10
no ip address
!
interface GigabitEthernet9/11
no ip address
!
interface GigabitEthernet9/12
no ip address
!
interface GigabitEthernet9/13
no ip address
!
interface GigabitEthernet9/14
no ip address
!
interface GigabitEthernet9/15
no ip address
!
interface GigabitEthernet9/16
no ip address
!
interface GigabitEthernet9/17
no ip address
!
interface GigabitEthernet9/18
no ip address
!
interface GigabitEthernet9/19
no ip address
!
interface GigabitEthernet9/20
no ip address
!
interface GigabitEthernet9/21
no ip address
!
interface GigabitEthernet9/22
no ip address
!
interface GigabitEthernet9/23
no ip address
!
interface GigabitEthernet9/24
no ip address
!
interface GigabitEthernet9/25
no ip address
!
interface GigabitEthernet9/26
no ip address
!
interface GigabitEthernet9/27
no ip address
!
interface GigabitEthernet9/28
no ip address
!
interface GigabitEthernet9/29
no ip address
!
interface GigabitEthernet9/30
no ip address
!
interface GigabitEthernet9/31
no ip address
!
interface GigabitEthernet9/32
no ip address
!
interface GigabitEthernet9/33
no ip address
!
interface GigabitEthernet9/34
no ip address
!
interface GigabitEthernet9/35
no ip address
!
interface GigabitEthernet9/36
no ip address
!
interface GigabitEthernet9/37
no ip address
!
interface GigabitEthernet9/38
no ip address
!
interface GigabitEthernet9/39
no ip address
!
interface GigabitEthernet9/40
no ip address
!
interface GigabitEthernet9/41
no ip address
!
interface GigabitEthernet9/42
no ip address
!
interface GigabitEthernet9/43
no ip address
!
interface GigabitEthernet9/44
no ip address
!
interface GigabitEthernet9/45
no ip address
!
interface GigabitEthernet9/46
no ip address
!
interface GigabitEthernet9/47
no ip address
!
interface GigabitEthernet9/48
no ip address
!
interface Vlan1
no ip address
!
interface Vlan231
ip address 10.20.10.46 255.255.255.252
!
interface Vlan444
no ip address
no ip redirects
shutdown
!
interface Vlan737
ip address 10.71.14.138 255.255.255.248
ip policy route-map NET-CACHE
ipv6 address 2A02:B60:3FFE:3:1B85::2/80
ipv6 enable
service-policy input IQ-IN
!
interface Vlan738
description local-plestain
ip address 192.168.76.1 255.255.255.248 secondary
ip address 192.168.212.1 255.255.255.0 secondary
ip address 192.168.71.1 255.255.255.248 secondary
ip address 192.168.77.1 255.255.255.0 secondary
ip address 192.168.70.1 255.255.255.252
no ip redirects
ip policy route-map CACHE
ipv6 enable
!
interface Vlan890
no ip address
!
interface Vlan998
no ip address
shutdown
!
interface Vlan999
description GGC
ip address 185.128.39.1 255.255.255.224
ipv6 address 2A03:9F60:2::1/64
ipv6 enable
!
interface Vlan1000
ip address 192.168.255.1 255.255.255.0 secondary
ip address 62.201.206.49 255.255.255.248 secondary
ip address 192.168.45.2 255.255.255.0 secondary
ip address 185.128.37.33 255.255.255.248 secondary
ip address 192.168.58.1 255.255.255.0 secondary
ip address 192.168.57.1 255.255.255.0 secondary
ip address 192.168.60.1 255.255.255.0 secondary
ip address 185.128.38.1 255.255.255.128 secondary
ip address 192.168.63.2 255.255.255.0 secondary
ip address 185.128.36.1 255.255.255.128
no ip redirects
ip nat inside
ipv6 address 2A03:9F60:0:1::1/64
ipv6 enable
!
interface Vlan2000
no ip address
shutdown

address-family ipv4
network 185.128.36.0 mask 255.255.252.0
network 185.128.36.0 mask 255.255.255.0
network 185.128.37.0 mask 255.255.255.0
network 185.128.38.0 mask 255.255.255.0
network 185.128.39.0 mask 255.255.255.0
neighbor 10.71.14.137 activate
neighbor 10.71.14.137 prefix-list DEF_ONLY in
neighbor 10.71.14.137 prefix-list IQ-OUT out
no neighbor 2A02:B60:3FFE:3:1B85::1 activate
no neighbor 2A03:9F60:2::FFFE activate
neighbor 185.128.37.90 activate
neighbor 185.128.37.90 prefix-list deny-any out
neighbor 185.128.39.30 activate
neighbor 185.128.39.30 prefix-list deny-any in
neighbor 185.128.39.30 prefix-list GGC-OUT out
exit-address-family
!
ip nat inside source list 10 interface Loopback0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 10.2.0.0 255.255.0.0 185.128.36.23
ip route 10.3.0.0 255.255.0.0 192.168.70.2
ip route 10.12.0.0 255.255.0.0 185.128.36.12
ip route 10.13.0.0 255.255.0.0 185.128.36.13
ip route 10.14.0.0 255.255.0.0 185.128.36.3
ip route 10.16.0.0 255.255.0.0 185.128.36.16
ip route 10.17.0.0 255.255.0.0 185.128.36.17
ip route 10.18.0.0 255.255.0.0 185.128.36.18
ip route 10.18.4.0 255.255.255.0 10.19.0.1 name TEMP
ip route 10.18.5.0 255.255.255.0 10.19.0.1 name TEMP
ip route 10.19.0.0 255.255.0.0 185.128.36.19
ip route 10.19.75.0 255.255.255.0 185.128.36.12 name Ahmed-Obaidy
ip route 10.20.0.0 255.255.255.0 192.168.70.2 name jam3a-Backup
ip route 10.21.0.0 255.255.0.0 185.128.36.21
ip route 10.27.0.0 255.255.0.0 185.128.36.4
ip route 10.28.0.0 255.255.0.0 185.128.36.23
ip route 10.30.0.0 255.255.0.0 185.128.36.30
ip route 10.42.0.0 255.255.0.0 185.128.36.15
ip route 10.106.0.0 255.255.0.0 192.168.254.2
ip route 93.191.115.0 255.255.255.0 Null0
ip route 185.128.36.0 255.255.255.0 Null0
ip route 185.128.36.128 255.255.255.128 185.128.36.7
ip route 185.128.36.128 255.255.255.252 10.14.0.1 name VCB
ip route 185.128.36.132 255.255.255.252 10.14.0.1 name VCB-XCC
ip route 185.128.37.0 255.255.255.0 Null0
ip route 185.128.37.8 255.255.255.252 192.168.76.3 name KUT
ip route 185.128.37.16 255.255.255.252 192.168.251.2 name Ameer-Band
ip route 185.128.37.20 255.255.255.252 10.27.1.1 name toyota
ip route 185.128.37.24 255.255.255.248 192.168.251.2 name Ali-Qahira
ip route 185.128.37.40 255.255.255.248 192.168.71.4 name eskan
ip route 185.128.37.48 255.255.255.252 192.168.251.2 name hussain-band
ip route 185.128.37.64 255.255.255.248 192.168.70.2 name Rayad-jam3a
ip route 185.128.37.80 255.255.255.248 192.168.251.2 name Ali-Madena
ip route 185.128.37.104 255.255.255.248 192.168.251.2 name Alaa-Abo-Sakar
ip route 185.128.37.128 255.255.255.248 192.168.254.2 name Akamai-Steps
ip route 185.128.37.136 255.255.255.248 192.168.70.2 name Jam3a-Server
ip route 185.128.37.144 255.255.255.240 192.168.70.2 name Ref3at-Fiber
ip route 185.128.37.168 255.255.255.248 192.168.251.2 name NSR
ip route 185.128.37.228 255.255.255.252 192.168.70.2 name M.Huriyaa-second-range
ip route 185.128.37.240 255.255.255.248 192.168.251.2 name Samer-SMSM
ip route 185.128.38.0 255.255.255.0 Null0
ip route 185.128.38.128 255.255.255.240 192.168.250.2 name Qudama-Band
ip route 185.128.38.144 255.255.255.252 192.168.70.2 name M.huriya-38
ip route 185.128.39.0 255.255.255.0 Null0
ip route 185.128.39.32 255.255.255.224 192.168.251.2 name LoopBack-PS-Band-PS4
ip route 185.128.39.64 255.255.255.192 192.168.70.2 name LoopBack-Jam3a-PS4
ip route 185.128.39.128 255.255.255.128 185.128.36.7 name LoopBack-CNC-PS4
ip route 192.168.75.0 255.255.255.0 192.168.70.2 name rif3at
ip route 192.168.82.0 255.255.255.0 192.168.251.2 name abo-sakar
ip route 192.168.86.0 255.255.255.0 192.168.251.2 name Ali-Zayoona
ip route 192.168.87.0 255.255.255.0 192.168.251.2 name AmeerBand
ip route 192.168.89.0 255.255.255.0 192.168.251.2 name Taji
ip route 192.168.90.0 255.255.255.0 192.168.251.2 name NSR
ip route 192.168.94.0 255.255.255.0 192.168.70.2 name Rayadh-Jam3a
ip route 192.168.252.0 255.255.255.0 185.128.36.11 name Services
!
ip access-list standard SNMP-ACC
permit 185.128.36.25
!
ip access-list extended AKAMAI
permit ip addrgroup Akamai any
ip access-list extended FACEBOOK
permit ip addrgroup FACEBOOK any
ip access-list extended FNA
permit ip addrgroup FNA any
ip access-list extended GGC
permit ip addrgroup GGC-IQ addrgroup GGC-CNC
ip access-list extended ISTAR
permit ip any addrgroup ISTAR
ip access-list extended M.Hurriya
permit ip any addrgroup M.Hurriya
ip access-list extended NET-CACHE
deny ip 62.201.204.0 0.0.0.31 any
deny ip 62.201.216.128 0.0.0.127 any
deny ip 62.201.250.0 0.0.1.255 any
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit tcp any eq www host 185.128.36.2
permit tcp any eq www host 185.128.36.4
permit tcp any eq www host 185.128.36.12
permit tcp any eq www host 185.128.36.13
permit tcp any eq www host 185.128.36.14
permit tcp any eq www host 185.128.36.16
permit tcp any eq www host 185.128.36.17
permit tcp any eq www host 185.128.36.18
permit tcp any eq www host 185.128.36.19
permit tcp any eq www host 185.128.36.30
permit tcp any eq www host 185.128.36.15
permit tcp any eq www host 185.128.36.21
permit tcp any eq www host 185.128.36.23
permit tcp any eq www host 185.128.36.10
permit tcp any eq www 185.128.37.0 0.0.0.255
permit tcp any eq www 185.128.38.0 0.0.0.255
permit tcp any eq www host 185.128.36.100
ip access-list extended PURE-NODE
permit ip addrgroup GOOGLE addrgroup GGC-CNC
ip access-list extended SuperSell
permit ip any addrgroup SuperSell
ip access-list extended USER-CACHE
deny ip any 62.201.215.0 0.0.0.255
deny ip any 62.201.250.0 0.0.1.255
deny ip any host 185.128.36.6
deny ip any host 185.128.36.8
deny ip any 62.201.204.0 0.0.0.31
deny ip any 62.201.216.128 0.0.0.127
deny ip any host 185.128.36.5
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit tcp 185.128.37.0 0.0.0.255 any eq www
permit tcp 185.128.38.0 0.0.0.255 any eq www
!
!
ip prefix-list DEF_ONLY seq 10 permit 0.0.0.0/0
!
ip prefix-list GGC-OUT seq 10 permit 185.128.36.0/24
ip prefix-list GGC-OUT seq 15 permit 185.128.37.0/24
ip prefix-list GGC-OUT seq 25 permit 93.191.115.0/24
!
ip prefix-list IQ-OUT seq 5 permit 185.128.36.0/24
ip prefix-list IQ-OUT seq 10 permit 185.128.37.0/24
ip prefix-list IQ-OUT seq 20 permit 185.128.39.0/24
ip prefix-list IQ-OUT seq 23 permit 185.128.38.0/24
ip prefix-list IQ-OUT seq 25 permit 185.128.36.0/22
!
ip prefix-list deny-any seq 5 deny 0.0.0.0/0 le 32
logging trap notifications
logging source-interface Vlan1000
ipv6 route 2A03:9F60::/32 Null0
!
!
ipv6 prefix-list DEF_ONLY_V6 seq 5 permit ::/0
!
ipv6 prefix-list GGCV6-OUT seq 5 permit 2A03:9F60::/32
!
ipv6 prefix-list IQV6-OUT seq 5 permit 2A03:9F60::/32
!
ipv6 prefix-list denyV6-any seq 5 deny ::/0 le 32
route-map NET-CACHE permit 10
match ip address NET-CACHE
set ip next-hop 185.128.36.6
!
route-map CACHE permit 10
match ip address USER-CACHE
set ip next-hop 185.128.36.6
!
snmp-server community public RO SNMP-ACC
snmp-server ifindex persist
snmp-server location CNC
snmp-server contact Mustafa
snmp-server host 185.128.36.25 version 2c public
snmp ifmib ifindex persist
snmp mib persist cbqos
!
!
control-plane
!
!
dial-peer cor custom
!
!
line con 0
login local
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input all
!
!
monitor session 1 source interface Te1/1
monitor session 1 destination interface Te2/6
mac address-table aging-time 480
diagnostic bootup level minimal
!
end

CNC-GW#

how cisco will know that is fna for tomas ? thanks