Howdy, I have a Cisco 1811 router, I also have 2 internet connections. A T1 and a Cable modem. I have them both configured on the router and they seem to be working OK. However failover is not working, What I would like is for one internet connection to take over if the other one drops out. How could I go about configuring this? I am a cisco newbie so any help would be appreciated. Thanks!
Current configuration : 11759 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BUR-FIREWALL
!
boot-start-marker
boot system flash:c181x-advipservicesk9-mz.124-9.T7.bin
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$/JpT$IjHWfHpgYWAzLe9973Xls1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
ip cef
!
!
ip domain name hes.com
ip name-server 64.105.172.26
ip name-server 64.105.163.106
ip ssh source-interface Vlan1
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM pptp
ip inspect name SDM_MEDIUM l2tp
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
audit-trail on
!
!
crypto pki trustpoint TP-self-signed-1918811904
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1918811904
revocation-check none
rsakeypair TP-self-signed-1918811904
!
!
crypto pki certificate chain TP-self-signed-1918811904
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657
69666963 6174652D 31393138 38313139 3034301E 170D3038 30393230 30323
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39313
31313930 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890
8100C905 6B922B8D 190F89FB 58A81D65 9E5CB3F2 5ED06CFB 7AD615DC 92EAC
754DDBD0 7AFD4646 6C76366B 8A699AB9 F723FFB3 E0517378 75790C6B F18AE
085001F0 AC512F5F 9E39518D 6A095D77 DEAF3996 772575F7 B1E165C9 95796
CFAD09C9 04D790F5 31864F43 02569113 C3431E9E E531396F CFFA2E42 1A3E2
102F0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260
551D1104 1F301D82 1B425552 2D464952 4557414C 4C2E6865 61647761 74657
2E636F6D 301F0603 551D2304 18301680 14FE6508 4A6F58E9 00090130 88123
DEF92653 D8301D06 03551D0E 04160414 FE65084A 6F58E900 09013088 1233B
F92653D8 300D0609 2A864886 F70D0101 04050003 81810063 225F0108 F32D1
1CB2F305 7641B401 9B8126A9 4B7524A8 F138C89C E8C7F4EC 0E85241A AC2FD
6E5CE02D A7FBC5A9 78C5B277 444F86EC B485B93C 114BF6A3 F3580DEE 1F610
8FD417E8 58110AF6 6A155462 28F1A26E 8B756E11 E8AC9E66 B7EBBD5F B35E2
B338EE4C 069B4499 4DADA062 51102908 A6DA12BD 7AF5A8
quit
username admin privilege 15 secret 5 $1$M58E$JPpG9FJ3nLMQtQaVSfZLV1
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-all site2
match access-group 120
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
policy-map VPN-output
class site2
bandwidth 400
police cir 5000000
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
crypto isakmp key burlingameremoteoffice1 address 66.166.76.98
crypto isakmp key burlingameremoteoffice1 address 66.7.251.138
crypto isakmp keepalive 10 3
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
!
crypto map vpncrypto 1 ipsec-isakmp
description Tunnel to66.166.76.98
set peer 66.7.251.138
set transform-set ESP-3DES-SHA
match address 105
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0
description Cable Modem$FW_OUTSIDE$$ETH-LAN$
ip address 173.8.139.169 255.255.255.252
ip access-group 103 in
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
speed 10
half-duplex
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
interface FastEthernet1
description T1 Line$FW_OUTSIDE$$ETH-LAN$
ip address 66.7.227.242 255.255.255.248
ip verify unicast reverse-path
ip nat outside
no ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
crypto map vpncrypto
service-policy output VPN-output
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
duplex half
speed 10
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$$ES_LAN$
ip address 10.51.10.5 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
ip policy route-map BYPASS-VPN
!
interface Async1
no ip address
encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 66.7.227.241
ip route 10.31.10.0 255.255.255.0 66.7.227.241
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.51.10.25 1723 interface FastEthernet1 1723
ip nat inside source static tcp 10.51.10.25 3389 interface FastEthernet1 3389
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet1 overload
!
ip access-list extended acl_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended acl_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended inside_outbount_nat0_acl
remark SDM_ACL Category=2
remark IPSec Rule
deny ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
permit ip 10.51.10.0 0.0.0.255 any
ip access-list extended sau2bg
permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 66.7.227.240 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 64.105.163.106 eq domain host 66.7.227.242
access-list 101 permit udp host 64.105.172.26 eq domain host 66.7.227.242
access-list 101 deny ip 10.51.10.0 0.0.0.255 any
access-list 101 permit icmp any host 66.7.227.242 echo-reply
access-list 101 permit icmp any host 66.7.227.242 time-exceeded
access-list 101 permit icmp any host 66.7.227.242 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 permit ip any any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp host 66.166.76.98 host 173.8.139.170 eq non500-isakmp
access-list 103 permit udp host 66.166.76.98 host 173.8.139.170 eq isakmp
access-list 103 permit esp host 66.166.76.98 host 173.8.139.170
access-list 103 permit ahp host 66.166.76.98 host 173.8.139.170
access-list 103 deny ip 10.51.10.0 0.0.0.255 any
access-list 103 deny ip 66.7.227.240 0.0.0.7 any
access-list 103 permit icmp any host 173.8.139.170 echo-reply
access-list 103 permit icmp any host 173.8.139.170 time-exceeded
access-list 103 permit icmp any host 173.8.139.170 unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 permit ip 10.51.10.0 0.0.0.255 any
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
access-list 111 permit ip any host 10.51.10.25
access-list 111 permit ip any host 66.7.227.242
access-list 111 permit ip host 66.7.227.242 any
access-list 111 permit ip host 10.51.10.25 any
access-list 111 permit ip any any
access-list 120 permit esp any any
access-list 150 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
access-list 190 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
no cdp run
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address inside_outbount_nat0_acl
!
!
!
!
control-plane
!
banner login ^
All connections are logged and monitored.
Unauthorized access strictly forbidden.
^C
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
BUR-FIREWALL#
Current configuration : 11759 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BUR-FIREWALL
!
boot-start-marker
boot system flash:c181x-advipservicesk9-mz.124-9.T7.bin
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$/JpT$IjHWfHpgYWAzLe9973Xls1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
ip cef
!
!
ip domain name hes.com
ip name-server 64.105.172.26
ip name-server 64.105.163.106
ip ssh source-interface Vlan1
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM pptp
ip inspect name SDM_MEDIUM l2tp
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
audit-trail on
!
!
crypto pki trustpoint TP-self-signed-1918811904
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1918811904
revocation-check none
rsakeypair TP-self-signed-1918811904
!
!
crypto pki certificate chain TP-self-signed-1918811904
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657
69666963 6174652D 31393138 38313139 3034301E 170D3038 30393230 30323
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39313
31313930 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890
8100C905 6B922B8D 190F89FB 58A81D65 9E5CB3F2 5ED06CFB 7AD615DC 92EAC
754DDBD0 7AFD4646 6C76366B 8A699AB9 F723FFB3 E0517378 75790C6B F18AE
085001F0 AC512F5F 9E39518D 6A095D77 DEAF3996 772575F7 B1E165C9 95796
CFAD09C9 04D790F5 31864F43 02569113 C3431E9E E531396F CFFA2E42 1A3E2
102F0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260
551D1104 1F301D82 1B425552 2D464952 4557414C 4C2E6865 61647761 74657
2E636F6D 301F0603 551D2304 18301680 14FE6508 4A6F58E9 00090130 88123
DEF92653 D8301D06 03551D0E 04160414 FE65084A 6F58E900 09013088 1233B
F92653D8 300D0609 2A864886 F70D0101 04050003 81810063 225F0108 F32D1
1CB2F305 7641B401 9B8126A9 4B7524A8 F138C89C E8C7F4EC 0E85241A AC2FD
6E5CE02D A7FBC5A9 78C5B277 444F86EC B485B93C 114BF6A3 F3580DEE 1F610
8FD417E8 58110AF6 6A155462 28F1A26E 8B756E11 E8AC9E66 B7EBBD5F B35E2
B338EE4C 069B4499 4DADA062 51102908 A6DA12BD 7AF5A8
quit
username admin privilege 15 secret 5 $1$M58E$JPpG9FJ3nLMQtQaVSfZLV1
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-all site2
match access-group 120
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
policy-map VPN-output
class site2
bandwidth 400
police cir 5000000
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
crypto isakmp key burlingameremoteoffice1 address 66.166.76.98
crypto isakmp key burlingameremoteoffice1 address 66.7.251.138
crypto isakmp keepalive 10 3
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
!
crypto map vpncrypto 1 ipsec-isakmp
description Tunnel to66.166.76.98
set peer 66.7.251.138
set transform-set ESP-3DES-SHA
match address 105
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0
description Cable Modem$FW_OUTSIDE$$ETH-LAN$
ip address 173.8.139.169 255.255.255.252
ip access-group 103 in
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
speed 10
half-duplex
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
interface FastEthernet1
description T1 Line$FW_OUTSIDE$$ETH-LAN$
ip address 66.7.227.242 255.255.255.248
ip verify unicast reverse-path
ip nat outside
no ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
crypto map vpncrypto
service-policy output VPN-output
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
duplex half
speed 10
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$$ES_LAN$
ip address 10.51.10.5 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
ip policy route-map BYPASS-VPN
!
interface Async1
no ip address
encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 66.7.227.241
ip route 10.31.10.0 255.255.255.0 66.7.227.241
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.51.10.25 1723 interface FastEthernet1 1723
ip nat inside source static tcp 10.51.10.25 3389 interface FastEthernet1 3389
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet1 overload
!
ip access-list extended acl_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended acl_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended inside_outbount_nat0_acl
remark SDM_ACL Category=2
remark IPSec Rule
deny ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
permit ip 10.51.10.0 0.0.0.255 any
ip access-list extended sau2bg
permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 66.7.227.240 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 64.105.163.106 eq domain host 66.7.227.242
access-list 101 permit udp host 64.105.172.26 eq domain host 66.7.227.242
access-list 101 deny ip 10.51.10.0 0.0.0.255 any
access-list 101 permit icmp any host 66.7.227.242 echo-reply
access-list 101 permit icmp any host 66.7.227.242 time-exceeded
access-list 101 permit icmp any host 66.7.227.242 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 permit ip any any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp host 66.166.76.98 host 173.8.139.170 eq non500-isakmp
access-list 103 permit udp host 66.166.76.98 host 173.8.139.170 eq isakmp
access-list 103 permit esp host 66.166.76.98 host 173.8.139.170
access-list 103 permit ahp host 66.166.76.98 host 173.8.139.170
access-list 103 deny ip 10.51.10.0 0.0.0.255 any
access-list 103 deny ip 66.7.227.240 0.0.0.7 any
access-list 103 permit icmp any host 173.8.139.170 echo-reply
access-list 103 permit icmp any host 173.8.139.170 time-exceeded
access-list 103 permit icmp any host 173.8.139.170 unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 permit ip 10.51.10.0 0.0.0.255 any
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
access-list 111 permit ip any host 10.51.10.25
access-list 111 permit ip any host 66.7.227.242
access-list 111 permit ip host 66.7.227.242 any
access-list 111 permit ip host 10.51.10.25 any
access-list 111 permit ip any any
access-list 120 permit esp any any
access-list 150 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
access-list 190 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
no cdp run
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address inside_outbount_nat0_acl
!
!
!
!
control-plane
!
banner login ^
All connections are logged and monitored.
Unauthorized access strictly forbidden.
^C
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
BUR-FIREWALL#
...glad you got it working!!!