xx-ISP1 wan ip
yy-ISP2 wan ip
xz -ISP1 gw
yz -ISP2 gw
________________________________________________________
track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0
description to local network
ip address 192.168.xxx.xxx 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
!
!
interface GigabitEthernet0/1
description Trunk port to SW
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/1.121
description SubInterface for ISP1 on vlan 121
encapsulation dot1Q 121
ip address 212.xx.xx.xx 255.255.255.252
ip access-group ACL_ISP1_OUT out
ip nat outside
ip virtual-reassembly
no cdp enable
!
interface GigabitEthernet0/1.122
description SubInterface for ISP2 on vlan 122
encapsulation dot1Q 122
ip address 89.yy.yy.yy 255.255.255.252
ip access-group ACL_ISP2_OUT out
ip nat outside
ip virtual-reassembly
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map ISP1 interface GigabitEthernet0/1.121 overload
ip nat inside source route-map ISP2 interface GigabitEthernet0/1.122 overload
ip route 0.0.0.0 0.0.0.0 212.xz.xz.xz track 1
ip route 0.0.0.0 0.0.0.0 89.yz.yz.yz 5
ip route 8.8.8.8 255.255.255.255 212.xz.xz.xz
!
!
ip access-list standard LAN
permit 192.xxx.xxx.0 0.0.0.255
!
ip access-list extended ACL_ISP1_OUT
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 212.xx.xx.xx any
deny ip any any
ip access-list extended ACL_ISP2_OUT
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 89.yy.yy.yy any
deny ip any any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1.121
timeout 2000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
!
!
!
!
route-map ISP2 permit 10
match ip address LAN
!
route-map ISP1 permit 10
match ip address LAN
