Google Router Config : ======================== interface Loopback0 ip address 8.8.8.8 255.255.255.255 ! interface Ethernet0/0 ip address 192.168.200.1 255.255.255.252 duplex auto ! interface Ethernet0/1 ip address 192.168.100.1 255.255.255.252 duplex auto ! no ip http server no ip http secure-server ip route 10.10.10.0 255.255.255.0 192.168.100.2 ip route 10.10.20.0 255.255.255.0 192.168.200.2 ! ISP1 =============== interface Ethernet0/0 ip address 10.10.10.1 255.255.255.0 duplex auto ! interface Ethernet0/1 ip address 192.168.100.2 255.255.255.252 duplex auto ! ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 192.168.100.1 ISP2 ============== interface Ethernet0/0 ip address 192.168.200.2 255.255.255.252 duplex auto ! interface Ethernet0/1 ip address 10.10.20.1 255.255.255.0 duplex auto ! ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 192.168.200.1 ! FW =============== FW# show run : Saved : : Serial Number: JMX1203L0NN : Hardware: ASA5520, 2048 MB RAM, CPU Pentium II 1000 MHz : ASA Version 9.1(5)16 ! hostname FW enable password 8Ry2YjIyt7RRXU24 encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain names ! interface Ethernet0 nameif ISP1 security-level 0 ip address 10.10.10.2 255.255.255.0 ! interface Ethernet1 nameif ISP2 security-level 0 ip address 10.10.20.2 255.255.255.0 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! interface Ethernet3 nameif LAN security-level 100 ip address 192.168.13.1 255.255.255.0 ! ftp mode passive object network LAN_Network subnet 192.168.13.0 255.255.255.0 object network LAN_Network1 subnet 192.168.13.0 255.255.255.0 access-list LAN_access_in extended permit ip any any access-list ISP1_access_in extended permit ip any any access-list ISP2_access_in extended permit ip any any pager lines 24 logging enable logging timestamp logging buffered debugging mtu ISP1 1500 mtu ISP2 1500 mtu LAN 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network LAN_Network nat (LAN,ISP1) dynamic interface object network LAN_Network1 nat (LAN,ISP2) dynamic interface access-group LAN_access_in in interface LAN route ISP1 0.0.0.0 0.0.0.0 10.10.10.1 1 track 1 route ISP2 0.0.0.0 0.0.0.0 10.10.20.1 253 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart sla monitor 1 type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1 frequency 5 sla monitor schedule 1 life forever start-time now crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy ! track 1 rtr 1 reachability telnet timeout 5 ssh stricthostkeycheck ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn anyconnect-essentials ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp ! service-policy global_policy global prompt hostname context call-home reporting anonymous prompt 2 call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily crashinfo save disable Cryptochecksum:1d1879b954b058f17fc5a0037d197c42 : end