нужна помощь в настройке кошки 1841 с двумя провайдерами
суть такова на ISP1 нужно пустить основной офис 192.168.1.0/24 в нет
а на ISP2 пускать РДП/фтп подключения с удаленных офисов

конфиг делался с помощю сдм такчто не пинайте сильно....

Building configuration...

Current configuration : 5522 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname incomingrouter
!
boot-start-marker
boot system flash c1841-advipservicesk9-mz.124-12.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 20000 warnings
enable secret 5 ууууууууууууууууу
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone Riga 2
clock summer-time Riga date Mar 30 2003 3:00 Oct 26 2003 4:00
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
ip flow-cache timeout active 1
no ip bootp server
ip domain name лллллл
ip name-server 212.109.32.5
ip name-server 213.227.192.130
ip name-server 195.248.191.72
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name WWW http
ip ips notify SDEE
ip ips name sdm_ips_rule
ip urlfilter exclusive-domain deny sex.com
ip sdee messages 500
ip sdee alerts 500
!
!
crypto pki trustpoint tti
revocation-check crl
rsakeypair tti
!
!
username admin privilege 15 secret 5 $1$EuPA$wPNjrfbuNd3iGfJDacV.l0
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description $FW_OUTSIDE$$ETH-WAN$
ip address х.х.х.74 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip nat enable
ip ips sdm_ips_rule in
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description ISP2$ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip ips sdm_ips_rule in
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no mop enabled
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
switchport access vlan 2
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.50.254 255.255.255.0 secondary
ip address 192.168.1.254 255.255.255.0
ip access-group sdm_vlan1_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip nat enable
ip ips sdm_ips_rule out
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Vlan2
description VLAN for MailServer$FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip nat enable
ip ips sdm_ips_rule out
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer2
description $FW_OUTSIDE$
ip address у.у.у.у 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username adsl password 7 10435B4E57474253
!
ip route 0.0.0.0 0.0.0.0 х.х.х.73

!
ip dns server
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 192.168.1.99 9996
ip flow-top-talkers
top 40
sort-by bytes
cache-timeout 50
!
ip http server
ip http access-class 2
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.240 3389 interface FastEthernet0/1 40002
ip nat inside source static tcp 192.168.2.2 22 interface FastEthernet0/0 22
ip nat inside source static tcp 192.168.1.239 25 interface FastEthernet0/0 25
!
ip access-list extended sdm_vlan1_in
remark SDM_ACL Category=1
deny   tcp 192.0.0.0 0.255.255.255 eq smtp any log
permit tcp host 192.168.1.239 eq smtp any
permit ip any any
!
logging trap warnings
logging 192.168.1.99
access-list 1 permit 192.168.2.2
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
banner login ^CCCC Restricted Area Access is not permitted ^C
!
line con 0
transport output telnet
speed 115200
line aux 0
transport output telnet
line vty 0 4
access-class 23 in
transport input telnet ssh
line vty 5 15
access-class 23 in
transport input telnet ssh
!
scheduler allocate 20000 1000
end