конфиг:

version 12.4
!
ip cef
!
!
ip sla monitor 10
type echo protocol ipIcmpEcho CENT.RAL.SITE.IP source-interface FastEthernet0/0
request-data-size 512
verify-data
frequency 10
ip sla monitor schedule 10 life forever start-time now
ip sla monitor 20
type echo protocol ipIcmpEcho CENT.RAL.SITE.IP source-interface FastEthernet0/1
request-data-size 512
verify-data
frequency 10
ip sla monitor schedule 20 life forever start-time now
!
!
voice-card 0
!
!
!
!
!
!
ip ssh version 2
!
track 10 rtr 10
delay down 20 up 30
!
track 20 rtr 20
delay down 20 up 30
!
!
!
!
!
interface Tunnel0
ip address 10.35.4.110 255.255.255.252
tunnel source MY.ISP.1.IP
tunnel destination CENT.RAL.CITE.IP
!
interface Tunnel1
ip address 10.35.4.114 255.255.255.252
tunnel source MY.ISP.2.IP
tunnel destination CENT.RAL.CITE.IP
!
interface FastEthernet0/0
ip address MY.ISP.1.IP 255.255.255.240
ip nat outside
ip virtual-reassembly
ip route-cache flow
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/1
ip address MY.ISP.2.IP 255.255.255.252
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Vlan1
ip address 10.23.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router ospf 1
router-id 10.23.5.1
network 10.0.0.0 0.255.255.255 area 0.0.0.0
!
ip local policy route-map rm_local
ip route 0.0.0.0 0.0.0.0 MY.ISP.1.GW track 10
ip route 0.0.0.0 0.0.0.0 MY.ISP.2.GW track 20
ip route 0.0.0.0 0.0.0.0 MY.ISP.1.GW 200
ip route 0.0.0.0 0.0.0.0 MY.ISP.2.GW 200
!
!
ip nat pool pool_isp1 MY.ISP.1.IP MY.ISP.1.IP prefix-length 28
ip nat pool pool_isp2 MY.ISP.2.IP MY.ISP.2.IP prefix-length 30
!
ip nat inside source route-map rm_nat_isp1 pool pool_isp1 overload
ip nat inside source route-map rm_nat_isp2 pool pool_isp2 overload
!
ip nat inside source static tcp 10.23.7.2 3389 MY.ISP.2.IP 3389 extendable
ip nat inside source static tcp 10.23.6.123 3389 MY.ISP.2.IP 3390 extendable
ip nat inside source static tcp 10.23.7.2 3389 MY.ISP.1.IP 3389 extendable
ip nat inside source static tcp 10.23.6.123 3389 MY.ISP.1.IP 3390 extendable
!
ip access-list extended local_isp12any
deny   ip host MY.ISP.1.IP 10.0.0.0 0.255.255.255
permit ip host MY.ISP.1.IP any
ip access-list extended local_isp22any
deny   ip host MY.ISP.2.IP 10.0.0.0 0.255.255.255
permit ip host MY.ISP.2.IP any
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 2 permit 10.0.0.0 0.255.255.255
!
route-map rm_nat_isp2 permit 10
match ip address 1
match interface FastEthernet0/1
!
route-map rm_nat_isp1 permit 10
match ip address 1
match interface FastEthernet0/0
!
route-map rm_local permit 10
match ip address local_isp12any
match interface FastEthernet0/0
set ip next-hop MY.ISP.1.GW
!
route-map rm_local permit 20
match ip address local_isp22any
match interface FastEthernet0/1
set ip next-hop MY.ISP.2.GW
!