object network www.whatsmyip.org host 204.11.35.98 object-group network OBJ-SHN network-object 192.168.0.0 255.255.0.0 object-group network OBJ-HKN network-object 192.167.0.0 255.255.0.0 network-object object www.whatsmyip.org access-list INSIDE extended permit ip any any access-list outside-hong-kong extended permit ip object-group OBJ-SHN object-group OBJ-HKN inactive access-list HK extended permit ip host 115.42.250.7 any4 access-list HK extended permit ip any4 host 115.42.250.7 access-list outside-in extended permit ip any any access-list outside-isp2_cryptomap extended permit ip object-group OBJ-SHN object-group OBJ-HKN nat (inside,outside-isp2) source static OBJ-SHN OBJ-SHN destination static OBJ-HKN OBJ-HKN no-proxy-arp ! route outside-isp2 0.0.0.0 0.0.0.0 118.189.59.68 10 route inside 192.168.0.0 255.255.0.0 192.168.20.249 1 route inside 192.168.5.0 255.255.255.0 192.168.20.249 1 route inside 192.168.60.0 255.255.255.0 192.168.20.249 1 route inside 192.168.65.0 255.255.255.0 192.168.20.249 1 route outside-isp2 192.168.202.0 255.255.255.0 118.189.59.68 10 crypto map OUTSIDE-ISP1-CMAP 10 match address outside-hk crypto map OUTSIDE-ISP1-CMAP 10 set peer 115.42.250.7 crypto map OUTSIDE-ISP1-CMAP 10 set ikev1 transform-set aes-sha-hmac crypto map OUTSIDE-ISP1-CMAP 10 set reverse-route crypto map OUTSIDE-ISP2-CMAP 10 match address outside-hk crypto map OUTSIDE-ISP2-CMAP 10 set peer 115.42.250.7 crypto map OUTSIDE-ISP2-CMAP 10 set ikev1 transform-set aes-sha-hmac crypto map OUTSIDE-ISP2-CMAP 10 set reverse-route crypto map outside-isp2_map 1 match address outside-isp2_cryptomap crypto map outside-isp2_map 1 set peer 115.42.250.7 crypto map outside-isp2_map 1 set ikev1 transform-set aes-sha-hmac crypto map outside-isp2_map 1 set reverse-route crypto map outside-isp2_map interface outside-isp2 crypto ca trustpool policy crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev1 enable outside-isp2 crypto ikev1 enable outside-isp3 crypto ikev1 policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 86400 tunnel-group 115.42.250.7 type ipsec-l2l tunnel-group 115.42.250.7 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** !