Thanks very much to both of you for your help. I change the NAT a little as well and all is good now. One thing that im still trying to figure out is  when I have a running ping to say 8.8.8.8, from a client PC, and I force failover to the backup line, the ping to 8.8.8.8 fails until the primary in reinstated despite the fact that I have WAN access?? I guess it is a NAT issue? could I solve this by clearing the NAT table when the failover occurs?

Anyway here is my falover config that runs great, and thx again for your help.

enable secret 5 $1$jYzP$JHBn4sdfsdfwdqwdq.vZrUn/

!

no aaa new-model

ip cef

!

!

no ip dhcp use vrf connected

no ip dhcp conflict logging

ip dhcp excluded-address

!

ip dhcp pool Icon

   network 192.168.1.0 255.255.255.0

   domain-name iconx

   default-router 192.168.1.x

   dns-server 192.168.1.x 192.168.1.x 192.168.1.x

   lease 1 2 1

!

ip dhcp pool 360

   host 192.168.1.x 255.255.255.0

   client-identifier 01xx.125a.4xc2.xx

   client-name G360

!

!

ip domain name iconxxx.ccc

ip name-server 192.168.1.x

ip name-server 192.168.1.x

ip ssh port 2001 rotary 1 10

ip ssh version 2

ip sla monitor 10

type echo protocol ipIcmpEcho 4.2.2.2

timeout 100

frequency 1

ip sla monitor schedule 10 life forever start-time now

!

!

crypto pki trustpoint TP-self-signed-341xxxxxxx

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-341xxxxxx

revocation-check none

rsakeypair TP-self-signed-34xxxxxx

!

!

crypto pki certificate chain TP-self-signed-34xxxxxx

certificate self-signed 01

  3082024B 308201B4 Axxxxx 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33343134 36313633 3334301E 170D3130 30353034 30383335

  35375A17 0D323030 31303130 30xxxxx0 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34313436

  31363333 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100DAE8 218F8AD9 524DDB66 D0163CB4 0143F447 E6ABE46E EA7CEA98 FE130D67

  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  77A3A0AD 9BAA3253 4E308B57 98E2415D 4E69872E 9DCA14C7 4DF9F9A1 45FB4E91

  7CE0D01A 119422D9 CC665B14 05892A

  quit

username gkonheiser privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx

!

!

track 10 rtr 10 reachability

!

!

!

!

interface FastEthernet0/0

description swisscom WAN

ip address xxx.xxx.xxx.26 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Cablecom WAN

ip address yyy.yyy.yyy.38 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet0/0/0

duplex full

speed 100

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

description LAN

ip address 192.168.1.xxx 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.25 track 10

ip route 0.0.0.0 0.0.0.0 yyy.yyy.yyy.37 20

ip route 4.2.2.2 255.255.255.255 xxx.xxx.xxx.25

!

!

ip http server

ip http authentication local

ip http secure-server

ip http secure-port 4443

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map nat1 interface FastEthernet0/0 overload

ip nat inside source route-map nat2 interface FastEthernet0/1 overload

i

!

access-list 150 permit ip 192.168.1.0 0.0.0.255 any

snmp-server enable traps tty

!

route-map nat2 permit 10

match ip address 150

match interface FastEthernet0/1

!

route-map nat1 permit 10

match ip address 150

match interface FastEthernet0/0

!

route-map isp2 permit 10

match interface FastEthernet0/1

!

route-map isp1 permit 10

match interface FastEthernet0/0

!

!

!

!

control-plane

!

!

!

line con 0

password 7 0xxxxxxxxxxxxxxxxxxxx

line aux 0

line vty 0 4

session-timeout 180

exec-timeout 180 0

password 7 06xxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input telnet

line vty 5

session-timeout 180

exec-timeout 180 0

password 7 0xxxxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input ssh

line vty 6 15

session-timeout 180

exec-timeout 180 0

password 7 0xxxxxxxxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input ssh

line vty 16 807

session-timeout 180

exec-timeout 180 0

password 7 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input ssh

!

scheduler allocate 20000 1000

ntp clock-period 17178748

ntp update-calendar

ntp server 195.216.64.208 prefer

end

Dosent makes sense to add specific route for thetarget ip address

What is the difference between

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.25 track 10

and

ip route 4.2.2.2 255.255.255.255 xxx.xxx.xxx.25

Also

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1

!--- Enter this command in order to track a static route.
!--- This is the static route to be installed in the routing 
!--- table while the tracked object is reachable.  The value after
!--- the keyword "track" is a tracking ID you specify. 

route backup 0.0.0.0 0.0.0.0 10.250.250.1 254

!--- Define the backup route to use when the tracked object is unavailable. 
!--- The administrative distance of the backup route must be greater than 
!--- the administrative distance of the tracked route.
!--- If the primary gateway is unreachable, that route is removed
!--- and the backup route is installed in the routing table
!--- instead of the tracked route.