Below is running configuration of this 877 router.
(zz.zz.zz.zz is a public IP address of the router,
xx.xx.xx.xx and yy.yy.yy.yy are public IPs with rights to manage the router).
.............................................................................




!This is the running config of the router: xxx.xxx.com.au
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 877
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Vtk8$4Qkb9c9DISE2RszPEkzdg0
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local 
aaa authorization network default local 
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 10
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 2:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name xxx.com.au
ip name-server 192.0.0.3
ip name-server 192.0.0.1
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 cisco-net-mgmt
ip inspect name DEFAULT100 pptp
ip inspect name DEFAULT100 ident
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
appfw policy-name SDM_HIGH
  application im aol
    service default action reset alarm
    service text-chat action reset alarm
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action reset alarm
    service text-chat action reset alarm
    server deny name messenger.hotmail.com
    server deny name gateway.messenger.hotmail.com
    server deny name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action reset alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action reset alarm
  application im yahoo
    service default action reset alarm
    service text-chat action reset alarm
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
    audit-trail on
!
!
crypto pki trustpoint TP-self-signed-1111492178
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1111492178
 revocation-check none
 rsakeypair TP-self-signed-1111492178
!
!
crypto pki certificate chain TP-self-signed-1111492178
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31313131 34393231 3738301E 170D3032 30333031 30303036 
  35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31313134 
  39323137 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100BCB4 8A5CAD3E 34CAC210 742765E4 EC9EE9E1 65B9B736 FBFFB497 9589984F 
  7FEBFD25 41572269 FE9C15C6 FAB45BFB 5D2E3067 B61D8859 BD770775 4F34ED81 
  E56C06C7 D983C840 9DA83DD6 802C92B7 186321FB 9FAF33F3 3FEE68CC 72FF8942 
  1EF50D53 6D99A4DE F7B2CBB1 ED53649E 246399EA 7585EE73 5DAFA88B D54A88E3 
  167F0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 
  551D1104 13301182 0F383737 2E63686D 632E636F 6D2E6175 301F0603 551D2304 
  18301680 14577E52 DA1ECDC3 9C2F00A5 380DD133 37E6BB0C B2301D06 03551D0E 
  04160414 577E52DA 1ECDC39C 2F00A538 0DD13337 E6BB0CB2 300D0609 2A864886 
  F70D0101 04050003 81810060 0B448BC5 6A915D99 22007453 FC7BFBF1 F76250A1 
  FAA963DA 50E5B095 7BB5C039 AE6B29AA 773BE6F2 04A9D712 69A81A2A F809FDB4 
  CC492478 C28AA84D 6347FBA7 19B7712F C3A73DC0 9A265C03 E57EE2A4 17A65B70 
  657D3C72 E2274D54 615FD6B5 F21074C4 1C9771C2 91A4E2F3 FB1C4E8C E02E1CF0 
  C3E8710B 05F0AC42 33787F
  quit
username root privilege 15 secret 5 $1$vGy.$Fr1JfHvQoYQaQ/DrGCMuN1
username micropol secret 5 $1$HApa$tUgj.YXoWwTI9r4nmqQDR1
!
!
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_HIGH
 class sdm_p2p_edonkey
   drop
 class sdm_p2p_gnutella
   drop
 class sdm_p2p_kazaa
   drop
 class sdm_p2p_bittorrent
   drop
!
! 
!
!
!
!
interface Loopback0
 ip address 172.22.22.254 255.255.255.0
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.2 point-to-point
 no snmp trap link-status
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 
 ip unnumbered Loopback0
 ip access-group 103 in
 peer default ip address pool pptp
 ppp encrypt mppe auto passive
 ppp authentication pap ms-chap ms-chap-v2
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.0.0.5 255.255.255.0
 ip access-group 105 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Dialer1
 description $FW_OUTSIDE$
 ip address zz.zz.zz.zz 255.255.255.252
 ip access-group 106 in
 ip nat outside
 ip inspect SDM_HIGH out
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname xxxxx
 ppp chap password 7 1122334455AA112233
 service-policy input sdmappfwp2p_SDM_HIGH
 service-policy output sdmappfwp2p_SDM_HIGH
!
ip local pool pptp 172.22.22.1 172.22.22.253
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.0.0.0 255.255.255.0 Vlan1
!
!
no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.0.0.3 25 interface Dialer1 25
!
ip access-list extended sdm_vlan1_in
 remark auto generated by SDM firewall configuration
 remark SDM_ACL Category=1
 permit ip any any
 deny   ip host 255.255.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.0.0.0 0.0.0.255
access-list 2 remark AAAAAAA
access-list 2 permit xx.xx.xx.xx
access-list 2 permit yy.yy.yy.yy
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.0.0.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 192.0.0.0 0.0.0.255 host 192.0.0.5 eq 22
access-list 100 permit tcp 192.0.0.0 0.0.0.255 host 192.0.0.5 eq 443
access-list 100 permit tcp 192.0.0.0 0.0.0.255 host 192.0.0.5 eq cmd
access-list 100 deny   tcp any host 192.0.0.5 eq 22
access-list 100 deny   tcp any host 192.0.0.5 eq www
access-list 100 deny   tcp any host 192.0.0.5 eq telnet
access-list 100 deny   tcp any host 192.0.0.5 eq cmd
access-list 100 deny   udp any host 192.0.0.5 eq snmp
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 443
access-list 101 deny   ip 192.0.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.0.0.0 0.0.0.255 any
access-list 102 permit ip host xx.xx.xx.xx any
access-list 102 remark AAAAAAA
access-list 102 permit ip host yy.yy.yy.yy any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit tcp any any eq 1723
access-list 104 permit gre any any
access-list 104 permit tcp any any eq smtp
access-list 104 permit tcp any any eq 443
access-list 104 permit tcp host xx.xx.xx.xx any eq telnet
access-list 104 permit tcp host xx.xx.xx.xx any eq 22
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 192.0.0.0 0.0.0.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any log
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 permit ip any any
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 permit tcp host xx.xx.xx.xx host zz.zz.zz.zz eq telnet
access-list 106 permit tcp any host zz.zz.zz.zz eq smtp
access-list 106 permit icmp any any echo
access-list 106 permit icmp any host zz.zz.zz.zz echo-reply
access-list 106 permit icmp any host zz.zz.zz.zz time-exceeded
access-list 106 permit icmp any host zz.zz.zz.zz unreachable
access-list 106 permit tcp any host zz.zz.zz.zz eq 443
access-list 106 permit tcp any host zz.zz.zz.zz eq 22
access-list 106 permit tcp any host zz.zz.zz.zz eq cmd
access-list 106 permit tcp any any eq 1723
access-list 106 permit gre any any
access-list 106 deny   ip 192.0.0.0 0.0.0.255 any
access-list 106 deny   ip 10.0.0.0 0.255.255.255 any
access-list 106 deny   ip 172.16.0.0 0.15.255.255 any
access-list 106 deny   ip 192.168.0.0 0.0.255.255 any
access-list 106 deny   ip 127.0.0.0 0.255.255.255 any
access-list 106 deny   ip host 255.255.255.255 any
access-list 106 deny   ip host 0.0.0.0 any
access-list 106 deny   ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 access-class 102 in
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end