Hello, I/m having problems getting an access-list to work.With the access-group 104 in i lose my internet connectivity.

Here's the config. If i remove the access-group 104 in from the gigabitinterface0/0 all works but I want to have the settings on this interface.

What am I missing ?

version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 15000
no logging console
!
no aaa new-model
!
clock timezone CET 1 0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 172.17.1.1 172.17.1.30
ip dhcp excluded-address 172.17.1.240 172.17.1.254
ip dhcp excluded-address 172.17.3.1 172.17.3.30
ip dhcp excluded-address 172.17.3.240 172.17.3.254
!
ip dhcp pool VLAN1
network 172.17.1.0 255.255.255.0
domain-name r1.local
default-router 172.17.1.254
dns-server 212.54.40.25 212.54.35.25
lease 0 1
!
ip dhcp pool VLAN100
network 172.17.3.0 255.255.255.0
domain-name r1_Guest
default-router 172.17.3.254
dns-server 212.54.40.25 212.54.35.25
lease 0 1
!
!
ip domain name r1.lan
ip name-server 212.54.40.25
ip name-server 212.54.35.25
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!

!
!
object-group network temp

description dummy addresses
1.1.1.1 255.255.255.0

2.2.2.2 255.255.255.0
!
object-group network vlan1-lan
172.17.1.0 255.255.255.0
!
object-group network vlan100-guest
172.17.3.0 255.255.255.0
!
object-group network ziggo-dns
host 212.54.40.25
host 212.54.35.25
!

!
redundancy
!
!
!
!
ip ssh version 2
!

!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip access-group 104 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description r1.local lan
ip address 172.17.1.254 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description Vlan100 r1_Guest
encapsulation dot1Q 100
ip address 172.17.3.254 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 172.17.2.0 255.255.255.0 172.17.1.253
!
access-list 23 permit 172.17.1.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip any object-group vlan100-guest
access-list 102 permit ip any any log

access-list 103 deny ip any object-group vlan1-lan
access-list 103 permit ip any any

access-list 104 permit tcp any any eq 22
access-list 104 permit udp any any eq snmp

access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp object-group temp any echo
access-list 104 permit icmp 172.17.1.0 0.0.0.255 any

access-list 104 deny ip any any log
!
no cdp run
!
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
login local
no activation-character
no exec
transport preferred none
transport input ssh
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
login local
transport input ssh
!
scheduler allocate 20000 1000
end