I tried this CBAC config now I cant get out of my network. I can ping the next hop ( vz router gateway) can not ping anything on the internet can ping any device on my LAN. What did I do wrong?

Router#show running-config
Building configuration...

Current configuration : 1365 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$Aecb$dCY9fp.Tc9BmRfCN16w720
enable password Cisco101
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall ftp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2821 sn FTX1323A06Y
!
redundancy
!
!
interface GigabitEthernet0/0
 description W A N
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1
 description L A N
 ip address 10.10.10.1 255.255.255.0
 ip access-group 103 in
 ip nat inside
 ip inspect firewall in
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0/0
 no ip address
 shutdown
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
logging esm config
access-list 103 permit icmp any any
access-list 103 deny   ip any any
!
!
control-plane
!
!
mgcp profile default
!
!
line con 0
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
end

Router#

1. Your ACL 103 controls what you are allowed to send out. This is only ICMP but no DNS, no web-traffic and so on. That's probably not what you want.
2. Not the problem at the moment: You don't have any deny-ACL on the outside interface in the inbound direction. That makes the firewall quite useless as all traffic is allowed anyway.
3. With the above ACL in place, you should also add the inspection of ICMP.

I am starting to understand the logic a little Karsten

I used your example. here is my running config

Router#show running-config
Building configuration...

Current configuration : 1472 bytes
!
! Last configuration change at 02:26:13 UTC Thu Sep 29 2016
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$Aecb$dCY9fp.Tc9BmRfCN16w720
enable password Cisco101
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall icmp router-traffic
ip inspect name firewall ftp
no ipv6 cef
!
multilink bundle-name authenticated

!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2821 sn FTX1323A06Y
!
redundancy
!
!
interface GigabitEthernet0/0
 description W A N
 ip address 192.168.1.45 255.255.255.0
 ip access-group OUTSIDE-IN in
 ip inspect firewall out
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1
 description L A N
  ip address 10.10.10.1 255.255.255.0
 ip access-group 103 in
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0/0
 no ip address
 shutdown
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
ip access-list extended OUTSIDE-IN
 deny   ip any any
ip access-list extended OUTSIDE-In
!
logging esm config
!
!
control-plane
!
!
mgcp profile default
!
!
!
line con 0
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
end

Router#

I tried the static route you suggested it would not take the /24, also what I tried,  see below::

Router(config)#ip route 10.10.10.0/24 192.168.1.45
                                  ^
% Invalid input detected at '^' marker.

Router(config)#ip route 10.10.10.0 0.0.0.255 192.168.1.45
%Inconsistent address and mask
Router(config)#ip route 10.10.10.0 0.0.0.255 192.168.1.45 255.255.255.0
                                                             ^
% Invalid input detected at '^' marker.

so let me know what's right and what's wrong

You still have an ACL 103 on the inside interface which is not in your config. Remove that or replace it with a working ACL that specifies your security-policy (all allowed traffic to the internet).

There are two routes that you need:

1. Your 2821 needs a default route pointing to the DSL-router:

   ip route 0.0.0.0 0.0.0.0 192.168.1.1

2. The DSL-Router needs to know how to reach your internal network. It's the DSL-device that has to be configured with a route to 10.10.10.0/24 with a next-hop of 192.168.1.45.

You still have an ACL 103 on the inside interface which is not in your config yeah I missed that will correct it .

The DSL-Router needs to know how to reach your internal network. It's the DSL-device that has to be configured with a route to 10.10.10.0/24 with a next-hop of 192.168.1.45.  so I have to configure the DSL router with the next hop of 192.168.1.45..ok got it, that's probably why before when I used a static ip on my gig0/0 interface it did not work. now the statement you made "Do you have control on the DSL-router" makes sense. BTW how do you quote some ones text on this forum? I really like this forum there are more knowledgeable people than any other forum I just can't figure out how to quote, I used the blockquote at the top it seems to quote everything, and searching could not figure out how to search.

Actually  the thread I selected is not the actual "correct" answer it was all combined. I think what was happening was I was going from nat to a firewall and the routing table was getting mixed up I found the best yield was to put the router in factory mode like the day it was delivered. Thank you for your help

The easiest way to configure a firewall on your router is to use CBAC   .    THATS some good reading.