Hello cisco community members.

I have a TP- link TD-W9970 modem that is in bridge mode, one 2821 router, Modem lan port & 2821 roter 0/0 port are connected.

modem gateway IP= 192.168.1.1

IP static= 185.120.250.247

router 0.0 IP= 192.168.152.74

router 0.1 IP= 192.168.2.1

pc IP (connected to 0/1 in rouer)= 192.168.2.2

we have one ipsec tunnel that is ok. Router have internet but the pc can`t get acces to the internet.

I`m able to ping router 0/1 port (192.168.2.1) & router 0/0 port (192.168.152.74) & 10.1.1.150 (ipsec tunnel). But I can`t ping the modem gateway (192.168.1.1)

Please help to get access to the internet in pc or switch connected to 0/1 port. I think that I need to a root. thanks for every one that help. 

Fariborzi#show conf

Using 2275 out of 245752 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Fariborzi

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$/.O0$5YpYvp3LWrTrhTcOZYsG//

!

no aaa new-model

!

!

ip cef

!

!

ip domain name FariborziShop.co.ir

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

voice-card 0

 no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username admin secret 5 $1$hQx2$s5HAC4W1uP2cUm9AObDQp/

!

!

!

!

crypto isakmp policy 370

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key #F@r!b0rz!$h0p# address 91.207.139.1

!

!

crypto ipsec transform-set Fariborzi-Shop-TS esp-aes 256 esp-sha-hmac

 mode transport

!

crypto ipsec profile Fariborzi-Shop-PF

 set transform-set Fariborzi-Shop-TS

!

!

!

!

!

interface Tunnel4410

 description connect to post

 ip address 192.168.152.74 255.255.255.252

 ip mtu 1400

 ip nat outside

 ip virtual-reassembly

 ip tcp adjust-mss 1360

 tunnel source 185.120.250.247

 tunnel destination 91.207.139.1

 tunnel protection ipsec profile Fariborzi-Shop-PF

!

interface GigabitEthernet0/0

 description connect-Modem

 ip address 185.120.250.247 255.255.255.254

 duplex auto

 speed auto

 pppoe enable group global

 pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1

 description connect-LAN

 ip address 192.168.2.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface Dialer1

 ip address negotiated

 ip mtu 1492

 ip nat outside

 ip virtual-reassembly

 encapsulation ppp

 dialer pool 1

 ppp authentication chap pap callin

 ppp pap sent-username 4144227319 password 0 44010493

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1 permanent

ip route 10.1.1.150 255.255.255.255 192.168.152.73 name POST

!

!

no ip http server

no ip http secure-server

ip nat inside source list POST-NAT interface Tunnel4410 overload

ip nat inside source list dsl-access interface Dialer1 overload

!

ip access-list extended POST-NAT

 permit ip any host 10.1.1.150

ip access-list extended dsl-access

 permit ip 10.0.0.0 0.0.0.255 any

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

 login local

line aux 0

line vty 0 4

 login

 transport input ssh

line vty 5 15

 login

 transport input ssh

!

scheduler allocate 20000 1000

!

end