I have a 2811 router that clients are unable to access external websites.  This was previously working and I'm not sure what could have changed.  I'm able to ping all sites such as espn.com, etc. but I cannot get to them through web browser.  Even if I change the DNS server on the LAN to 8.8.8.8, I'm still unable to get external.  My config for the router is below and it is connected to a DSL network.

Current configuration : 10536 bytes
!
! Last configuration change at 14:18:29 UTC Fri Oct 13 2017 by flogie
! NVRAM config last updated at 13:12:18 UTC Wed Sep 6 2017 by flogie
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname APAC_Melbourne_2811
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-24.T8.bin
boot-end-marker
!
security passwords min-length 8
logging message-counter syslog
logging buffered 16384 informational
logging rate-limit all 30
no logging console
enable secret 5 $1$UKhK$k1Zo4pFPSJmokRe.vioor/
!
no aaa new-model
!
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
ip dhcp excluded-address 10.170.0.1 10.170.0.149
ip dhcp excluded-address 10.170.0.250 10.170.0.254
!
ip dhcp pool LOCAL
network 10.170.0.0 255.255.255.0
default-router 10.170.0.1
dns-server 10.170.8.3 10.16.242.59
lease 0 8
!
!
no ip domain lookup
ip domain name lhhinc.local
login on-failure log every 3
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
vtp domain lhhinc.local
vtp mode transparent
username SVC_ORION privilege 15 secret 5 $1$KhMJ$pYttKNivP4EE3isunVUNW.
username flogie privilege 15 secret 5 $1$16yX$8bYpB25dvD93Y7deJP/uJ.
username ykarim privilege 15 secret 5 $1$tmBz$AwpR2KfsVicwspKo/tAMy.
archive
log config
hidekeys
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key &G01n6VpNH3r3#@ address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto isakmp aggressive-mode disable
!
!
crypto ipsec transform-set DBMVPN3DES esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DBMVPN
set transform-set DBMVPN3DES
!
!
!
!
ip tcp synwait-time 10
ip tftp source-interface FastEthernet0/1
ip ssh time-out 60
ip ssh logging events
ip ssh version 2
ip ssh dh min size 2048
!
!
!
!
interface Tunnel0
bandwidth 1100
ip address 192.168.22.153 255.255.255.0
no ip redirects
ip mtu 1600
ip hello-interval eigrp 1 10
ip hold-time eigrp 1 30
ip nhrp authentication Here2DBM
ip nhrp map multicast dynamic
ip nhrp map 192.168.22.1 209.208.34.220
ip nhrp map multicast 209.208.34.220
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 192.168.22.1
ip tcp adjust-mss 1360
delay 900
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile DBMVPN shared
!
interface Tunnel1
bandwidth 1000
ip address 192.168.23.153 255.255.255.0
no ip redirects
ip mtu 1600
ip hello-interval eigrp 1 10
ip hold-time eigrp 1 30
ip nhrp authentication Here2DBM
ip nhrp map multicast dynamic
ip nhrp map 192.168.23.1 209.208.34.219
ip nhrp map multicast 209.208.34.219
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 192.168.23.1
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 1000
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 2
tunnel protection ipsec profile DBMVPN shared
!
interface FastEthernet0/0
description WAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
description LAN
ip address 10.170.0.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
!
interface Dialer1
mtu 1600
ip address negotiated
ip access-group INTERNET in
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp chap hostname dbm18402650@direct.telstra.net
ppp chap password 7 040A585E5D7215
!
router eigrp 1
passive-interface FastEthernet0/0
network 10.170.0.0 0.0.0.255
network 192.168.22.0
network 192.168.23.0
no auto-summary
eigrp stub connected summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer1 overload
!
ip access-list standard NAT
permit 10.170.0.0 0.0.0.255
!
ip access-list extended INTERNET
remark Return TCP/UDP Traffic
permit tcp any any gt 1023 established
permit udp any any gt 1023
remark DMVPN Traffic
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
remark ICMP LHH_NET_ONLY
permit icmp host 66.192.226.166 any
permit icmp host 66.192.226.167 any
permit icmp host 209.208.35.72 any
permit icmp host 209.208.35.150 any
remark ICMP RETURN
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
remark SSH LHH_NET_ONLY
permit tcp host 66.192.226.166 any eq 22
permit tcp host 66.192.226.167 any eq 22
permit tcp host 209.208.35.72 any eq 22
permit tcp host 209.208.35.150 any eq 22
deny ip any any log
!
logging source-interface Dialer1
logging 10.16.242.129
!
!
!
!
!
snmp-server community LMS RW
snmp-server location APAC
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps adslline
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps license
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bstun
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dial
snmp-server enable traps dlsw
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps stun
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps pw vc
snmp-server enable traps event-manager
snmp-server enable traps firewall serverstatus
snmp-server enable traps rf
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps mpls vpn
snmp-server enable traps voice
snmp-server enable traps dnis
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C Management ID: $(hostname) ^C
banner motd ^C
NOTICE TO USERS
This is a privately owned computer system and is the property
of Lee Hecht Harrison, Inc. Unauthorized or improper use of this system may result
in administrative or disciplinary action and civil and criminal penalties.
By continuing to use this system you indicate your awareness of and consent
to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree
to the conditions stated in this warning. Users (authorized or unauthorized)
have no explicit or implicit expectation of privacy. Any or all uses of this system
and all files on this system may be intercepted, monitored, recorded, copied, audited,
inspected, and disclosed to authorized site and law enforcement personnel, as well as
authorized officials of other agencies, both domestic and foreign. By using this system,
the user consents to such interception, monitoring, recording, copying, auditing,
inspection, and disclosure at the discretion of authorized site personnel.
If there are any questions regarding these terms and conditions of use, please
contact us by using the contact information located http://www.lhh.com/contact-us

^C
!
line con 0
session-timeout 9
exec-timeout 9 0
login local
line aux 0
no exec
transport output none
line vty 0 4
session-timeout 9
exec-timeout 9 0
privilege level 15
login local
transport input ssh
transport output ssh
line vty 5 15
session-timeout 9
exec-timeout 9 0
login local
transport input ssh
transport output ssh
!
no scheduler max-task-time
no scheduler allocate
ntp update-calendar
ntp server 192.168.22.1
ntp server 192.168.23.1
end