TO All,

     I could not ping 8.8.8.8 and access internet after creating the VPN. Below is my setup and router configuration:

                                                                 Internet

                                                                      !

                                                                      !

                                                          Service Provider router   

                                                             58.185.149.140

                                                                      !

                                                                      !

                                                             58.185.149.141

                                                              Office router

                                                                 10.0.0.2

                                                                     !

                                                            Office Network

                                                                      !

                                                                      !

                                                                Cisco 1941

                                                                      !

                                                                    PCs

! Last configuration change at 17:27:04 PCTime Tue Apr 9 2013 by cisco
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Pioneer
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 4
logging buffered 51200 warnings
logging console critical
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_xauth_m1_q local
aaa authorization exec default local
aaa authorization network vpn_group_m1_1 local
!

!
aaa session-id common
!
clock timezone PCTime 8 0
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp excluded-address 11.11.11.1 11.11.11.10
!
ip dhcp pool mydhcppool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 165.21.83.88 165.21.100.88
!
!
no ip bootp server
ip domain name yourdomain
ip name-server 165.21.83.88
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-625968446
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-625968446
revocation-check none
rsakeypair TP-self-signed-625968446
!
!
crypto pki certificate chain TP-self-signed-625968446
certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  69666963 6174652D 36323539 36383434 36301E17 0D313231 31323830 36313231
  385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3632 35393638
  34343630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

license udi pid CISCO1941/K9 sn FHK144672KZ
!
!
username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
username puri password 7 11190C171E
!
redundancy
!

!
ip tcp synwait-time 10
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group vpnclients
key xxxxx
pool ippool
acl 100
max-users 14
browser-proxy pioneerbrowser
!
crypto isakmp client configuration browser-proxy pioneerbrowsers
crypto isakmp profile vpn-ike-profile-1
   match identity group vpnclients

   client authentication list vpn_xauth_m1_q
   isakmp authorization list vpn_group_m1_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile VPN_Profile1
set security-association idle-time 86400
set transform-set ESP-3DES-SHA
set isakmp-profile vpn-ike-profile-1
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address dhcp
no ip redirects
no ip unreachables
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
switchport access vlan 300
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
interface GigabitEthernet0/1/3
no ip address
!
interface Virtual-Template1 type tunnel
ip unnumbered GigabitEthernet0/1
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN_Profile1
!
interface Vlan1
no ip address
!
interface Vlan300
ip address 20.20.20.1 255.255.255.0
!
ip local pool ippool 192.168.1.1 192.168.1.20
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list INTERNET-ACCESS interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
ip access-list extended INTERNET-ACCESS
deny   ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
permit ip 20.20.20.0 0.0.0.255 any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
!
no cdp run
!

     From the router 1941, i could ping up to 58.185.149.141 but not up to 58.185.149.140. Since i cannot ping 58.185.149.140, i suppose i cannot ping 8.8.8.8. I am sure 58.185.185.140 is there as i use another PC which is connected directed to the office network instead of through the router 1941, it could ping 58.185.149.140.

     For your info, the g0/1/0 is connected to the PC while g0/1 is connected to the office network.

    So anyone out there could kindly help me?

    Hope to hear from anyone of you soon.

Regards,

Raymond