思科3925/k9，路由器配置pppoe拨号及NAT，求助大神

kilaqin

各位大神，客户那边原来有一个老的思科路由器，不知道谁配的，看配置好像很乱的样子，现在客户那边换了一台新的思科3925路由器上来，一个三个GE口，打算GE1使用PPPOE拨号连接外网，GE2配IP地址，连接外网，然后做个NAT，今天去客户那边实施，发现拨号可以获得公网的地址，但是内网始终无法连上，现在我把两个配置都贴出来，各位大神帮忙看看，我配的哪里有错吗

老的思科路由器配置：本台路由器使用F0/0连接内外，使用F0/1连接到一个拨号猫，E1/0应该是垃圾配置
TYC_ZJF_AR_02#show running-config
Building configuration...

Current configuration : 2336 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TYC_ZJF_AR_02
!
boot-start-marker
boot system flash:c2600-advsecurityk9-mz.124-18.bin
boot-end-marker
!
enable secret 5 $1$PODG$CXM0t95d0SvrB75iZEQO00
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
interface ATM0/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.199.10 255.255.255.0
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
interface Ethernet1/0
ip address 218.1.30.54 255.255.255.252 secondary
ip address 222.66.14.38 255.255.255.252
ip nat outside
ip virtual-reassembly
half-duplex
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username adxxxxxx password 7 154A5C5D517D7B7071
!
ip forward-protocol nd
no ip route 0.0.0.0 0.0.0.0 58.247.127.25
no ip route 0.0.0.0 0.0.0.0 58.246.44.1
no ip route 0.0.0.0 0.0.0.0 192.168.199.1
no ip route 0.0.0.0 0.0.0.0 218.1.30.53 100
ip route 192.168.0.0 255.255.0.0 192.168.10.6
ip route 192.168.0.0 255.255.0.0 192.168.10.14 100
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/1 overload
!
access-list 1 permit any
access-list 10 permit 192.168.9.0 0.0.0.255
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.11.0 0.0.0.255
access-list 10 permit 192.168.12.0 0.0.0.255
access-list 10 permit 192.168.13.0 0.0.0.255
access-list 10 permit 192.168.14.0 0.0.0.63
access-list 10 permit 192.168.15.0 0.0.0.255
access-list 10 permit 192.168.35.0 0.0.0.255
access-list 10 permit 192.168.36.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 104201545347445E
logging synchronous
login
transport input pad telnet rlogin udptn ssh
!         
!
end






新的思科3925/k9配置：
TYC_ZJF_AR_02#show running-config
Building configuration...

Current configuration : 6065 bytes
!
! Last configuration change at 09:23:09 UTC Mon Sep 12 2016 by cisco
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TYC_ZJF_AR_02
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
!         
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-777905574
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-777905574
revocation-check none
rsakeypair TP-self-signed-777905574
!
!
crypto pki certificate chain TP-self-signed-777905574
certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37373739 30353537 34301E17 0D313630 38323430 31343233
  375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3737 37393035
  35373430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  BF651A26 615A0696 F2A0569F BD80BE09 92F18679 A2DBFAA1 884913D9 E3858947
  62D5B18F 9BC06664 55DB0CEE 420C8E18 773E5413 DDE9F521 3C43C333 2C458766
  2784907A E007B2C3 426D9029 A7781063 BFCC9756 9BE781FF 9C9A86DD BEC4AB3B
  CD77ED27 A890D369 E97FBA67 5DEDED3C 1870C942 843E0FF3 5258D7D3 DC47ED35
  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
  23041830 168014EF 00E6F40D 11CBFCAC 63315031 147F8F9A 9596DB30 1D060355
  1D0E0416 0414EF00 E6F40D11 CBFCAC63 31503114 7F8F9A95 96DB300D 06092A86
  4886F70D 01010505 00038181 002FF14B 0A0D30D1 5D93D9DF 1F357F63 D30C2D52
  FD21A00F 2B9DC932 736C6BB1 A04DE044 DD64E40B 8D60D20B 3981BEAF F5E06EFD
  51C4DC1C 3E7B4465 4363FE1F 26DBCA3E 14F947C8 66922C0F E9D2A299 CC3E9AD8
  E4FDBFDD 8D162310 24A02B5A B18495B8 B242B6C5 E1DE4B49 700F4E01 BD15475A
  2E928976 5B6B0688 EE4997B8 01
        quit
license udi pid C3900-SPE100/K9 sn FOC19182VSP
!
!
username cisco privilege 15 password 0 cisco
!
redundancy
!
no cdp run
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/2
description inter-int
ip address 192.168.10.1 255.255.255.248
ip nat inside
no ip virtual-reassembly in
duplex auto
speed auto
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username adxxxxxx password 7 xxxxxxxx
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 10 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.0.0 192.168.10.6
ip route 192.168.0.0 255.255.0.0 192.168.10.14 100
!
dialer-list 1 protocol ip permit
!
!
access-list 1 permit any
access-list 10 permit 192.168.9.0 0.0.0.255
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.11.0 0.0.0.255
access-list 10 permit 192.168.12.0 0.0.0.255
access-list 10 permit 192.168.13.0 0.0.0.255
access-list 10 permit 192.168.14.0 0.0.0.63
access-list 10 permit 192.168.15.0 0.0.0.255
access-list 10 permit 192.168.35.0 0.0.0.255
access-list 10 permit 192.168.36.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

zyh0707

11111