I noticed the 1841 router is configured for Easy VPN. Have you verified the peer IP address as well as the group and key are correct? Also, is it your intent to have all traffic go over the VPN tunnel, or just certain types? You can do what is called a
split tunnel
(in .pdf format) that sends certain traffic always over the tunnel, and the rest directly to the internet.
The access list is having no affect on the configuration, it's applied to a route map that's not applied to any interface, at least not from what is given in pp1dt's post. Anyways, the configuration looks OK from what I see, my suggestion is check the VPN portion.
JWJ, Indeed pp1dt is alredy doing an split tunnel.
i fyou look careful at the statement s:
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
access-list 101 deny ip 10.0.9.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 101 permit ip 10.0.9.0 0.0.0.255 any
route-map nonat permit 10
match ip address 101
He is denying nat to traffic from 10.0.9.0 to 10.0.1.0 to be translated by nat, so perhaps, he is doing it because it wont be encrypted or translated and sent in the same interface with its own ip address (not translated).
