привет всем.

есть cisco 837 и adsl линия.

конекчусь к провайдеру успешно, кроме того получаю глобальный адрес от него успешно, но не могу ничего пинговать (8.8.4.4 это мировой DNS сервер как вы знаете :) ).

gate#p 8.8.4.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
gate#

Но я могу пинговать этот ip если использую extended ping и меняю source на физический интерфейс.

gate#p
Protocol [ip]:
Target IP address: 8.8.4.4
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: Ethernet0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.172.1
!!!!!
Success rate is 100 percent (5/5)
gate#

Конфигурация роутера вот такая:
---------------------

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname gate
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist local
aaa authentication ppp default local
aaa authorization network grouplist local
!
aaa session-id common
clock timezone cad -5
clock summer-time cad recurring last Sun Mar 3:00 last Sun Oct 3:00
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.172.1 192.168.172.12
!
ip dhcp pool dhcp-pool4lan
   import all
   network 192.168.172.0 255.255.255.224
   default-router 192.168.172.1
   dns-server 192.168.172.2 192.168.172.1 192.168.172.4
   domain-name uuuuuu.org
   lease 14
!
!
ip cef
ip domain name uuuuuuu.org
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ddns update method dyndns
HTTP
  add http://uuuuuu:xxxxxx@members.dyndns.org/nic/updatesyste...
interval maximum 10 0 0 0
!
vpdn enable
!
!
!
!
username sam privilege 15 secret 5 xxxxxxxxxxxxxxx
archive
log config
  hidekeys
!
!
!
!
!
!
interface Ethernet0
description -= local inside subnet =-
ip address 192.168.172.1 255.255.255.224
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface Ethernet2
description -= wifi subnet  adv by rip =-
ip address 192.168.172.33 255.255.255.240
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache cef
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 0/35
  pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
description -= WIFI subnet =-
duplex auto
speed auto
!
interface Dialer1
ip ddns update hostname uuuuuu.org
ip ddns update dyndns host members.dyndns.org
ip address negotiated previous
no ip redirects
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 7
no cdp enable
ppp chap hostname yyyyyyyyyyy@a.net
ppp chap password 7 xxxxxxxxxxxxxxxxx
ppp pap sent-username yyyyyyyyyyy@a.net password 7 xxxxxxxxxxxxxxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
router rip
version 2
passive-interface default
no passive-interface FastEthernet3
no passive-interface FastEthernet4
network 192.168.172.0
neighbor 192.168.172.34
no auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat translation timeout 120
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.172.4 22 interface Dialer1 42586
ip nat inside source static 192.168.172.2 interface Dialer1
ip nat inside source static udp 192.168.172.35 554 interface Dialer1 554
ip nat inside source static udp 192.168.172.35 555 interface Dialer1 555
ip nat inside source static udp 192.168.172.35 556 interface Dialer1 556
!
!
ip access-list extended rfc1917
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 127.0.0.0 0.255.255.255 any
deny   ip host 255.255.255.255 any
deny   ip host 0.0.0.0 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
remark -= RFC 1917 =-
ip access-list extended vpn-access
permit ip 192.168.172.48 0.0.0.15 any
ip access-list extended wifi-acl
permit ip any any
remark -= ACL 4 wifi DMZ =-
logging history informational
logging trap debugging
logging facility local5
logging 192.168.172.2
access-list 1 permit 192.168.172.0 0.0.0.31
access-list 1 permit 192.168.172.32 0.0.0.15
access-list 1 permit 192.168.172.48 0.0.0.7
access-list 1 remark -= ACL for inside networks =-
dialer-list 7 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
ntp clock-period 17179486
ntp server 128.100.102.201 source Dialer1
end
---------------------------------------

Подскажите, что не правильно?

Спасибо.