我们公司刚刚买了一台CISCO2811的路由器，以前都是用300元的小路由器连接到外网。换了CISCO后，就出现一个问题，有很多网站上不了，如：www.dyds.gov.cn ，但好像不是路由器配置的问题，因为也叫卖家看过了，也不是某台机器上不了！
大家能帮我想想是什么原因嘛


网友１：

你的cisco是不是只做了nat转换，如果没有做其他的设置因该是没有问题的。是不是你设置了ACL，导致上不去


网友２：

不要搞那么复杂，会累死自己，我这里的也是cisco2811。我当时什么都没有设置，只做了nat和80端口的映射。懒人是我，能上网去就可以了。我连ACL都没有去设置，等有DOSS再去搞，反正老板都不懂，他认为能上网就可以了，其他的吊事烦。


网友３：
你这个一定是ACL配错了。屏蔽了一个IP段！故此有些网站能开。有些不能

配置：

show conf
Using 2372 out of 245752 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
--More--         !
ip domain name yourdomain.com
vpdn enable
!
!
username cisco privilege 15 secret 5 $1$kdqj$JYEmLHxhgvvFwvI5iIfZp0
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 10.40.1.251 255.255.255.0
ip nat inside
duplex auto
speed auto
!
--More--         interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap hostname zjkd6913308
ppp chap password 0 6913308
ppp pap sent-username zjkd6913201 password 0 6913201
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit any
access-list 23 permit 10.10.10.0 0.0.0.7
--More--         dialer-list 1 protocol ip permit
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
--More--         GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end

谢谢大家了啊，这是我的CISCO2811的配置，其实我不会配置的，当时也是卖方配置的，大家帮我看看有没有什么问题.

int f0/0
ip tcp adjust-mss 1024
exit
int Dialer1
ip tcp adjust-mss 1024
exit
write mem