How to properly make cisco vpn l2tp ipsec split tunnel on 1841?

A

All32016-10-18 16:57:20

VPN

All3, 2016-10-18 16:57:20

Is available cisco 1841 and the firewall behind which there is all working network. You need to make the company's internal network available to remote clients.
Cisco one port is stuck in the provider, the other in the firewall. The firewall is also plugged directly (conditionally) with one port into the internal network and the other into the provider. The internal network has many subnets, the firewall knows about them.
my 1841 config is like this:

Building configuration...

Current configuration : 2373 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VPNeigrp
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxXXXxxx
!
aaa new-model
!
!
aaa authentication ppp VPDN_AUTH local
!
aaa session-id common
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
no ip domain lookup
ip domain name xxx.ru
login block-for 60 attempts 3 within 30
vlan ifdescr detail
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
!
!
!
username remote privilege 15 password 7 xxxXXXxxx
!
!
ip ssh version 1
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxXXXxxx address 0.0.0.0 0.0.0.0
!
!
!
crypto ipsec transform-set L2TP-Set esp-3des esp-sha-hmac
 mode transport
!
crypto dynamic-map dyn-map 10
 set nat demux
 set transform-set L2TP-Set
!
!
crypto map outside_map 65535 ipsec-isakmp dynamic dyn-map
!
!
!
interface FastEthernet0/0
 ip address 192.168.77.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 109.XXX.XXX.201 255.255.255.224
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map outside_map
!
interface Serial0/0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Virtual-Template1
 ip unnumbered FastEthernet0/0
 peer default ip address pool l2tp-pool
 ppp authentication ms-chap-v2 VPDN_AUTH
 ppp ipcp dns 192.168.160.41
!
ip local pool l2tp-pool 192.168.77.3 192.168.77.128
ip default-gateway 109.XXX.XXX.193
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 109.XXX.XXX.193
ip route 192.168.0.0 255.255.0.0 192.168.77.1
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
privilege exec level 15 configure terminal
privilege exec level 15 configure
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 60 0
 logging synchronous
 transport input ssh
!
scheduler allocate 20000 1000
end

When a client connects to vpn, the internal network is visible, there is no Internet. If you uncheck (on the client side) "use the default gateway on the remote network" - the Internet appears, the internal network is not visible.
Tell me what to add in the config so that there is both the Internet and the internal network? It would be desirable split tunnel not to go through cisco to the Internet.