Доброе время суток.
Не могу связать внутреннею точку доступа с внешнем миром. вроде бы все правильно, но при подключений к беспроводной сети не видит всю остальную сеть за роутром, даже не могу пропинговать сам роутер. вот конфиги:  

mtap#sh run
Building configuration...

Current configuration : 1713 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname mtap
!
enable secret 5 $1$rR.F$eGGM9.cCshuPRJIk651n9.
!
no aaa new-model
no ip dhcp use vrf connected
!
ip dhcp pool MT-POOL
   import all
   network 10.10.50.0 255.255.255.0
   default-router 10.10.50.111
   dns-server 10.10.50.101
!
!
dot11 syslog
!
dot11 ssid MT
   vlan 2
   authentication open
   mbssid guest-mode
!
!
!
username XXXXXXX privilege 15 secret 5 XXXXXXXXXXXXX
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 2 key 1 size 40bit 7 XXXXXXXXXXX transmit-key
encryption vlan 2 mode wep mandatory
!
broadcast-key vlan 2 change 30
!
!
ssid MT
!
antenna gain 0
station-role root
!
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.10.50.121 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
no activation-character
line vty 0 4
login local
!
end

ciscoMT#sh run
Building configuration...

Current configuration : 12753 bytes
!
version 15.1
parser view CCP_EasyVPN_Remote
secret 5 $1$.zPu$cCYOU5yVk776suEftjaF4.
commands interface include all crypto
commands interface include all no crypto
commands interface include no
commands configure include end
commands configure include all access-list
commands configure include all ip nat
commands configure include ip dns server
commands configure include ip dns
commands configure include all interface
commands configure include all identity policy
commands configure include identity profile
commands configure include identity
commands configure include all dot1x
commands configure include all ip domain lookup
commands configure include ip domain
commands configure include ip
commands configure include all crypto
commands configure include all aaa
commands configure include no end
commands configure include all no access-list
commands configure include all no ip nat
commands configure include no ip dns server
commands configure include no ip dns
commands configure include all no interface
commands configure include all no identity policy
commands configure include no identity profile
commands configure include no identity
commands configure include all no dot1x
commands configure include all no ip domain lookup
commands configure include no ip domain
commands configure include no ip
commands configure include all no crypto
commands configure include all no aaa
commands configure include no
commands exec include dir all-filesystems
commands exec include dir
commands exec include crypto ipsec client ezvpn connect
commands exec include crypto ipsec client ezvpn xauth
commands exec include crypto ipsec client ezvpn
commands exec include crypto ipsec client
commands exec include crypto ipsec
commands exec include crypto
commands exec include write memory
commands exec include write
commands exec include all ping ip
commands exec include ping
commands exec include configure terminal
commands exec include configure
commands exec include all terminal width
commands exec include all terminal length
commands exec include terminal
commands exec include all show
commands exec include all debug appfw
commands exec include all debug ip inspect
commands exec include debug ip
commands exec include debug
commands exec include all clear
commands exec include no
!
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ciscoMT
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$qST9$bj98XQNlibkSIWVhmFz6O0
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone PCTime 3 0
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2385497361
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2385497361
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-2385497361
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32333835 34393733 3631301E 170D3131 30383138 30353433
  34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33383534
  39373336 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C511 E0FBB211 17FCBB86 47C6B8AB 8FD5C2BD E0091E91 1993CD3C BC28CEDD
  06ADB84A 92A888A6 9635783C F31BEB07 1B3E4B6E B3925383 3A4589B7 1FF14851
  A43CFA65 41CEC4C6 57CC76F2 B646B567 79477537 2DD13C9D 08DEBF74 DD238FA2
  0879A384 31F7E70A B5A6C86E 5ACCD78E BB17A9A1 68442E9D 17AD0AF7 9FF4FAFF
  1D590203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 140EB81D 24217A05 2F14253B 9672B2E2 8C422186 83301D06
  03551D0E 04160414 0EB81D24 217A052F 14253B96 72B2E28C 42218683 300D0609
  2A864886 F70D0101 04050003 8181004E 5E3A5145 6F636075 DAE3470A 76D8A59D
  57089FC9 34BBD5EE 84D3E37E 7BBC35B9 F887944E 80681845 497A3AB4 F451379D
  6DFCD97D 0BEF9ACA E55CC976 200EBB1A 38B907A7 4185D512 D439AEAA D3AE6A22
  5DC3499D C33C330A 60983739 C1E56057 2D4B533B 8024E1CF 64CDF743 F94488BF
  8D54A05A 0A12CB4B 950246E1 3D5A4F
        quit
no ip source-route
!
!
!
!
!
ip cef
no ip bootp server
ip domain name XXXXXX
ip name-server XXXXXXXXXXXX
ip name-server XXXXXXXXXXXX
no ipv6 cef
!
!
license udi pid CISCO881W-GN-A-K9 sn FTX150402T9
license boot module c880-data level advsecurity
!
!
username XXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
username XXXXXXX privilege 15 view CCP_EasyVPN_Remote secret 5 XXXXXXXX
!
!
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-all sdm-nat-ftp-1
match access-group 101
match protocol ftp
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
  inspect
class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-ftp-1
  inspect
class class-default
  drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
  drop log
class type inspect ccp-protocol-http
  inspect
class type inspect ccp-insp-traffic
  inspect
class class-default
  drop
policy-map type inspect ccp-permit
class type inspect SDM_EASY_VPN_SERVER_PT
  pass
class class-default
  drop
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
  pass
class class-default
  drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zo
ne
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN_GROUP
key XXXXXXXXXXXXX
dns XXXXXXXXXXXXX
domain XXXXXXXX
pool SDM_POOL_1
crypto isakmp profile ciscocp-ike-profile-1
   match identity group VPN_GROUP
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.50.111 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname XXXXX
ppp chap password 7 XXXXXXXXX
no cdp enable
!
ip local pool SDM_POOL_1 10.10.40.1 10.10.40.100
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.50.100 21 interface Dialer0 21
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
!
logging esm config
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.50.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any host 10.10.50.100
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end