Oto config i dzięki za zainteresowanie.
Wyrzucałem także całą konfiguracje WLAN, kody pki, próbowałem inne dns i wpisywacw kompie proxy netii i nie tylko netii
i nic nie pomogło ...

///////////////////////////
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 ***************
enable password *************
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2969804406
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2969804406
revocation-check none
rsakeypair TP-self-signed-2969804406
!
!
crypto pki certificate chain TP-self-signed-2969804406
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393639 38303434 3036301E 170D3039 30363138 30303231
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363938
30343430 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009874 88F48EE7 9C5325FA 7CDD5173 C28BA716 FB5730CE 6F2FA5B3 246E6786
282E7807 3B621F5B 8E647F50 8F28F3CC 02ABD203 6AEAEDEE 500C3674 B2BD1015
83F84C3A FE116C9C D8181547 FFBC3690 D219B9C0 76743C17 1656A7C3 BADE04EC
00F19B15 6BEBCD40 300444EC C33BA64B F6FC859E 5590AB48 5B760DF2 9951B12D
E6BD0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07747278 2E747278 301F0603 551D2304 18301680 14FAD359
73EBFDF8 98600D6D 54CBB1E9 1A3868AF 73301D06 03551D0E 04160414 FAD35973
EBFDF898 600D6D54 CBB1E91A 3868AF73 300D0609 2A864886 F70D0101 04050003
81810025 50CB57DD A26364BA 669D2FA4 2C9B6299 AAD496E7 3836A64D BD97D228
53916292 E3B740F3 EDE62FFB 17D0F569 79635B1A D90C9047 9CC76CEF 87920AAA
B6395F4E 7E548A06 67483A26 3FAFBC3F 6CCBA14F 447BDA0A 79D7F9AE 187C0C95
8A3CE1F1 9A3CABEF 1E4230EC 66CF4947 F2AD4BC3 D7CCFA20 E8E1D99D C31AFEE7 7DCF5D
quit
dot11 syslog
!
dot11 ssid necik
vlan 1
authentication open
guest-mode
!
ip source-route
!
!
ip cef
ip domain name ***
ip name-server 195.114.181.130
ip name-server 193.110.121.20
!
!
!
!
!
spanning-tree vlan 1 priority 4096
username *** privilege 15 secret 5 *************
!
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key ******* address *******IP
crypto isakmp keepalive 20 periodic
!
!
crypto ipsec transform-set DES-SHA esp-des esp-sha-hmac
!
crypto map VPN 1 ipsec-isakmp
set peer ***********
set transform-set DES-SHA
match address 101
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
mac-address ********
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 key 1 size 40bit 7 7DF1D71A8655 transmit-key
encryption vlan 1 mode wep mandatory
!
encryption mode wep mandatory
!
ssid necik
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
!
interface Vlan1
no ip address
bridge-group 1
!
interface Dialer0
description Interfejs dzwoniacy
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname ***********
ppp chap password 7 *************
crypto map VPN
hold-queue 100 out
!
interface BVI1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 172.16.0.0 255.255.0.0 ********
ip route 192.168.3.0 255.255.255.0 ***********
ip route 192.168.5.0 255.255.255.0 *************
ip route 192.168.11.0 255.255.255.0 ***********
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface Dialer0 overload
!
access-list 100 remark NAT
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 100 deny ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark IPSec protect
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.255.255
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
login
no modem enable
transport output all
line aux 0
login
transport output all
line vty 0 4
privilege level 15
password 7 ************
login local
transport input ssh
transport output all
!
scheduler max-task-time 5000
end