Cisco site-to-site VPN, Site B has voice but no data or internet access

Question

I am working on my first Cisco project. Site A has a Cisco UC520 with working VoIP phone system configured. Site B has a Cisco 880 router. My goal is to connect each site with this VPN connection.

At site B, I have a single VoIP phone with PoE (only FastEthernet0 and FastEthernet1 are PoE). The phone connects and registers over the VPN and can make clear calls to site A. Using the PC port on the phone I connected a PC which receives an IP from DHCP on the 880. The PC can also ping 208.67.222.222 (openDNS) but can't resolve www.google.com or a host at site A (i.e 172.16.1.5). The voice is on vlan 100, and data is on vlan 1. I am thinking that the PC is not getting on vlan1, but it is still getting an IP of 192.168.9.13.

I configured FastEthernet1 to match a working port configuration from the UC520 at site A (minus a macro description). I also tried configuring FastEthernet1 using:

switchport access vlan 1
spanning-tree portfast

Still no luck, I am hoping someone with more experience can throw some pointers my direction. Thanks in advance!

Here is the config:

HOSTNAME#show run
Building configuration...

Current configuration : 5944 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HOSTNAME
!
boot-start-marker
boot system flash c880voice-universalk9-mz.124-24.T4.bin
boot system flash c880voice-universalk9-mz.124-24.T.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login LOCAL_DB local
!
!
aaa session-id common
!
monitor session 1 source interface Fa0
monitor session 1 destination interface Fa3
clock timezone PDT -8
!
crypto pki trustpoint 
    
    ...

crypto pki certificate 
    
    ...

ip source-route
!
!
ip dhcp database pool
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.9.1 192.168.9.10
!
ip dhcp pool voice
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   option 150 ip 10.1.1.1
!
ip dhcp pool data
   import all
   network 192.168.9.0 255.255.255.0
   default-router 192.168.9.1
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip name-server 208.67.222.222
ip name-server 208.67.220.220
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
voice-card 0
!
username admin1 privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
username admin2 privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key XXXXXXX address (Site A Static IP XXX.XXX.XXX.XXX) no-xauth
crypto isakmp nat keepalive 10
!
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
 set peer (Site A IP XXX.XXX.XXX.XXX)
 set transform-set TSET
 match address VPN-TRAFFIC
!
archive
 log config
  hidekeys
!
interface Loopback10
 ip address 192.168.201.1 255.255.255.0
!
interface FastEthernet0
 switchport voice vlan 100
 spanning-tree portfast
!
interface FastEthernet1
 switchport mode trunk
 switchport voice vlan 100
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 mac-address XXXX.XXXX.XXXX (Spoofed MAC of router provided by ISP)
 ip address (Site B Static IP XXX.XXX.XXX.XXX) 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map mymap
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.9.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan100
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip default-gateway (Site B ISP Gateway XXX.XXX.XXX.XXX)
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (Site B ISP Gateway XXX.XXX.XXX.XXX)
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list NAT interface FastEthernet4 overload
!
ip access-list extended NAT
 deny   ip 192.168.9.0 0.0.0.255 172.16.1.0 0.0.0.255
 deny   ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
 deny   ip 192.168.9.0 0.0.0.255 10.1.1.0 0.0.0.255
 deny   ip 192.168.10.0 0.0.0.255 10.1.1.0 0.0.0.255
 permit ip 192.168.9.0 0.0.0.255 any
 permit ip 192.168.10.0 0.0.0.255 any
ip access-list extended VPN-TRAFFIC
 permit ip 192.168.9.0 0.0.0.255 172.16.1.0 0.0.0.255
 permit ip 192.168.9.0 0.0.0.255 10.1.1.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 10.1.1.0 0.0.0.255
 permit ip 192.168.9.0 0.0.0.255 10.1.10.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 10.1.10.0 0.0.0.255
!
route-map test permit 10
 match ip address NAT2
!
control-plane
!
voice-port 0
!
voice-port 1
!
voice-port 2
!
voice-port 3
!
voice-port 4
 connection plar 50
!
!
mgcp fax t38 ecm
!
dial-peer voice 10 pots
 destination-pattern 9T
 incoming called-number .
 port 4
!
dial-peer voice 100 voip
 destination-pattern ..
 session target ipv4:10.1.1.1
 dtmf-relay h245-alphanumeric
 no vad
!
!
gateway
 timer receive-rtp 1200
!
!
call-manager-fallback
 secondary-dialtone 9
 max-conferences 4 gain -6
 transfer-system full-consult
 ip source-address 192.168.9.1 port 2000
 max-ephones 4
 max-dn 50 dual-line preference 1
 transfer-pattern 9T
 transfer-pattern ..
 keepalive 20
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Answer 1

It sounds like connectivity to the internet is ok, but DNS resolution is not.

Is your import all grabbing a valid DNS configuration? I don't see an dhcp client interface in the config for it to pull options configuration from. Does the client system have get valid DNS configuration after getting an IP lease?

If it's not configuring this correctly, add a dns-server x.x.x.x pointing to a valid DNS server in the ip dhcp pool data block.