Cisco 1921 Additional Interface for WAN

you have not mentioned the natting . which according to me is missing.

Also if you have 0/0 and a sub interface 0/0.0 correct me if i am wrong but you should in stead use another sub interface 0/0.1 instead of 0/0

I have 5 wan IP's that i NAT to 5 internal networks using the same concept.

Since your default route point to private address space
ip route 0.0.0.0 0.0.0.0 192.168.1.1
is ISP in that direction?
Typically, you would have public IP address on your WAN interface provided from your ISP.

There are few possibilities for problem in the case your IP addresses and static routes are OK:
- NAT is not configured properly (networks are not included in NAT statements), so ISP is dropping traffic since private IP addresses are used as source address
- Other router(s) have no idea where are located networks 10.10.0.0/26 and 10.13.0.0/16 traffic for those networks is send in ISP's direction instead to this router

Check routing table of other L3 devices (if there are any), and check NAT configuration.

192.168.1.1 is Verizon router
10.10.x.x and 10.13.x.x route to main office for data connection.
0/0/0 is not sub-interface. it is additional gig card on Cisco 1921 router where the Verizon router is located.  I used to have 0/0 interface provide data and Internet. Now i have separate connection for data and Internet. how i check and see if NAT is configured on Cisco 1921? if not, what is command to do it?

# sh run | i nat

You can see this way all NAT statements except access list for NAT.
Probably you should paste your running config (exclude sensitive parts) and provide basic topology (although I think I got it).

For NAT configuration you should typically configure
- interfaces for your devices should be configured with ip nat inside
- interface(s) to ISP Verizon router should be configured as ip nat outside
- access list (or route map) to select traffic for natting
- nat statement

Article with basic configuration example - Configuring NAT overload

Typically Verizon router have no idea where your 10.x.x.x networks are, so you should provide static route for those on Verizon router (but not in this case since that traffic is for ISP). In this case you should NAT your traffic so Verizon router believes that all traffic is sent from 192.168.1.2 device (or that network range - you can configure NAT pool if you want).

Thanks PredragJovic, Here is my running config:
RemoteSite2#show run
Building configuration...

Current configuration : 3505 bytes
!
! Last configuration change at 20:53:14 UTC Mon Feb 22 2016 by admin
!
version 15.4
!
hostname RemoteSite2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip dhcp excluded-address 10.16.0.1
ip dhcp excluded-address 10.16.0.1 10.16.0.255
ip dhcp excluded-address 10.16.2.200 10.16.3.254
!
!
!
ip domain name domain.com
ip name-server 10.12.2.100
ip name-server 10.12.2.200
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO1921/K9 sn FGL191224FN
!
!
redundancy
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description PrimaryWANDesc_[----- WAN -----]
 ip address 10.255.255.3 255.255.255.248
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description [----- LAN -----]
 bandwidth 20000
 ip address 10.16.0.1 255.255.248.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list nat-list interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.255.255.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 10.3.0.0 255.255.0.0 10.255.255.1
ip route 10.12.0.0 255.255.0.0 10.255.255.1
ip route 10.13.0.0 255.255.0.0 10.255.255.2
!
!
snmp-server community readme RO
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 transport input telnet
!
scheduler allocate 20000 1000
!
end
Thanks for your help..!!!

Predrag Jovic,

ip nat inside      <--- if you need to NAT traffic to office should be ip nat outside
above is little bit confusing..i may not understand what this will do.  Thanks for your explanation.

All Internet traffic should route to 192.168.1.1 (^.^ i will change something later).
And All LAN traffic route to 10.255.255.1 and 10.255.255.2

Thanks again. This is really helps!

If you have 2 internet connections - both should be configured with ip nat outside (and more configuration should be done), if office traffic is currently working properly, just ignore that (and this) comment. :)

Yes. 0/0 interface has been provide Internet connection, but I don't want to any Internet traffic use 0/0 interface. I would like to every devices connected on 0/1 interface uses 0/0/0 as their Internet use while 0/1 for data only.  0/0 is slow wan connection.  Thanks

hm...
since it is slow WAN interface don't configure
# int Gi0/0
# ip nat inside
or if you did - you can remove it with
# int Gi0/0
# no ip nat inside

also you could filter traffic that travels through that line by using access-lists, although specific ip routes could be good enough (at least for now).

PredragJovic, Does this makes it works?
no ip route 0.0.0.0 0.0.0.0 10.255.255.1
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0 192.168.1.1
interface Gi0/0
ip nat inside      
interface Gi0/1
ip nat inside
interface Gi0/0/0
ip nat outside

access-list 100 remark ==[Verizon]==
access-list 100 permit ip 10.16.0.0 0.0.7.255

ip nat inside source list 100 interface gig 0/0/0 overload

Almost :)
If you use number 100 you need different type of ACL (then you don't need ip in ACL also - that one is also for 100 - 199).
You should stick with range of numbers between 1 - 99, or adapt ACL, and don't configure  Gi0/0 with ip nat inside (that way traffic from that interface will not be good for natting)

PredragJovic, OK..here it is another one
no ip route 0.0.0.0 0.0.0.0 10.255.255.1
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0 192.168.1.1  
interface Gi0/1
ip nat inside
interface Gi0/0/0
ip nat outside

access-list 10 remark ==[Verizon]==
access-list 10 permit ip 10.16.0.0 0.0.7.255

ip nat inside source list 10 interface gig 0/0/0 overload
Thanks!!!

access-list 10 permit 10.16.0.0 0.0.7.255   <--- no ip there

access-list 10 permit 10.16.0.0 0.0.7.255  192.168.1.1

or

access-list 10 permit 10.16.0.0 0.0.7.255  any

Thanks!

If you use ACL number 1 - 99 you can filter only by source address and that's it. So, then ACL is exactly as I wrote it
access-list 10 permit 10.16.0.0 0.0.7.255

If you use ACL number 100 - 199 then you can filter by more criteria (source, destination, port, protocol type)
access-list 100 permit ip 10.16.0.0 0.0.7.255 any

You can use any of those - it will perform exactly the same function in your case, but the first one should have less impact on router's CPU.

Thanks. i will try tonight and back with you. Just curious on the 0/0/0 interface showing (web console) that "Read-Only Interfaces" is that something I need to worry?

Read-Only Interfaces - never heard of it,

i just applied the command and i got following error.
RemoteSite2(config)#access-list 10 permit ip 10.16.0.0 0.0.7.255
Translating "ip"...domain server (10.12.2.10) (10.12.2.24)
Invalid input detected at '^' maker. (marker was at the 10.12.2.10)

Thanks

Again
access-list 10 permit 10.16.0.0 0.0.7.255
no ip there

yes. i just figured out. i also added no domain-lookup too. i hope it won't hurt...Thank you so much.
now everything seems working as i intended to do. when i lookup what is ip on web, i see Verizon public IP not my main site IP. and give me triple times speed test result. Thanks for your help

You're welcome.