VPN专线与互联网切换问题

分公司有一条专线连到集团公司，但是分公司不能通过专线上互联网，现在想能连上专线同时又能上互联网，应该如何实现？请高手指教，如下是网络拓扑图、三层交换机、防火墙的配置：

1、网络拓扑图：

2、三层交换机配置：

<zuan>dis cu
 telnet server enable
#
ip vpn-instance PIN
 route-distinguisher 65290:100
 vpn-target 65290:311 export-extcommunity
 vpn-target 65290:322 import-extcommunity
#
ip vpn-instance VPNIII
 route-distinguisher 65290:300
 vpn-target 65290:321 export-extcommunity
 vpn-target 65290:321 import-extcommunity
#
ip vpn-instance VPNIV
 route-distinguisher 65290:400
vpn-target 65290:421 export-extcommunity
 vpn-target 65290:421 import-extcommunity
#
ip vpn-instance HE
 route-distinguisher 65290:200
 vpn-target 65290:322 export-extcommunity
 vpn-target 65290:322 import-extcommunity
#
vlan 1
#
vlan 10
#
vlan 100 to 101
#
vlan 2
#
vlan 200 to 201
#
vlan 300
#
vlan 400 to 401
#
domain system
access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
interface NULL0
#
interface LoopBack0
 ip address 10.79.250.222 255.255.255.255
#
interface Vlan-interface10
 description ce manager
 ip address 10.79.168.82 255.255.255.252
#
interface Vlan-interface100
 description to vpn PIN
 ip binding vpn-instance PIN
 ip address 10.71.128.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface101
description to vpn  PIN
 ip binding vpn-instance  PIN
 ip address 10.75.24.174 255.255.255.240
 ospf cost 100
#
interface Vlan-interface111
 ip address 192.168.3.1 255.255.255.0
#
interface Vlan-interface200
 description to vpn  GHE
 ip binding vpn-instance  GHE
 ip address 10.71.130.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface201
 description to vpn  GHE
 ip binding vpn-instance  GHE
 ip address 10.70.138.254 255.255.255.0
 ospf cost 100
#
interface Vlan-interface300
 description to vpn VPNIII
 ip binding vpn-instance VPNIII
 ip address 10.71.132.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface400
 description to vpn VPNIV
 ip binding vpn-instance VPNIV
 ip address 10.71.134.46 255.255.255.252
 ospf cost 100
#
interface Vlan-interface401
 description to vpn VPNIV
 ip binding vpn-instance VPNIV
 ip address 172.30.37.254 255.255.255.0
 ospf cost 100
#
interface Ethernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 10 100
 description TO  AR2-1_GE0/0
#
interface Ethernet1/0/2
 port link-mode bridge
port access vlan 101
#
interface Ethernet1/0/3
 port link-mode bridge
 port access vlan 101
#
interface Ethernet1/0/4
 port link-mode bridge
 port access vlan 101
#