Got stuck on this one.
PPPoE is established and I can access router from outside. But router can't ping itself and ouside and NAT isn't working as well.
Main goal is to make Internet work from router.
Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.0(1)M7, RELEASE SOFTWARE (fc2)
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 52000
enable secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
crypto pki trustpoint TP-self-signed-3510199117
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3510199117
revocation-check none
rsakeypair TP-self-signed-3510199117
!
!
crypto pki certificate chain TP-self-signed-3510199117
ip source-route
!
!
ip dhcp excluded-address 192.168.60.1 192.168.60.99
ip dhcp excluded-address 192.168.60.200 192.168.60.254
!
ip dhcp pool XXXX
import all
network 192.168.60.0 255.255.255.0
domain-name XXXX
dns-server 192.168.60.60 192.168.60.254
default-router 192.168.60.254
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name XXXX
no ipv6 cef
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
request-dialin
protocol l2tp
!
license udi pid CISCO891-K9
!
!
username admin privilege 15 secret 5 $1$Qk7J$aJkUWfkq5bvyueZRKwT.1.
username PICS privilege 15 secret 5 $1$/Blc$yyAwPSxrL/eK/YTyI9X5H1
!
!
ip tcp synwait-time 10
no ip ftp passive
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
description $ES_LAN$$FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
!
!
interface GigabitEthernet0
description BT DSL
no ip address
ip access-group 107 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
crypto map SDM_CMAP_1
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 192.168.60.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
!
interface Dialer0
ip address negotiated
ip access-group 107 in
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname xxx@xxx.com
ppp chap password 7 XXXXX
ppp pap sent-username xxx@xxx.com password 7 1XXXXX
ppp ipcp route default
no cdp enable
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 2 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.10.20.0 255.255.255.0 10.10.60.1 permanent
ip route 10.10.30.0 255.255.255.0 10.10.60.1 permanent
ip route 10.10.40.0 255.255.255.0 10.10.60.1 permanent
ip route 10.10.60.0 255.255.255.0 10.10.60.1 permanent
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.40.0 0.0.0.255
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.60.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 192.168.60.0 0.0.0.255
access-list 23 remark CCP_ACL Category=1
access-list 23 permit 10.10.20.0 0.0.0.255
access-list 23 permit 10.10.30.0 0.0.0.255
access-list 23 permit 10.10.40.0 0.0.0.255
access-list 23 permit 10.10.60.0 0.0.0.255
access-list 23 permit 192.168.20.0 0.0.0.255
access-list 23 permit 192.168.30.0 0.0.0.255
access-list 23 permit 192.168.40.0 0.0.0.255
access-list 23 permit 192.168.60.0 0.0.0.255
access-list 100 remark CCP_ACL Category=1
access-list 100 permit ip 10.10.20.0 0.0.0.255 any
access-list 100 permit ip 10.10.30.0 0.0.0.255 any
access-list 100 permit ip 10.10.40.0 0.0.0.255 any
access-list 100 permit ip 10.10.60.0 0.0.0.255 any
access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.60.1 eq telnet
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.60.1 eq telnet
access-list 100 permit tcp 192.168.40.0 0.0.0.255 host 192.168.60.1 eq telnet
access-list 100 permit tcp 192.168.60.0 0.0.0.255 host 192.168.60.1 eq telnet
access-list 100 permit tcp 10.10.30.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 10.10.20.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 10.10.40.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 10.10.60.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 192.168.40.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 192.168.60.0 0.0.0.255 host 192.168.60.1 eq 22
access-list 100 permit tcp 10.10.20.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 10.10.30.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 10.10.40.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 10.10.60.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 192.168.40.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 192.168.60.0 0.0.0.255 host 192.168.60.1 eq www
access-list 100 permit tcp 10.10.20.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 10.10.30.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 10.10.40.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 10.10.60.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 192.168.40.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 192.168.60.0 0.0.0.255 host 192.168.60.1 eq 443
access-list 100 permit tcp 10.10.20.0 0.0.0.255 host 192.168.60.1 eq cmd
access-list 100 permit tcp 10.10.30.0 0.0.0.255 host 192.168.60.1 eq cmd
access-list 100 permit tcp 10.10.40.0 0.0.0.255 host 192.168.60.1 eq cmd
access-list 100 permit tcp 10.10.60.0 0.0.0.255 host 192.168.60.1 eq cmd
access-list 100 deny tcp any host 192.168.60.1 eq telnet
access-list 100 deny tcp any host 192.168.60.1 eq 22
access-list 100 deny tcp any host 192.168.60.1 eq www
access-list 100 deny tcp any host 192.168.60.1 eq 443
access-list 100 deny tcp any host 192.168.60.1 eq cmd
access-list 100 deny udp any host 192.168.60.1 eq snmp
access-list 100 permit ip any any
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 permit ip 192.168.40.0 0.0.0.255 any
access-list 101 permit ip 192.168.60.0 0.0.0.255 any
access-list 101 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 permit ip 10.10.30.0 0.0.0.255 any
access-list 101 permit ip 10.10.40.0 0.0.0.255 any
access-list 101 permit ip 10.10.60.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip 192.168.20.0 0.0.0.255 any
access-list 102 permit ip 192.168.30.0 0.0.0.255 any
access-list 102 permit ip 192.168.40.0 0.0.0.255 any
access-list 102 permit ip 192.168.60.0 0.0.0.255 any
access-list 102 permit ip 10.10.20.0 0.0.0.255 any
access-list 102 permit ip 10.10.30.0 0.0.0.255 any
access-list 102 permit ip 10.10.40.0 0.0.0.255 any
access-list 102 permit ip 10.10.60.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.60.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 104 remark CCP_ACL Category=2
access-list 104 remark IPSecRule
access-list 104 deny ip 192.168.60.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 104 permit ip 192.168.60.0 0.0.0.255 any
access-list 105 remark CCP_ACL Category=2
access-list 105 deny ip 192.168.60.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 105 permit ip 192.168.60.0 0.0.0.255 any
access-list 106 remark CCP_ACL Category=4
access-list 106 permit ip 192.168.60.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 107 remark CCP_from_outside
access-list 107 permit tcp any any eq 443
access-list 107 permit tcp any any eq 22
access-list 107 permit tcp any any eq cmd
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 105
!
!
!
control-plane
!
!
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
