Cisco 831 Can't ping DSL default gateway (Help) 1

[roddm]

I have a Cisco 831 connected to ATT DSL modem in bridge mode.
I can ping the DSL static IP but not the default gateway.
I can get internet but the other branch offices can't access this router

Here's the running config

!version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname EIS-KZO
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 2 log
security passwords min-length 6
logging exception 1024000
logging count
logging buffered 51200 informational
logging console informational
logging monitor informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone edt -5
clock summer-time edt date Mar 9 2008 3:00 Nov 2 2008 3:00
clock save interval 12
regexp optimize
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip dhcp excluded-address 192.168.254.11
ip dhcp excluded-address 192.168.254.12
ip dhcp excluded-address 192.168.254.1 192.168.254.10
ip dhcp excluded-address 192.168.254.240 192.168.254.254
!
ip dhcp pool EIS-KZO
network 192.168.254.0 255.255.255.0
default-router 192.168.254.254
dns-server 68.94.156.1 68.94.157.1
lease 0 1
update arp
!
ip name-server 68.94.156.1
ip name-server 68.94.156.1
!
ip tcp synwait-time 10
ip cef
no ip bootp server
ip ips po max-events 100
ip ssh authentication-retries 2
ip ssh port 2222 rotary 1
ip ssh rsa keypair-name eis-kzo
vpdn enable
!
no ftp-server write-enable
!
!
username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 75.7.211.6
no crypto isakmp ccm
!
!
crypto ipsec transform-set eistransform2 esp-3des esp-md5-hmac
!
crypto map eisnetmap2 10 ipsec-isakmp
set peer 75.7.211.6
set transform-set eistransform2
match address 101
!
!
!
interface Null0
no ip unreachables
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
interface Ethernet0
description LAN_Internal$FW_INSIDE$
ip address 192.168.254.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1300
ip policy route-map static
no cdp enable
hold-queue 32 in
!
interface Ethernet1
description LAN_Connection_to_ISP
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXXXX password 7 XXXXXXXXXXXXXXXXXXX
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.254.101 3389 interface Dialer1 3901
ip nat inside source static tcp 192.168.254.254 161 interface Dialer1 1616
ip nat inside source static tcp 192.168.254.253 23 interface Dialer1 23
ip nat inside source static tcp 192.168.254.102 5900 interface Dialer1 5902
ip nat inside source static tcp 192.168.254.103 5900 interface Dialer1 5903
ip nat inside source static tcp 192.168.254.101 5900 interface Dialer1 5901
ip nat inside source static tcp 192.168.254.104 5900 interface Dialer1 5904
ip nat inside source static tcp 192.168.254.105 5900 interface Dialer1 5905
ip nat inside source static tcp 192.168.254.106 5900 interface Dialer1 5906
ip nat inside source static tcp 192.168.254.107 5900 interface Dialer1 5907
ip nat inside source static tcp 192.168.254.108 5900 interface Dialer1 5908
ip nat inside source static tcp 192.168.254.109 5900 interface Dialer1 5909
ip nat inside source static tcp 192.168.254.110 5900 interface Dialer1 5910
ip nat inside source static udp 192.168.254.254 161 interface Dialer1 1616
ip nat inside source static udp 192.168.254.101 161 interface Dialer1 1618
ip nat inside source static udp 192.168.254.253 161 interface Dialer1 1619
ip nat inside source static tcp 192.168.254.253 161 interface Dialer1 1619
ip nat inside source static tcp 192.168.254.102 3389 interface Dialer1 3902
ip nat inside source static tcp 192.168.254.103 3389 interface Dialer1 3903
ip nat inside source static tcp 192.168.254.104 3389 interface Dialer1 3904
ip nat inside source static tcp 192.168.254.105 3389 interface Dialer1 3905
ip nat inside source static tcp 192.168.254.106 3389 interface Dialer1 3906
ip nat inside source static tcp 192.168.254.107 3389 interface Dialer1 3907
ip nat inside source static tcp 192.168.254.108 3389 interface Dialer1 3908
ip nat inside source static tcp 192.168.254.254 23 interface Dialer1 2323
ip nat inside source static tcp 192.168.254.254 2222 interface Dialer1 22
ip nat inside source static tcp 192.168.254.109 3389 interface Dialer1 3909
ip nat inside source static tcp 192.168.254.110 3389 interface Dialer1 3910
ip nat inside source static tcp 192.168.254.111 5900 interface Dialer1 5911
!
logging 69.51.153.197
access-list 23 permit 69.51.153.197
access-list 23 permit 69.51.156.165
access-list 23 permit 192.168.1.3
access-list 23 permit 69.51.128.112 0.0.0.15
access-list 23 permit 192.168.254.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.254.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 permit ip 192.168.254.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 deny ip 192.168.254.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.254.0 0.0.0.255 any
access-list 105 permit ip 192.168.254.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community dtrshop RW
snmp-server trap link ietf
snmp-server trap-source Dialer1
snmp-server location Kalamazoo, MI
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps flash insertion removal
snmp-server enable traps pppoe
snmp-server enable traps config
snmp-server host 69.51.153.197 dtrshop tty config snmp
!
route-map static permit 10
match ip address 105
set ip next-hop 1.1.1.2
!
!
control-plane
!
banner login ^C EIS-KZO Login^C
banner motd ^CCEdwards Industrial Sales - Kalamazoo^C
!
line con 0
login local
no modem enable
transport output telnet
speed 57600
line aux 0
login local
transport output telnet
line vty 0 4
access-class 100 in
login local
rotary 1
transport preferred ssh
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
end

 

[Minue]

Hello
Hello may be your default gateway is configured not to replt to ICMP.I am not a VPN expert but first check to see if your crypto tunnels are up.
Regards

 

[burtsbees]

Looks like SDM REALLY goofed things up. Is this meant to be a site-to-site or remote access VPN? If remote access, this is completely off. Does the modem support vpn passthrough? I would just ditch the 831 entirely and use an 837 and not even use an external modem.
Also, just to note, your MTU and MSS are configured wrong in relationship to eachother---the common rule is to make the max segment size 40 bytes less that mtu, not 100. Also, for dsl, it should be 1492 mtu and 1452 mss.

Burt