Hi, Tejal, thanks for reply.

I just find out that the remote user can't even ping. Here is the info.

The remote user has an assigned address

10.1.2.12/255.0.0.0

the loopback0 interface has address 10.1.2.1/255.255.255.0

The box has fastethernet0 w/ ip = 192.76.69.20

route is 0.0.0.0 0.0.0.0 192.76.69.254.

The user can't ping 192.76.69.83 (which I now is in the network)

============

Here is the running config, only serial0 has pri line, fastethernet0 is the only ethernet connection, I also do some PAT between remote user and company network, as you will see.

modemgw# show run

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname modemgw

!

boot system flash c5300-is-mz_120-3_T1.bin

aaa new-model

aaa authentication login default local

aaa authentication ppp default if-needed local

enable password 7 011D0F095F0A

!

username minchumo password 7 11081B06464058

modem country mica usa

ip subnet-zero

ip host-routing

no ip finger

ip domain-name abc.def.com

!

async-bootp dns-server 192.76.64.227 143.91.100.213

isdn switch-type primary-5ess

!

!

controller T1 0

framing esf

clock source line primary

linecode b8zs

pri-group timeslots 1-24

!

controller T1 1

framing esf

clock source line secondary 1

linecode b8zs

pri-group timeslots 1-24

!

controller T1 2

framing esf

linecode b8zs

pri-group timeslots 1-24

!

controller T1 3

framing esf

linecode b8zs

pri-group timeslots 1-24

!

!

!

interface Loopback0

ip address 10.1.2.1 255.255.255.0

no ip directed-broadcast

ip nat inside

!

interface Ethernet0

no ip address

no ip directed-broadcast

no ip mroute-cache

shutdown

!

interface Serial0:23

no ip address

no ip directed-broadcast

encapsulation ppp

isdn switch-type primary-5ess

isdn incoming-voice modem

!

interface Serial1:23

no ip address

no ip directed-broadcast

encapsulation ppp

isdn switch-type primary-5ess

isdn incoming-voice modem

no fair-queue

no cdp enable

ppp authentication chap pap

ppp multilink

!

interface Serial2:23

no ip address

no ip directed-broadcast

encapsulation ppp

isdn switch-type primary-5ess

isdn incoming-voice modem

no fair-queue

no cdp enable

ppp authentication chap pap

ppp multilink

!

interface Serial3:23

no ip address

no ip directed-broadcast

encapsulation ppp

isdn switch-type primary-5ess

isdn incoming-voice modem

no fair-queue

no cdp enable

ppp authentication chap pap

ppp multilink

!

interface FastEthernet0

ip address 192.76.69.20 255.255.255.0

no ip directed-broadcast

ip nat outside

duplex full

speed auto

!

interface Group-Async1

ip unnumbered Loopback0

no ip directed-broadcast

encapsulation ppp

async mode interactive

peer default ip address pool dialin_pool

no cdp enable

group-range 1 48

hold-queue 10 in

!

ip local pool dialin_pool 10.1.2.2 10.1.2.49

ip nat inside source list 1 interface FastEthernet0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 192.76.69.254

!

access-list 1 permit any

!

line con 0

transport input none

line 1

autoselect during-login

autoselect ppp

modem InOut

transport input all

line 2 48

autoselect during-login

autoselect ppp

modem InOut

modem busyout

transport input all

line aux 0

line vty 0 4

timeout login response 180

password 7 030A5206020E

!

end

Start without NAT first and see if you can atleast ping the ip add of loopback interface after dialin...After that configure NAT..

Now From the router itself, First ping ip address 192.76.69.83 with the source ip add of loopback interface and see the results..That has to be successful first..

Now looks to me that dialin users are getting the privet ip address so you need to have the "ip nat inside" under the interface group-async 1..Also no need to have that under the loopback interface...Tejal

In that case, do I need a ip address for interface group-async 1

No...You can use ip from loopback using "ip unnumbered Loopback0" under the group-async interface...Tejal