hi

the config of the router is given below

--------------------------------------------------

sh run

Building configuration...

Current configuration : 4714 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret xxxx

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

--More-- mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

!

no ip ips deny-action ips-interface

ip domain name yourdomain.com

ip name-server 203.x.x.30

ip name-server 202.x.x.50

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group WindowsVpn

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

vpdn-group vpnWindows

!

--More-- !

no ftp-server write-enable

!

!

crypto pki trustpoint TP-self-signed-2572555141

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2572555141

revocation-check none

rsakeypair TP-self-signed-2572555141

!

!

crypto pki certificate chain TP-self-signed-2572555141

certificate self-signed 01

17806F5D 3656E40B A59F3BC9 4824819F 139F4DF6 757390A6

username cisco privilege 15 password xxx

!

crypto keyring WindowsVpn

pre-shared-key address 0.0.0.0 0.0.0.0 key cisco

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp keepalive 3600

no crypto isakmp ccm

crypto ipsec security-association lifetime seconds 600

!

crypto ipsec transform-set divita esp-3des esp-sha-hmac

!

crypto dynamic-map DYN_MAP 10

set transform-set divita

!

!

crypto map CRYP_MAP 6000 ipsec-isakmp dynamic DYN_MAP

!

!

!

interface Loopback0

no ip address

!

interface FastEthernet0/0

description LINT TO INTERNET

ip address 61.17.x.x.x.255.0

ip nat outside

ip virtual-reassembly

shutdown

duplex auto

interface FastEthernet0/1

description LINK TO LAN

ip address 10.129.149.80 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Virtual-Template1

ip unnumbered Loopback0

peer default ip address pool POOL

ppp mtu adaptive

ppp authentication chap ms-chap

!

ip local pool POOL 172.16.1.2 172.16.1.254

ip classless

ip route 0.0.0.0 0.0.0.0 61.17.249.1

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit any

!

!

control-plane

!

banner login ^C

!

line con 0

login local

line aux 0

line vty 0 4

password cisco

login

transport input telnet

line vty 5 15

privilege level 15

login local

transport input none

!

warm-reboot

end

whenever i remove the nating i am able to telnet from outside and able to connect thrgh pptp. but when i put nating i cant telnet and cant connect thrgh pptp.

The original post indicated that the problem was that if you put an access list on an interface it blocked your telnet. This post indicates that the problem is that if you enable NAT it blocks telnet. Those are significantly different symptoms.

I see that FastEthernet0/0 is shutdown. Do you have the same symptoms when it is no shut? Since that interface is the address to which you NAT I can believe that it might be a problem if it was shutdown?

I am not sure that it is related, but I notice something else that seems not right. The virtual template interface uses ip unnumbered:

interface Virtual-Template1

ip unnumbered Loopback0

but the loopback 0 interface has no IP address.

HTH

Rick

thank you sir