RE: Loopback interface + NAT

From: Phillip McCollum (phillip.mccollum@ins.com)
Date: Fri Aug 03 2007 - 18:58:45 ART

• Next message: Victor Cappuccio: "RE: TCP Intercept"
• Previous message: EdmondsSG@aol.com: "Catalyst Trace problem"
• Maybe in reply to: Chamara Peris: "Loopback interface + NAT"
• Next in thread: Chamara Peris: "Re: Loopback interface + NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just did a quick lab on the first part of this question, no crypto involved.
Here's the topology:

R1-----FastEthernet-----R4-----FrameRelay-----R5

I got it to work with the following config (just the relevant info):

=========================================================

[R1]

interface FastEthernet0/0
 ip address 10.0.0.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.0.4

=========

[R4]

interface Loopback0
 ip address 4.4.4.4 255.255.255.0
 ip nat outside

interface FastEthernet0/0
 ip address 10.0.0.4 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map FA0->LO0

interface Serial1/0.1 point-to-point
 ip address 155.1.0.4 255.255.255.0
 ip nat outside
 frame-relay interface-dlci 405

ip nat inside source list INSIDE_NET interface Loopback0 overload
ip access-list standard INSIDE_NET
 permit 10.0.0.0 0.0.0.255
!
route-map FA0->LO0 permit 10
 set interface Loopback0

=========

[R5]

interface Loopback0
 ip address 150.1.5.5 255.255.255.0
 ip ospf network point-to-point

interface Serial1/0.1 point-to-point
 ip address 155.1.0.5 255.255.255.0
 frame-relay interface-dlci 504

ip route 4.4.4.0 255.255.255.0 Serial1/0.1

======================================================

Output of [R1] ping:

R1#ping 150.1.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/119/184 ms
R1#

Output of [R4] nat translation:

R4#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 4.4.4.4:11 10.0.0.1:11 150.1.5.5:11 150.1.5.5:11

HTH,
Phillip

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chamara Peris
Sent: Friday, August 03, 2007 2:05 PM
To: Cisco certification
Subject: Loopback interface + NAT

Hi All,

I am wondering if I setup up loopback interface with a public IP address
block ( routed by isp). Is it possible to get nat traffic pass through
this?. Also is it possible to terminate a tunnel on crypto interface (crypto
map test) ? And do I have to specify crypto map mymap local-address lo0?

Example:

 interface Loopback0
 ip address 203.33.33.33 255.255.255.252
 ip nat outside
 crypto map test

Thanks heaps

• Next message: Victor Cappuccio: "RE: TCP Intercept"
• Previous message: EdmondsSG@aol.com: "Catalyst Trace problem"
• Maybe in reply to: Chamara Peris: "Loopback interface + NAT"
• Next in thread: Chamara Peris: "Re: Loopback interface + NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART