From: Chamara Peris (dimsyboy@gmail.com)
Date: Mon Aug 06 2007 - 02:22:06 ART
Hi Guys,
Thanks for the input. I have this issue related to nat & port forwarding
now. I did a port forward from loopback0 interface to a inside host. But
port forward doesn't connect. Any idea's?
ip nat source static tcp 192.168.50.100 9022 interface Loopback0 9022
Regards
CP
On 8/6/07, Jason Sutterfield <JSutterfield@chkenergy.com> wrote:
>
> Yes, both are possible but the config is just a little different than what
> you describe.
>
> For the crypto part, you do have to specify "crypto map mymap
> local-address lo0'
> But the actual crypto map gets applied to the real interface the traffic
> will cross to get out.
>
> Here is a sample config showing both:
>
> crypto isakmp policy 1
> hash md5
> authentication pre-share
> crypto isakmp key randomkey address 55.55.55.55
> !
> !
> crypto ipsec transform-set AES esp-aes esp-md5-hmac
> !
> crypto map mymap local-address Loopback0
> crypto map mymap 1 ipsec-isakmp
> set peer 55.55.55.55
> set transform-set AES
> match address 110
> !
> !
> !
> interface Loopback0
> ip address 76.76.76.76 255.255.255.248
> ip nat outside
> !
> interface FastEthernet0/0
> ip address 10.10.10.1 255.255.255.224
> ip nat inside
> !
> interface Serial0/0/0
> ip address 76.76.77.77 255.255.255.252
> ip nat outside
> crypto map mymap
> !
> ip route 0.0.0.0 0.0.0.0 76.76.77.77
> !
> ip nat inside source route-map nonat interface Loopback0 overload
> !
> access-list 110 permit ip 10.10.10.0 0.0.0.31 192.168.0.0 0.0.255.255
> access-list 110 permit ip 10.10.10.0 0.0.0.31 172.16.0.0 0.15.255.255
> access-list 110 permit ip 10.10.10.0 0.0.0.31 10.0.0.0 0.255.255.255
> access-list 120 deny ip 10.10.100.0 0.0.0.31 192.168.0.0 0.0.255.255
> access-list 120 deny ip 10.10.100.0 0.0.0.31 10.0.0.0 0.255.255.255
> access-list 120 deny ip 10.10.100.0 0.0.0.31 172.16.0.0 0.15.255.255
> access-list 120 permit ip 10.10.100.0 0.0.0.31 any
> !
> route-map nonat permit 10
> match ip address 120
> !
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Chamara Peris
> Sent: Friday, August 03, 2007 4:05 PM
> To: Cisco certification
> Subject: Loopback interface + NAT
>
> Hi All,
>
> I am wondering if I setup up loopback interface with a public IP address
> block ( routed by isp). Is it possible to get nat traffic pass through
> this?. Also is it possible to terminate a tunnel on crypto interface
> (crypto
> map test) ? And do I have to specify crypto map mymap local-address lo0?
>
>
> Example:
>
> interface Loopback0
> ip address 203.33.33.33 255.255.255.252
> ip nat outside
> crypto map test
>
>
> Thanks heaps
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> This email (and attachments if any) is intended only for the use of the
> individual or entity to which it is addressed, and may contain information
> that is privileged, confidential and exempt from disclosure under applicable
> law. If the reader of this email is not the intended recipient, or the
> employee or agent responsible for delivering this message to the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this communication in error, please notify the sender immediately by return
> email and destroy all copies of the email (and attachments if any).
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART