Re: Loopback interface + NAT

From: Ben (bmunyao@gmail.com)
Date: Mon Aug 06 2007 - 12:17:14 ART

• Next message: mihai: "Re: IP Multicast"
• Previous message: Gregory Gombas: "EIGRP metric calculation demystified"
• Maybe in reply to: Chamara Peris: "Loopback interface + NAT"
• Next in thread: Chamara Peris: "Re: Loopback interface + NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Chamara,

I once had a problem getting a config similar yours to work, till i added
the "inside" keyword.

ip nat inside source static tcp 192.168.50.100 9022 interface Loopback0 9022

I don't know if this is the reason for your problem but you can give it a
try and see.

Ben

On 8/6/07, Chamara Peris <dimsyboy@gmail.com> wrote:
>
> Hi Guys,
>
> Thanks for the input. I have this issue related to nat & port forwarding
> now. I did a port forward from loopback0 interface to a inside host. But
> port forward doesn't connect. Any idea's?
>
>
> ip nat source static tcp 192.168.50.100 9022 interface Loopback0 9022
>
> Regards
> CP
>
>
>
>
> On 8/6/07, Jason Sutterfield <JSutterfield@chkenergy.com> wrote:
> >
> > Yes, both are possible but the config is just a little different than
> what
> > you describe.
> >
> > For the crypto part, you do have to specify "crypto map mymap
> > local-address lo0'
> > But the actual crypto map gets applied to the real interface the traffic
> > will cross to get out.
> >
> > Here is a sample config showing both:
> >
> > crypto isakmp policy 1
> > hash md5
> > authentication pre-share
> > crypto isakmp key randomkey address 55.55.55.55
> > !
> > !
> > crypto ipsec transform-set AES esp-aes esp-md5-hmac
> > !
> > crypto map mymap local-address Loopback0
> > crypto map mymap 1 ipsec-isakmp
> > set peer 55.55.55.55
> > set transform-set AES
> > match address 110
> > !
> > !
> > !
> > interface Loopback0
> > ip address 76.76.76.76 255.255.255.248
> > ip nat outside
> > !
> > interface FastEthernet0/0
> > ip address 10.10.10.1 255.255.255.224
> > ip nat inside
> > !
> > interface Serial0/0/0
> > ip address 76.76.77.77 255.255.255.252
> > ip nat outside
> > crypto map mymap
> > !
> > ip route 0.0.0.0 0.0.0.0 76.76.77.77
> > !
> > ip nat inside source route-map nonat interface Loopback0 overload
> > !
> > access-list 110 permit ip 10.10.10.0 0.0.0.31 192.168.0.0 0.0.255.255
> > access-list 110 permit ip 10.10.10.0 0.0.0.31 172.16.0.0 0.15.255.255
> > access-list 110 permit ip 10.10.10.0 0.0.0.31 10.0.0.0 0.255.255.255
> > access-list 120 deny ip 10.10.100.0 0.0.0.31 192.168.0.0 0.0.255.255
> > access-list 120 deny ip 10.10.100.0 0.0.0.31 10.0.0.0 0.255.255.255
> > access-list 120 deny ip 10.10.100.0 0.0.0.31 172.16.0.0 0.15.255.255
> > access-list 120 permit ip 10.10.100.0 0.0.0.31 any
> > !
> > route-map nonat permit 10
> > match ip address 120
> > !
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Chamara Peris
> > Sent: Friday, August 03, 2007 4:05 PM
> > To: Cisco certification
> > Subject: Loopback interface + NAT
> >
> > Hi All,
> >
> > I am wondering if I setup up loopback interface with a public IP address
> > block ( routed by isp). Is it possible to get nat traffic pass through
> > this?. Also is it possible to terminate a tunnel on crypto interface
> > (crypto
> > map test) ? And do I have to specify crypto map mymap local-address lo0?
> >
> >
> > Example:
> >
> > interface Loopback0
> > ip address 203.33.33.33 255.255.255.252
> > ip nat outside
> > crypto map test
> >
> >
> > Thanks heaps
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > This email (and attachments if any) is intended only for the use of the
> > individual or entity to which it is addressed, and may contain
> information
> > that is privileged, confidential and exempt from disclosure under
> applicable
> > law. If the reader of this email is not the intended recipient, or the
> > employee or agent responsible for delivering this message to the
> intended
> > recipient, you are hereby notified that any dissemination, distribution
> or
> > copying of this communication is strictly prohibited. If you have
> received
> > this communication in error, please notify the sender immediately by
> return
> > email and destroy all copies of the email (and attachments if any).
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: mihai: "Re: IP Multicast"
• Previous message: Gregory Gombas: "EIGRP metric calculation demystified"
• Maybe in reply to: Chamara Peris: "Loopback interface + NAT"
• Next in thread: Chamara Peris: "Re: Loopback interface + NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART