Re: Loopback interface + NAT

From: Chamara Peris (dimsyboy@gmail.com)
Date: Mon Aug 06 2007 - 20:46:44 ART

• Next message: Serhat Aslan: "Re: Catalyst 3550 - wrr-queue dscp-map command"
• Previous message: Radioactive Frog: "Re: Transcoding G723 to G729"
• Maybe in reply to: Chamara Peris: "Loopback interface + NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Ben,

Worked like a charm.

Thanks heaps.

CP

On 8/7/07, Ben <bmunyao@gmail.com> wrote:
>
> Chamara,
>
> I once had a problem getting a config similar yours to work, till i added
> the "inside" keyword.
>
> ip nat inside source static tcp 192.168.50.100 9022 interface Loopback0
> 9022
>
> I don't know if this is the reason for your problem but you can give it a
> try and see.
>
>
> Ben
>
>
>
> On 8/6/07, Chamara Peris <dimsyboy@gmail.com> wrote:
>
> > Hi Guys,
> >
> > Thanks for the input. I have this issue related to nat & port forwarding
> > now. I did a port forward from loopback0 interface to a inside host. But
> > port forward doesn't connect. Any idea's?
> >
> >
> > ip nat source static tcp 192.168.50.100 9022 interface Loopback0 9022
> >
> > Regards
> > CP
> >
> >
> >
> >
> > On 8/6/07, Jason Sutterfield < JSutterfield@chkenergy.com> wrote:
> > >
> > > Yes, both are possible but the config is just a little different than
> > what
> > > you describe.
> > >
> > > For the crypto part, you do have to specify "crypto map mymap
> > > local-address lo0'
> > > But the actual crypto map gets applied to the real interface the
> > traffic
> > > will cross to get out.
> > >
> > > Here is a sample config showing both:
> > >
> > > crypto isakmp policy 1
> > > hash md5
> > > authentication pre-share
> > > crypto isakmp key randomkey address 55.55.55.55
> > > !
> > > !
> > > crypto ipsec transform-set AES esp-aes esp-md5-hmac
> > > !
> > > crypto map mymap local-address Loopback0
> > > crypto map mymap 1 ipsec-isakmp
> > > set peer 55.55.55.55
> > > set transform-set AES
> > > match address 110
> > > !
> > > !
> > > !
> > > interface Loopback0
> > > ip address 76.76.76.76 255.255.255.248
> > > ip nat outside
> > > !
> > > interface FastEthernet0/0
> > > ip address 10.10.10.1 255.255.255.224
> > > ip nat inside
> > > !
> > > interface Serial0/0/0
> > > ip address 76.76.77.77 255.255.255.252
> > > ip nat outside
> > > crypto map mymap
> > > !
> > > ip route 0.0.0.0 0.0.0.0 76.76.77.77
> > > !
> > > ip nat inside source route-map nonat interface Loopback0 overload
> > > !
> > > access-list 110 permit ip 10.10.10.0 0.0.0.31 192.168.0.0 0.0.255.255
> > > access-list 110 permit ip 10.10.10.0 0.0.0.31 172.16.0.0 0.15.255.255
> > > access-list 110 permit ip 10.10.10.0 0.0.0.31 10.0.0.0 0.255.255.255
> > > access-list 120 deny ip 10.10.100.0 0.0.0.31 192.168.0.0 0.0.255.255
> >
> > > access-list 120 deny ip 10.10.100.0 0.0.0.31 10.0.0.0 0.255.255.255
> > > access-list 120 deny ip 10.10.100.0 0.0.0.31 172.16.0.0 0.15.255.255
> > > access-list 120 permit ip 10.10.100.0 0.0.0.31 any
> > > !
> > > route-map nonat permit 10
> > > match ip address 120
> > > !
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > Chamara Peris
> > > Sent: Friday, August 03, 2007 4:05 PM
> > > To: Cisco certification
> > > Subject: Loopback interface + NAT
> > >
> > > Hi All,
> > >
> > > I am wondering if I setup up loopback interface with a public IP
> > address
> > > block ( routed by isp). Is it possible to get nat traffic pass through
> > > this?. Also is it possible to terminate a tunnel on crypto interface
> > > (crypto
> > > map test) ? And do I have to specify crypto map mymap local-address
> > lo0?
> > >
> > >
> > > Example:
> > >
> > > interface Loopback0
> > > ip address 203.33.33.33 255.255.255.252
> > > ip nat outside
> > > crypto map test
> > >
> > >
> > > Thanks heaps
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > This email (and attachments if any) is intended only for the use of
> > the
> > > individual or entity to which it is addressed, and may contain
> > information
> > > that is privileged, confidential and exempt from disclosure under
> > applicable
> > > law. If the reader of this email is not the intended recipient, or
> > the
> > > employee or agent responsible for delivering this message to the
> > intended
> > > recipient, you are hereby notified that any dissemination,
> > distribution or
> > > copying of this communication is strictly prohibited. If you have
> > received
> > > this communication in error, please notify the sender immediately by
> > return
> > > email and destroy all copies of the email (and attachments if any).
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Serhat Aslan: "Re: Catalyst 3550 - wrr-queue dscp-map command"
• Previous message: Radioactive Frog: "Re: Transcoding G723 to G729"
• Maybe in reply to: Chamara Peris: "Loopback interface + NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART