NAT translation for router initiated traffic

From: Suryakant P (suryakant.pandian@gmail.com)
Date: Wed Jul 30 2008 - 10:20:47 ART

• Next message: Thor Kopp: "BGP Qos-Policy"
• Previous message: CCIE3000: "Are they the same? Multicast ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

There are three physical interfaces and one loopback interface on the
router.My aim is to initiate any telnet session from this router using the
loopback interface.This loopback interface will not be advertised to any
peers.

Hence to make this telnet successful,I made all of the physical interface as
external (ip nat outside) and loopback interface as internal(ip nat
inside).Used one of the physical interface as the Inside Global address in
the "ip nat inside source" command.
*Following are the configurations :
------------------------------------------------------*
interface FastEthernet0/1
 ip address 154.1.45.4 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
end

interface Loopback100
 ip address 154.1.44.4 255.255.255.0
 ip virtual-reassembly
 ip nat inside
end
ip telnet source-interface Loopback100
ip nat inside source list 195 interface FastEthernet0/1 overload
access-list 195 permit tcp host 154.1.44.4 any eq telnet

*Snapshot :
-----------------
*Rack1R4#telnet 150.1.3.3
Trying 150.1.3.3 ... Open

User Access Verification

Password:
Rack1R3>en
Password:
Rack1R3#

Rack1R4#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 154.1.45.4:46232 154.1.44.4:46232 150.1.3.3:23 150.1.3.3:23

Things seemed to work as expected.

But when I removed the "ip nat inside" command from the loopback100
interface, still the nat translation was triggered and telnet session was
successful.

Does the traffic initiated by the router does not check for inside and
outside interface pair for the nat translation to work ?

*Following are the configurations :
------------------------------------------------------
*interface FastEthernet0/1
 ip address 154.1.45.4 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
end

interface Loopback100
 ip address 154.1.44.4 255.255.255.0
end
ip telnet source-interface Loopback100
ip nat inside source list 195 interface FastEthernet0/1 overload
access-list 195 permit tcp host 154.1.44.4 any eq telnet

Rack1R4#telnet 150.1.3.3
Trying 150.1.3.3 ... Open

User Access Verification

Password:
Rack1R3>en
Password:
Rack1R3#

Rack1R4#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 154.1.45.4:56624 154.1.44.4:56624 150.1.3.3:23 150.1.3.3:23
Rack1R4#

Thanks
With regards
Suryakant

Blogs and organic groups at http://www.ccie.net

• Next message: Thor Kopp: "BGP Qos-Policy"
• Previous message: CCIE3000: "Are they the same? Multicast ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:58 ART