https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194430#M14167 Not exactly this policy because all the real/production interfaces already have applied policies and I don't exactly have time to build a new circuit for the simulation. <BR />Firmaware - the lastest - 8.03<BR /><BR />have you spotted any mistake in that config? I guess the part of config with the loop interface could be easily replicated so you may see it for youself.<BR /><BR />As a part of an extra check I entered this config into cisco 3660 with some adjustments, of course. As I expected cisco can regulate access to the loop interface Mon, 12 May 2008 16:57:29 GMT _blkdog 2008-05-12T16:57:29Z https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194426#M14163 It concerns 7102 router.<BR />I'd like to NAT several networks attached to different interfaces. Being lazy enough not to configure access-policy on each interface I created loop int for NATting<BR /><BR />interface loop 1<BR /> ip address 192.168.0.104 255.255.255.255<BR /> no shutdown<BR /> access-policy NAT<BR /><BR />ip policy-class NAT<BR /> nat destination list NAT_ACCESS address 192.168.2.70<BR /><BR />ip access-list extended NAT_ACCESS<BR /> permit gre 192.168.0.0 0.0.1.255 host 192.168.0.104 <BR /> permit tcp 192.168.0.0 0.0.1.255 host 192.168.0.104 eq 1723 <BR /><BR />So it means that I want to NAT all the PPTP traffic to the 192.168.2.70/30 server.<BR /><BR />Although it works with separate interfaces it does not with the loopback.<BR />Moreover, even applying explicit discard-all access-policy on the loopback does not affect the traffic over that interface whatsoever. <BR />Is this a bug or a feature? I spent 2 hours investigating this issue with no apparent result. Please, share you opinion on this. Thu, 08 May 2008 16:24:13 GMT https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194426#M14163 _blkdog 2008-05-08T16:24:13Z https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194427#M14164 Hi<BR /><BR />I think you should check this :<BR /><A href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml</A><BR /><BR />Good Luck !!! Fri, 09 May 2008 13:50:21 GMT https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194427#M14164 Mohieddin Kharnoub 2008-05-09T13:50:21Z https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194428#M14165 Nice link, thanks a lot. This is almost exact setup that I want to configure myself and I bet on Cisco it would work like a charm.<BR />But like I said before on 7102 even simple access-policy applied to the loopback does not work. For example: <BR /><BR />interface loop 1<BR />ip address 192.168.0.104 255.255.255.255<BR />no shutdown<BR />access-policy TEST<BR /><BR />ip policy-class TEST<BR />allow list ONLYONEHOST<BR /><BR />ip access-list standard ONLYONEHOST<BR />permit host 192.168.0.77<BR /><BR />Despite access-policy TEST I am able to access loop1 interface from any address, not only from host 192.168.0.77.<BR /><BR />I suspect that the fast-switching is implicitly enabled on loop1 and going to check it after the weekend. If it is not the case I am again clueless about what is wrong with my setup.<BR /> Sat, 10 May 2008 03:46:15 GMT https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194428#M14165 _blkdog 2008-05-10T03:46:15Z https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194429#M14166 Have you tried this Policy on a Physical Interface ?<BR /><BR />Whats your Firmware version ?<BR /><BR />Good Luck !!! Mon, 12 May 2008 06:53:09 GMT https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194429#M14166 Mohieddin Kharnoub 2008-05-12T06:53:09Z https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194430#M14167 Not exactly this policy because all the real/production interfaces already have applied policies and I don't exactly have time to build a new circuit for the simulation. <BR />Firmaware - the lastest - 8.03<BR /><BR />have you spotted any mistake in that config? I guess the part of config with the loop interface could be easily replicated so you may see it for youself.<BR /><BR />As a part of an extra check I entered this config into cisco 3660 with some adjustments, of course. As I expected cisco can regulate access to the loop interface Mon, 12 May 2008 16:57:29 GMT https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194430#M14167 _blkdog 2008-05-12T16:57:29Z https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194431#M14168 I'd open a case with HP to see if this is expected behaviour or something that can be fixed in a software updaet. Tue, 13 May 2008 11:11:33 GMT https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194431#M14168 Matt Hobbs 2008-05-13T11:11:33Z https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194432#M14169 how am I supposed to do so? Tue, 13 May 2008 11:50:25 GMT https://community.hpe.com/t5/switches-hubs-and-modems/nat-on-loopback-interface/m-p/4194432#M14169 _blkdog 2008-05-13T11:50:25Z