- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: NAT on loopback interface
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-08-2008 09:24 AM
тАО05-08-2008 09:24 AM
NAT on loopback interface
I'd like to NAT several networks attached to different interfaces. Being lazy enough not to configure access-policy on each interface I created loop int for NATting
interface loop 1
ip address 192.168.0.104 255.255.255.255
no shutdown
access-policy NAT
ip policy-class NAT
nat destination list NAT_ACCESS address 192.168.2.70
ip access-list extended NAT_ACCESS
permit gre 192.168.0.0 0.0.1.255 host 192.168.0.104
permit tcp 192.168.0.0 0.0.1.255 host 192.168.0.104 eq 1723
So it means that I want to NAT all the PPTP traffic to the 192.168.2.70/30 server.
Although it works with separate interfaces it does not with the loopback.
Moreover, even applying explicit discard-all access-policy on the loopback does not affect the traffic over that interface whatsoever.
Is this a bug or a feature? I spent 2 hours investigating this issue with no apparent result. Please, share you opinion on this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2008 06:50 AM
тАО05-09-2008 06:50 AM
Re: NAT on loopback interface
I think you should check this :
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2008 08:46 PM
тАО05-09-2008 08:46 PM
Re: NAT on loopback interface
But like I said before on 7102 even simple access-policy applied to the loopback does not work. For example:
interface loop 1
ip address 192.168.0.104 255.255.255.255
no shutdown
access-policy TEST
ip policy-class TEST
allow list ONLYONEHOST
ip access-list standard ONLYONEHOST
permit host 192.168.0.77
Despite access-policy TEST I am able to access loop1 interface from any address, not only from host 192.168.0.77.
I suspect that the fast-switching is implicitly enabled on loop1 and going to check it after the weekend. If it is not the case I am again clueless about what is wrong with my setup.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-11-2008 11:53 PM
тАО05-11-2008 11:53 PM
Re: NAT on loopback interface
Whats your Firmware version ?
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2008 09:57 AM
тАО05-12-2008 09:57 AM
Re: NAT on loopback interface
Firmaware - the lastest - 8.03
have you spotted any mistake in that config? I guess the part of config with the loop interface could be easily replicated so you may see it for youself.
As a part of an extra check I entered this config into cisco 3660 with some adjustments, of course. As I expected cisco can regulate access to the loop interface
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2008 04:11 AM
тАО05-13-2008 04:11 AM
Re: NAT on loopback interface
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2008 04:50 AM
тАО05-13-2008 04:50 AM