Configure Loopback on 1941

Greg Maaaag · ‎01-29-2013

Hello everyone!

I've got some 1941 ciscos set on every branch.

We have native L2 between this offices and I want to use external ip addresses on gig 0\0 interfaces anfdf local ip addresses on lo 0 interfaces, and use lo 0 for vpn connections.

I do:

int gig 0/0

ip add 192.168.181.14 255.255.255.0

ip nat outside

I can ping it from local network behind giga 0/1 but i can't ping it fro outside, how can i do this?

patrick.preuss · ‎01-29-2013

Hi

Cam you please provide more Details about what Networks and The Config. Regarding what you what to so. Maybe a drawing will help.

Patrick

Sent from Cisco Technical Support iPhone App

Greg Maaaag · ‎01-29-2013

Shure)

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname vo

!

boot-start-marker

boot system flash:/c1900-universalk9-mz.SPA.152-2.T.bin

boot-end-marker

!

no aaa new-model

!

no ipv6 cef

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

ip dhcp excluded-address 192.168.200.0 192.168.200.100

!

ip dhcp pool pool

network 192.168.200.0 255.255.255.0

default-router 192.168.200.12

dns-server 192.168.240.100

!

ip flow-cache timeout active 1

ip cef

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1150895397

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1150895397

revocation-check none

rsakeypair TP-self-signed-1150895397

!

crypto pki certificate chain TP-self-signed-1150895397

certificate self-signed 01

3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31313530 38393533 3937301E 170D3133 30313137 31343235

30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31353038

39353339 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100CF84 99BF3D83 04319C0F C0A0CB94 995F790E 1CB35E02 E61DB82D C7F802D6

2CED4FB4 15F23851 CC2B34CD 4D5F361B 7A30D2F8 358E1FDC C249302F 3610C37D

3785084A 11313A21 51AA45B8 82E7FB12 6F193865 78169750 29C395CF 417CECFF

CDF01641 4B8C76C7 4983BC23 500D17F4 AC10A7E5 9AD9603C 4FC8CF74 407562C7

308F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

551D2304 18301680 14448C26 307AF176 92606BCB DFAB80EB 15780CD7 C7301D06

03551D0E 04160414 448C2630 7AF17692 606BCBDF AB80EB15 780CD7C7 300D0609

2A864886 F70D0101 05050003 8181009B 0524D36D FCD95DF3 3C8686F3 AD1A5671

C9E5D263 9019CC62 2DDCCD36 DA653B33 3507E515 CEAC360F 12581860 E984A649

322BF087 FB33B1C1 28DCEA0A EF1E1F24 C583D51B C10C1902 17A2B3FB 5B203965

1931F5D9 6076F9E4 C96621E3 8858A2FE F0822C7A 19171797 A44FE809 E8446C71

C37495F1 60D53B93 21D8F3B5 F16E6B

quit

license udi pid CISCO1941/K9 sn FCZ164791BM

license boot module c1900 technology-package securityk9

!

username * privilege 15 secret 5 $1$imo6$9fM0TAUd6GX9liR2Hp6//.

!

redundancy

!

class-map match-any VOICE-CONTROL

match ip dscp cs3

match ip dscp af31

match protocol rtcp

match protocol mgcp

match access-group name VoIP-Control

class-map match-any pcoip

match access-group 107

class-map match-any voice

match ip dscp ef

match access-group 105

match access-group 106

!

policy-map qos

class voice

priority percent 20

set ip dscp ef

class VOICE-CONTROL

set ip dscp cs3

priority percent 10

class pcoip

priority percent 20

!

crypto isakmp policy 10

encr aes

hash md5

authentication pre-share

group 2

crypto isakmp key 6 * address *

!

crypto ipsec transform-set myset esp-aes esp-md5-hmac

!

crypto map vpn 80 ipsec-isakmp

set peer *

set transform-set myset

match address 102

!

interface Loopback0

ip address 192.168.181.13 255.255.255.0

ip nat outside

ip virtual-reassembly in

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address * 255.255.255.240

ip flow ingress

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map vpn

service-policy output qos

!

interface GigabitEthernet0/1

ip address 192.168.200.12 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http secure-server

ip flow-export source GigabitEthernet0/0

ip flow-export version 5

ip flow-export destination * 9996

!

ip nat pool switchvox 192.168.200.5 192.168.200.5 netmask 255.255.255.0 type rotary

ip nat inside source list 100 interface GigabitEthernet0/0 overload

ip nat inside source static tcp 192.168.200.5 443 * 443 extendable

ip nat inside source static tcp 192.168.200.5 22 * 2222 extendable

ip nat inside source static tcp 192.168.200.5 5060 * 5060 extendable

ip nat inside source static tcp 192.168.200.20 7000 * 7000 extendable

ip nat inside destination list 105 pool switchvox

ip route 0.0.0.0 0.0.0.0 *

!

ip access-list extended VoIP-Control

permit tcp any any eq 1720

permit tcp any any range 11000 11999

permit udp any any eq 2427

permit tcp any any eq 2428

permit tcp any any range 2000 2002

permit udp any any eq 1719

permit udp any any eq 5060

!

ip sla 1

icmp-echo * source-interface GigabitEthernet0/0

threshold 2

timeout 2000

frequency 5

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo * source-interface GigabitEthernet0/1

threshold 2

timeout 2000

frequency 5

ip sla schedule 2 life forever start-time now

access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.9.0 0.0.0.255

access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.181.0 0.0.0.255

access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.240.0 0.0.0.255

access-list 100 permit ip 192.168.200.0 0.0.0.255 any

access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.9.0 0.0.0.255

access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.181.0 0.0.0.255

access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.240.0 0.0.0.255

access-list 105 permit udp any any eq 5062

access-list 105 permit udp any any range 10000 20000

access-list 105 permit udp any any range 4000 4999

access-list 105 permit tcp any any eq 5222

access-list 105 permit tcp any any eq 843

access-list 105 permit tcp any any eq 5269

access-list 105 permit udp any any eq 1194

access-list 105 permit udp any any eq 4569

access-list 106 permit ip any * 0.0.0.3

access-list 106 permit ip any 192.168.181.0 0.0.0.255

access-list 107 permit ip any host *

!

route-map vpn permit 10

match ip address 102

!

snmp-server community * RO

snmp-server ifindex persist

snmp-server enable traps entity-sensor threshold

!

control-plane

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login local

transport input all

!

scheduler allocate 20000 1000

!

end