Edison,

Thank you for your reply.

Unfortunately I can’t find configuration for my scenario on the link, only standard NAT examples. If I’m wrong could you tell me which part of the document is related to my question please?

Piotr, I am just going to ask three questions:

1.  How are you going to connect Router1 Int1 to Router1 loopback Int?

2.  How are you going to connect Router1 loopback Int to Router1 Int2?

3.  95.67.43.0/29 --> Router1 loopback int - (NAT firewall) --> Router1 int2 --> 192.168.20.0/24 means the loopback interface is effectively working as a router.  Is this possible?

95.67.43.0/20 --> Router1 loopback int suggests that you do not really need this network address for connecting to other devices.  In that case, just use ISP --> 83.78.23.0/32 --> Router1 int 1 - (NAT firewall) --> 192.168.20.0/24.

Hi jaighobahi

Answering for you question:

1. Routing between loopback adapter and int1

2. NAT outside on loopback and inside on int2

3. why not?

I need this as at 95.67.43.0/29 range I have 6 usable IP and on 83.78.23.0/30 only 1.

I would imagine configuration like following but wander if this has disadvantages like e.g. difficulties using advanced firewall, VPN or security problems. Will it work? Does anybody have used this solution?

interface Loopback100

ip address 95.67.43.1 255.255.255.248

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/0

ip address 83.78.23.1 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.20.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 83.78.23.2

ip nat pool overld 95.45.252.177 95.45.252.177 prefix-length 29

ip nat inside source list 7 pool overld overload

access-list 7 permit 192.168.20.0 0.0.0.255

The IP NAT Outside command needs to be applied in the egress interface (FastEthernet0/0).

You don't need to have the public subnet in the loopback. The loopback can be removed.

It seems your public IP subnet does not match the pool you've created, typo?

If you have servers and want to assign public IPs to them, you can modify your pool subnet by

removing those IPs and assigning them to the servers via static IP NAT assignment.

Hello Piotr,

I supose you can use the loopback in a nat on the stick scenario, where your router has only one interface for nat inside/outside, then with a route-map and policy routing use the loopback an an inside source address, but in your case you have a valid inside and outside interface to work with and as edision graciously stated there is no need for you to use the loopback in this case.

If you wish to just use the ISP pool, You can deny the isp interface /32 ip from being natted but nat your inside network with the isp /29 ip pool range.

See Below:

interface FastEthernet0/1

ip address 192.168.20.254 255.255.255.0

ip nat inside

interface FastEthernet0/0

ip address 83.78.23.1 255.255.255.252

ip nat outside

ip nat pool overld 95.45.252.177 95.45.252.182 prefix-length 29

ip nat inside source list 7 pool overld overload

access-list 7 deny host 83.78.23.1

access-list 7 permit 192.168.20.0 0.0.0.255

res

Paul

Please don't forget to rate this post if it has been helpful.

Hi Edison,

Thank you for your reply.

Unfortunately I’m not sure what I should do. Could you give me maybe some idea where I should assign IP addresses on the router? I’ve got following details from ISP:

*****************************************CE CONFIG****************************************

interface ge1/0

description Interface ge1/0 Circuit IDXXXXXXXXXX

ip address 83.78.23.2 255.255.255.252

duplex auto

speed auto

no shutdown

! Customer Assigned RIPE Allocation = 95.67.43.1/29

ip route 0.0.0.0 0.0.0.0 83.78.23.1

Note:-

If the access circuit is DSL based the following ATM parameters are applicable.

Interface ATM0.835

pvc 8/35

encapsulation aal5snap

*****************************************************************************************

Now I’m not sure how configuration of the router should looks like. I just thought I need two routers, one will route external IP addresses to pool 95.67.43.1/29 and second which will provide NAT. Or use kind of loopback adapter.

Thank you very much for your help. I haven’t realized I would be able to use IP address on interface from different network than next hoop, I still can’t believe but actually this is working fine as I set up router.

The NAT service creates a pool of virtual addresses that are usable by the router without being associated to an interface.

Edison that a typo,

Meant to say Interface IP

res

Paul

Please don't forget to rate this post if it has been helpful.