NAT on a Loopback0 Interface

arrul · ‎03-13-2018

Hi Guys, I am new to the Cisco Router. I need some help from you experts badly.

I have a Cisco CSR 1000v launched on AWS. I have totally 4 interfaces say, eth1: 172.25.10.196 (Public Subnet) eth2: 172.25.20.10 (Private Subnet) L0: 90.204.xx.xx l1: 52.10.xx.xx.

I have an IPSec Tunnel to my Vendor which is UP. The problem here is I need to connect to the remote server via Loopback0 interface, i.e 90.204.216.21. However, I feel I am connecting via eth1. I am not sure how I can achieve this. As I researched over the internet. I think I need to setup NAT on a Stick. Basically, I need to connect to remote network 90.xx.xx.xx.xx via loopback interface i.e 90.204.xx xx

Any help would be much appreciated.

Thank you, Arul

ranilf2005 · ‎03-13-2018

Please check your encryption domain access list is allowed the loopback IP you want to source ?

also try to run "sh cry ipsec sa" to see the allowed traffic via the IPSec tunnel.

Ranil Fernando

arrul · ‎03-14-2018

Hi Ranil,
Sorry for the delayed response.
I don't think so if we have allowed the loopback IP in the access list.
We have allowed only l1 and eth1 IP addresses as follows.

access-list 141 permit gre host 52.10.105.195 host 193.29.78.5
access-list 141 permit gre host 172.25.10.196 host 193.29.78.5

Also, On running sh cry ipsec sa. I can see the local addr 172.25.10.196. Which is my eth1 ip address.

Here is think happening,

When i telnet <destination ip> <dest port> --> Not working
telnet <dest ip> <dest port> /source-interface l0 --> working

Please help me.

Thank you for your help.
Arul