nat on loopback

n.bokhar1 · ‎01-29-2018

hi i have this topology

linux: 10.2.2.100

win : 10.2.2.50

i also have two loopback interfaces

loop1 : 1.1.1.1 255.255.255.255

loop2 : 2.2.2.2 255.255.255.255

both interfaces have ip nat outside under config

and i have these nats as well

ip nat inside source static 10.2.2.50 interface loop 1

ip nat inside source static 10.2.2.100 interface loop 2

now i want to connect to my window machine from Linux on 1.1.1.1 ip address

but i cant

how can i do that ?

Julio E. Moisa · ‎01-29-2018

Hi

The switches cannot run NAT, it should be configured on the router, so your configuration should be:

ROUTER

interface loopback 1

ip address 1.1.1.1 255.255.255.255

interface loopback 2

ip address 2.2.2.2 255.255.255.255

interface g0/0

description >>INTERNAL NETWORK<<

ip nat inside

interface g0/1

description >>INTERNET or EXTERNAL NETWORK<<

ip nat outside

ip nat inside source static 10.2.2.50 <interface loop 1 IP address>

ip nat inside source static 10.2.2.100 <interface loop 2 IP address>

ip route 0.0.0.0 0.0.0.0 <public or next hop IP>

** Now if it is used to translate to Internet, the IP addresses used with the loopback should be public IP addresses provided by an ISP.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

n.bokhar1 · ‎01-29-2018

it is configured on the router

n.bokhar1 · ‎01-29-2018

switch is just there for basic connectivity

Julio E. Moisa · ‎01-29-2018

Hi,

Thank you, thas is correct.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Muhammad Uzair · ‎01-29-2018

As sir Julio confirmed config is okay, just give it a try with IP address instead than interface(s).

ip nat inside source static 10.2.2.50 1.1.1.1

ip nat inside source static 10.2.2.100 2.2.2.2

Thank you.

Kindest regards,

Uzzi

Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).

Julio E. Moisa · ‎01-29-2018

Thank you Muhammad, you are right, it was fixed

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

n.bokhar1 · ‎01-29-2018

thank you guys for your replies but that didn't work any other solutions?

Julio E. Moisa · ‎01-29-2018

Hi

Could you please share your configuration, switch and router

Thank you

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

n.bokhar1 · ‎01-29-2018

SWitch:
interface GigabitEthernet0/0
switchport mode access
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 2
switchport mode access
media-type rj45
negotiation auto
interface Vlan1
ip address 10.1.1.1 255.255.255.0
shutdown
!
interface Vlan2
ip address 10.2.2.1 255.255.255.0
!
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2
Router :
interface Loopback1
ip address 1.1.1.1 255.255.255.255
ip nat outside
ip virtual-reassembly in
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0
ip address 10.1.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 172.18.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list NAT interface GigabitEthernet0/1 overload
ip nat inside source static 10.2.2.50 interface Loopback2
ip nat inside source static 10.2.2.100 1.1.1.1
!
ip access-list standard NAT
permit any
!

Julio E. Moisa · ‎01-29-2018

Hi

The loopback address must be known through the next hop, for example:

SWITCH ----- ROUTER (cient) ---- ROUTER (ISP)

ROUTER (client)

* IP nat outside is not required under the loopback interfaces, it can be removed

* You need to add a default route: 0.0.0.0 0.0.0.0 <next hop IP - ISP router interface IP address>

something like:

ip route 0.0.0.0 0.0.0.0 172.18.1.2

The IPS's router must know the following IP addresses:
1.1.1.1/32
2.2.2.2/32

so you could create:

ip route 1.1.1.1 255.255.255.255 <next-hop IP - Client's router Interface IP>

ip route 2.2.2.2 255.255.255.255 <next-hop IP - Client's router Interface IP>

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

paul driver · ‎01-29-2018

Hello

Not sure if you wanted the loopbacks of the rrtr to be natted to a static 172.18.1 x address however in the example below i have applied such nat.

You also have some mis-configuration on the switch regards the vlans and connection to the rtr.

see example below:

Switch:
conf t
ip routing
interface Vlan1
no shutdown

no ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip route 0.0.0.0 0.0.0.0 vlan 1 10.1.1.2

Router :
conf t
ip route 10.2.2.0 255.255.255.0 gig0/0 10.1.1.1
ip route 0.0.0.0 0.0.0.0 gig0/1 172.18.1.x < isp lan facing ip address)

interface Loopback1
ip nat inside

interface Loopback2
ip nat inside

interface GigabitEthernet0/0
ip nat inside

interface GigabitEthernet0/1
ip nat outside

no ip nat inside source static 10.2.2.50 interface Loopback2
no ip nat inside source static 10.2.2.100 1.1.1.1
no ip access-list standard NAT

ip access-list standard NAT
permit ip 10.1.1.0 0.0.0.255 any
permit ip 10.2.2.0 0.0.0.255 any

ip nat source static 1.1.1.1 172.18.1.x
ip nat source static 2.2.2.2 172.18.1.x

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

n.bokhar1 · ‎01-30-2018

thanks to all you guys for your replies but they are not what i look for and also don't work

this is my network i have no other stuff

i want to connect to server 2 from server 1 but with 1.1.1.1 ip address which is set on my routers loopback it is fully working when i connect to the server from the internet but when i do it from server 1 it fails and when i telnet to 1.1.1.1 from server 1 the router cli opens up witch i don't want

so what can i do to :

telnet from server 1 to 1.1.1.1 and my server 2 cli opens not the router.

n.bokhar1 · ‎01-30-2018

i also tried a bunch of other ios versions and other routers they are all do the same

paul driver · ‎01-31-2018

Hello

thrn you will need to nat hairpin to achieve that

https://supportforums.cisco.com/t5/wan-routing-and-switching/nat-reflection-nat-hairpin-on-a-cisco-router/td-p/3302833

https://supportforums.cisco.com/t5/wan-routing-and-switching/nat-hairpinning/td-p/2475807

Res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul