05-11-2024 02:06 PM
Hi everyone,
Currently, I've been using the Interface NAT type for Direct Internet Access (DIA) across multiple networks.
However, I recently came across a Cisco article (Below link) suggesting the utilization of a Loopback interface for DIA instead. I'm a bit confused about this approach and would appreciate it if someone could explain to me how I can implement and configure the loopback interface for DIA.
05-11-2024 02:51 PM
Hi,
could you point what is exactly you want to highlight from the doc? Basically, NAT using loopback is supported as you show in picture (which is part of interface template). You simple enable NAT with loopback and traffic will be overloaded (i.e PAT) using loopback interface IP instead of interface IP.
05-12-2024 02:20 AM - edited 05-12-2024 02:33 AM
I'm not convinced why I should use a Loopback interface instead of a Physical interface. Can you please provide an example of a situation in which I can use a Loopback interface for Direct Internet Access (DIA)?
05-12-2024 03:07 AM
Hi,
this is just possibility of different options. There is no strict preference between physical and loopback usage. For example, for better security you may not want to NAT overload user traffic to interface IP but to another IP from the loopback.
One more example, you have private IP based interconnection with IPs and loopback NAT (where is public IP) is essential to translate users' IPs to public IP .
05-12-2024 12:11 AM
That is one of the option available for you to use it, it is not mandatory to use loopback,
From Cisco IOS XE Catalyst SD-WAN Release 17.14.1a, you can configure multiple NAT types for an interface.
You should not dependent on any physical interface for NAT, so you can use loopback
check the usecase mentioned your document ""Multiple NAT DIA Methods on an Interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide