Solved: Re: ip nat inside source list with loopback overload specified

Brett.Cohen · ‎09-22-2010

For the command:

"ip nat inside source list 110 interface Loopback0 overload"

I understand that my access list 110 specifies which IP addresses will be considered as a NAT source, but what does Loopback0 overload mean?

Thanks

Nagaraja Thanthry · ‎09-29-2010

Hello,

Please try the following:

interface Serial0/0.1 point-to-point

description --- To bxxx517 - S3/0/1.76 - CIR 128K - EIR 0

ip address 107.209.66.170 255.255.255.252

no ip nat outside

ip nat enable

frame-relay interface-dlci 526

class COS-OUT-S0/0.1

interface FastEthernet0/0

description ---

ip address 10.215.100.17 255.255.255.0

no ip nat inside

ip nat enable

interface Loopback0

ip address 64.1.1.1 255.255.255.255

ip nat enable

no ip nat inside source list 110 interface Loopback0 overload

route-map OUT

match ip address 110

access-list 110 permit ip any 107.1.26.0 0.0.0.127

access-list 110 permit ip any 107.30.127.128 0.0.0.127

access-list 110 permit ip any 107.30.144.0 0.0.0.127

access-list 110 permit ip any 107.30.144.248 0.0.0.7

access-list 110 permit ip any 107.30.170.0 0.0.0.255

access-list 110 permit ip any 107.30.171.0 0.0.0.255

access-list 110 permit ip any 107.1.27.0 0.0.0.31

access-list 110 permit ip any 107.1.27.32 0.0.0.31

ip nat source route-map OUT interface Loopback0 overload

Hope this helps.

Regards,

NT

View solution in original post

Nagaraja Thanthry · ‎09-22-2010

Hello,

All source addresses of the packets that match access-list 110 will be converted to Loopback 0 IP address when exiting the router.

If the original source was 192.168.1.1 and the loopback address was 64.1.1.1, then when the packet goes out of the router, it will have a source IP of 64.1.1.1. The source port will also be changed to a random port as assigned by the Router.

Hope this helps.

Regards,

NT

Brett.Cohen · ‎09-29-2010

Hi Nagaraja,

That seems to make perfect sense. And it seems to work the same way as an IP NAT INSIDE SOURCE STATIC command.

But it does not seem appropriate for my design !

The way it is supposedly working in my current design is that when on incoming packet is received at my router Serial (WAN) interface (defined as IP NAT Outside) from a source address of 107.30.127.240 (first octet changed for anonymity), the source address is supposed to appear as the loopback address of 64.1.1.1

********

interface Serial0/0.1 point-to-point

description --- To bxxx517 - S3/0/1.76 - CIR 128K - EIR 0

ip address 107.209.66.170 255.255.255.252

ip nat outside

frame-relay interface-dlci 526

class COS-OUT-S0/0.1

********

interface FastEthernet0/0

description ---

ip address 10.215.100.17 255.255.255.0

ip nat inside

********

Loopback0 address 64.1.1.1 255.255.255.255

********

ip nat inside source list 110 interface Loopback0 overload

********

access-list 110 permit ip any 107.1.26.0 0.0.0.127

access-list 110 permit ip any 107.30.127.128 0.0.0.127

access-list 110 permit ip any 107.30.144.0 0.0.0.127

access-list 110 permit ip any 107.30.144.248 0.0.0.7

access-list 110 permit ip any 107.30.170.0 0.0.0.255

access-list 110 permit ip any 107.30.171.0 0.0.0.255

access-list 110 permit ip any 107.1.27.0 0.0.0.31

access-list 110 permit ip any 107.1.27.32 0.0.0.31

Any comments?

Thanks, Brett

Nagaraja Thanthry · ‎09-29-2010

Hello,

Please try the following:

interface Serial0/0.1 point-to-point

description --- To bxxx517 - S3/0/1.76 - CIR 128K - EIR 0

ip address 107.209.66.170 255.255.255.252

no ip nat outside

ip nat enable

frame-relay interface-dlci 526

class COS-OUT-S0/0.1

interface FastEthernet0/0

description ---

ip address 10.215.100.17 255.255.255.0

no ip nat inside

ip nat enable

interface Loopback0

ip address 64.1.1.1 255.255.255.255

ip nat enable

no ip nat inside source list 110 interface Loopback0 overload

route-map OUT

match ip address 110

access-list 110 permit ip any 107.1.26.0 0.0.0.127

access-list 110 permit ip any 107.30.127.128 0.0.0.127

access-list 110 permit ip any 107.30.144.0 0.0.0.127

access-list 110 permit ip any 107.30.144.248 0.0.0.7

access-list 110 permit ip any 107.30.170.0 0.0.0.255

access-list 110 permit ip any 107.30.171.0 0.0.0.255

access-list 110 permit ip any 107.1.27.0 0.0.0.31

access-list 110 permit ip any 107.1.27.32 0.0.0.31

ip nat source route-map OUT interface Loopback0 overload

Hope this helps.

Regards,

NT