Same public IP used with static NAT and PAT

jdavid6568 · ‎05-16-2012

I have a customer that is currently configured to use the same publically routable IP address with a static NAT translation and also in a PAT pool. I'm posting a short blurb of the output I'm seeing in the config. Does anyone know if this is possible and if so how it's working?

interface Loopback0

description Management loopback

ip address 168.162.58.99 255.255.255.255

!

interface Loopback1

description BGP loopback

ip address 10.128.33.228 255.255.255.255

!

interface Loopback3

description Used-for-NAT

ip address 168.162.103.81 255.255.255.240

!

interface FastEthernet0/0

ip address 12.176.226.51 255.255.255.0

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

crypto map Customer_Access

!

interface FastEthernet0/1

description Customer_LAN

ip address 10.121.34.5 255.255.255.248

ip nat inside

ip virtual-reassembly

ip policy route-map fragment

speed 100

full-duplex

!

interface Async0/1/0

no ip address

encapsulation slip

!

router bgp 64614

no synchronization

bgp router-id 10.128.15.18

bgp log-neighbor-changes

network 168.162.58.99 mask 255.255.255.255

network 168.162.103.80 mask 255.255.255.240

neighbor 67.20.175.213 remote-as 7381

neighbor 67.20.175.213 ebgp-multihop 255

neighbor 67.20.175.213 update-source Loopback1

neighbor 67.20.175.213 soft-reconfiguration inbound

no auto-summary

!

no ip http server

no ip http secure-server

ip nat inside source list 90 interface Loopback3 overload

ip nat inside source static 38.252.82.186 168.162.103.82

ip nat inside source static 10.121.16.21 168.162.103.83

ip nat inside source static 10.121.16.8 168.162.103.84

ip nat inside source static 10.148.136.24 168.162.103.85

ip nat inside source static 10.148.136.25 168.162.103.86

ip nat inside source static 10.105.4.70 168.162.103.87

ip nat inside source static 10.153.80.69 168.162.103.88

ip nat inside source static 10.153.2.58 168.162.103.89

access-list 90 permit 38.252.82.186

access-list 90 permit 38.252.82.191

access-list 90 permit 10.121.16.0 0.0.0.255

access-list 90 permit 10.120.29.0 0.0.0.255

access-list 90 permit 10.121.34.0 0.0.0.7

interface Loopback0

description Management loopback

ip address 168.162.58.99 255.255.255.255

!

interface Loopback1

description BGP loopback

ip address 10.128.33.228 255.255.255.255

!

interface Loopback3

description Used-for-NAT

ip address 168.162.103.81 255.255.255.240

!

interface FastEthernet0/0

ip address 12.176.226.51 255.255.255.0

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

crypto map Customer_Access

!

interface FastEthernet0/1

description Customer_LAN

ip address 10.121.34.5 255.255.255.248

ip nat inside

ip virtual-reassembly

ip policy route-map fragment

speed 100

full-duplex

!

interface Async0/1/0

no ip address

encapsulation slip

access-list 90 permit 38.252.82.186
access-list 90 permit 38.252.82.191
access-list 90 permit 10.121.16.0 0.0.0.255
access-list 90 permit 10.120.29.0 0.0.0.255
access-list 90 permit 10.121.34.0 0.0.0.7

John Blakley · ‎05-16-2012

Jason,

The router can nat out whatever addresses they want to as long as the remote side knows how to get back. In your scenario, they have natting configured to use the loopback interface. The interfaces configured for nat are the serial and inside interface.When the packet goes out, it will get natted to the loopback address instead of the serial interface.

In reality, they can nat out any address they wanted without having a loopback configured on the device.

HTH,

John

HTH, John *** Please rate all useful posts ***