at work they have NAT overload on a Loopback but...

itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
they do not have ip nat inside on the loopback but have it on the real interface? huh what does that mean when there is no ip nat inside on the loopback but they are NAT overloading it?

Comments

  • fredrikjjfredrikjj Member Posts: 879
    I'm not exactly a NAT wizard, but my take on it is that they are using the loopback address as the outside address, but this doesn't mean that this has to be the interface configured with the ip nat outside command. The ip nat inside|outside commands are used to trigger translation of traffic, other configuration decides how traffic should be translated. Technically, you don't even need to reference an interface to do PAT like they are doing, instead you could just create a pool with one address, I think, it's been a while since I did any NAT.

    PS.
    I'm guessing that the config is something like this:

    interface f0/1
    ip nat inside
    !
    interface f0/2
    ip nat outside
    !
    interface loopback0
    ip add 83.0.0.1 255.255.255.0
    !
    ip nat inside source list NAT_ACL_INTERNAL interface loopback0 overload


    You could probably just do it like this:

    ip nat inside source list NAT_ACL_INTERNAL pool OUTSIDE_IP_ACL overload

    A bit more intuitive I think, and you don't make your NAT config dependent on the loopback interface. Probably syntax errors in this config and I haven't defined the pool, but you get the idea.
  • tomtom1tomtom1 Member Posts: 375
    itdaddy wrote: »
    they do not have ip nat inside on the loopback but have it on the real interface? huh what does that mean when there is no ip nat inside on the loopback but they are NAT overloading it?

    Your wording isn't exactly clear, perhaps you could post a partial config?

    @Frederik: You need the NAT statements to define the inside and outside interface(s). You do not have to do overload on the interface IP address perse, but my take on it is that you need to do the ip nat inside / ip nat outside on the corresponding interfaces to let the NAT process know from where to where it should perform the NAT (overload). Unless I'm horribly wrong and someone can correct me. :)
  • fredrikjjfredrikjj Member Posts: 879
    tomtom1 wrote: »
    @Frederik: You need the NAT statements to define the inside and outside interface(s). You do not have to do overload on the interface IP address perse, but my take on it is that you need to do the ip nat inside / ip nat outside on the corresponding interfaces to let the NAT process know from where to where it should perform the NAT (overload).

    Certainly, I was just being really lazy with my alternate config.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    yeah Fred we do the custom pool with acl and or route maps, it just looks weird when I have not been taught that the inside and outside statements on are the LAN and WAN interfaces and then you NAT overload the Loopback address. Just looks weird but as long as there is routing.. what does the ip nat inside and ip nat outside really do? if you over load the loopback anyway? I though this was to tell which to over load and the nat statement is suppose to jive with your nat statement which ours does it says OVERLOAD on the loopback? just wondering why don't you put under the loopback ip nat outside? like I have seen some example configs? I just don't understand what overloading the loopback does? really?
  • reaper81reaper81 Member Posts: 631
    How many interfaces does the router have? I've seen NAT on a stick on routers where there is only one interface, so a single interface is acting as "inside" and "outside". You can then use PBR + NAT to do NAT on a stick.
    Daniel Dib
    CCIE #37149
Sign In or Register to comment.