All other packets will be routed normally. !- Route map states that any packets that match access-list 102 will !- have the next hop set to 10.0.1.2 and be routed "out" the !- loopback interface. !- Creates route-map "Nat-loop" used for policy routing. !- Access-list 102 defined and used by route-map "Nat-loop" !- which is used for policy routing. !- Static default route set as 192.168.1.1, also a static !- route for network 192.168.2.0/24 directly attached to !- Ethernet 0 !- A static NAT translation is defined for 10.0.0.12 to be !- translated to 192.168.2.1 (this is for host 2 which needs !- to be accessed from the Internet). !- NAT is defined: packets that match access-list 10 will be !- translated to an address from the pool called "external". Ip Nat inside source list 10 pool external overload !- Assigns route-map "Nat-loop" to Ethernet 0 for policy routing. The 10.0.0.2 address !- will be used to communicate with the local hosts. The 192.168.1.2 address will be used to communicate !- through the CM to the CMTS and the Internet. Defines interface Ethernet 0 !- as NAT inside. !- Assigns a primary IP address of 10.0.0.2 and a secondary IP !- address of 192.168.1.2 to Ethernet 0. Defines interface Loopback 0 as !- NAT outside. !- Creates a virtual interface called Loopback 0 and assigns an !- IP address of 10.0.1.1 to it. NAT Router Configuration NAT Router Configuration However, we do mention some important configuration notes with respect to the hosts. Host 2 must be able to be reached from the Internet with the IP address of 192.168.2.1.īecause we can have more hosts than legal addresses, we use the 10.0.0.0/24 subnet for our internal addressing.įor the purposes of this document, we only show the configuration of the NAT router. RequirementsĪll hosts on the network must be able to reach the Internet. Upon further request, we received three more-192.168.2.1 to 192.168.2.3-into which NAT translates the hosts in the 10.0.0.0/24 range. The ISP gave us the address 192.168.1.2, which was to be used for a device. The problem we face is that our Internet Service Provider (ISP) has not given us enough valid addresses for the number of hosts that need to reach the Internet. The Cable Modem Termination System (CMTS) is a router and the Cable Modem (CM) is a device that acts like a bridge. The above network diagram is very common in a cable modem set up. Example 1 Network Diagram and Configuration Network Diagram Though other occasions arise where users employ policy routing in conjunction with NAT, we do not consider this to be NAT on a stick because these instances still use more than one physical interface. In fact, the examples in this document may be the only situations in which this configuration is needed. This requirement for NAT has not changed, but this document demonstrates how you can use a virtual interface, otherwise known as a loopback interface, and policy-based routing to make NAT work on a router with a single physical interface. In order for NAT to take place, a packet must be switched from a NAT "inside" defined interface to a NAT "outside" defined interface or vice-versa. Conventionsįor more information on document conventions, refer to Cisco Technical Tips Conventions. Use the Cisco Feature Navigator II ( registered customers only) to determine which IOS versions you can use with this feature.
Cisco router on a stick configuration software#
This feature requires you to use a version of Cisco IOS ® Software that supports NAT. There are no specific requirements for this document. This degrades the performance of the router. Note: The router must process switch every packet due to the loopback interface. Just as we can use subinterfaces of the same physical interface to perform Inter-Switch Link (ISL) trunking, we can use a single physical interface on a router in order to accomplish NAT. What do we mean by Network Address Translation (NAT) on a stick? The term "on a stick" usually implies the use of a single physical interface of a router for a task.