Problem Configuring Nat On a Stick

Unanswered Question
Jul 2nd, 2008

Hi,

I'm trying to configure NAT on a stick just as a learning exercise in my home network. I followed the instructions on Cisco's website (http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml)and also an article on techrepublic (http://blogs.techrepublic.com.com/networking/?p=486) that showed how to configure nat on a stick.

My setup is as follows

Comcast Connection

68.33.x.x IP address

to

Netgear Router

The netgear's gateway is 192.168.0.1 and it leases 192.168.0.10 to one computer on my home network

Right now, I have a hub connected between the Netgear router, the Cisco 2610, and the Windows PC that I will use to get on the internet. The Netgear router hooks into the uplink port on the Hub. The Cisco, and the PC all hook into 2 of the other ports.

The first question I have is whether or not it is better to have a switch or a hub in order to make this work? I know all of the advantages of using a switch but the techrepublic article specifically mentioned using a hub. Is there a reason or will either one work for this type of setup?

I'm trying to configure in a similar fashion as to what both articles said.

Here is my setup

interface Loopback0

ip address 10.0.1.1 255.255.255.252

ip nat outside

!

interface Ethernet0/0

ip address 192.168.0.2 255.255.255.0 secondary

ip address 10.0.0.2 255.255.255.0

ip nat inside

ip policy route-map Nat-loop

half-duplex

!

ip nat pool external 192.168.0.10 192.168.0.10 prefix-length 29

ip nat inside source list 10 pool external overload

ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip route 192.168.0.0 255.255.255.0 Ethernet0/0

access-list 10 permit 10.0.0.0 0.0.0.255

access-list 102 permit ip 10.0.0.0 0.0.0.255 any

access-list 102 permit ip any 192.168.0.0 0.0.0.255

route-map Nat-loop permit 10

match ip address 102

set ip next-hop 10.0.1.2

My router isn't able to connect to anything outside of the local network. Even doing a traceroute to an external IP is not working?

Please advise

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagendra Kumar ... Wed, 07/02/2008 - 05:38

Keith,

Try the below,

route-map Nat-loop permit 10

match ip address 102

set interface loopback 0

Now change, the NAT inside/outside as below,

interface loopback 0

ip nat inside

interface e0/0

ip nat outside

In your config NAT inside and outside is configured in wrong interfaces.

With the new config, Your PBR will forward the packet to loopback interface. Now the packet will be looped and send back from loopback interface to E0/0 (inside i/f to outside i/f) and your NAT will kick in.

HTH,

Nagendra

rskrzek Wed, 07/02/2008 - 05:44

hi,

try this:

route-map Nat-loop permit 10

no set ip next-hop 10.0.1.2

set interface loopback0

regards

romek

Actions

This Discussion