Nat on a stick - Cisco

Nat on a Stick used mostly when you trying connect to remote computer by a forwarding port
through VPN tunnel, the connection will drop even if there's connectivity to remote computer ( by ICMP packet for example).

The packet from the VPN  tunnel reach the remote station, but because there's a NAT command on the remote router that forward the port we trying to connect, the packet back will perform a NAT, and will not enter to the VPN  tunnel back.


The solution is to create a route-map that sent all the traffic back from the local lan to the tunnel, by next hop to a loopback interface that not perform NAT.

Here's the steps:

1. Create a Loopback

    conf t

    int loopback 1002

    ip address

2. Create access list from lan to VPN lan

    ip access-list ex NO_NAT_VPN
    permit ip

3. Next, need to configure a route map

   rotue-map NO_NAT_VPN

   match ip add NO_NAT_VPN
   set ip next hop

4. Need to apply the route map on the internal leg

   int vlan 1
   ip policy route-map NO_NAT_VPN


  1. Nice article!
    We are glad to read your blog, and we totally agree with you, the list you shared here is excellent. Keep sharing such articles. Me and my team at Rankofy PPC Company In Chandigarh and Rankofy SEO Services In Chandigarh will surely use your tips.