Showing results for 
Search instead for 
Did you mean: 

How does NAT work with secondary addresses?


Core Issue

Network Address Translation (NAT) replaces IP addresses in a packet with different IP addresses. NAT is useful for conserving IP addresses, and connecting a private network with an unregistered address to a public network like Internet. Secondary addresses can be configured on Cisco routers when the same physical segment to which a router interface is connected serves multiple logical networks.


While configuring NAT, interfaces need to be identified as part of either inside or outside networks. For NAT to work, it generally requires more than one physical interface, since a packet must be forwarded from a NAT inside interface to a NAT outside interface or vice-versa for address translation to take place. There may be situations where only a single physical interface is used to connect multiple logical networks using secondary addresses, and also use NAT to translate the addresses in packets entering and leaving through the same physical interface.

Such a configuration, known as "NAT on a stick," is possible through the use of a loopback interface and Policy Based Routing (PBR) technique on the router. For more information about this topic with examples, refer to Network Address Translation on a Stick.