Does HSRP work with IOS Firewall / NAT

Unanswered Question
Jun 15th, 2007

I have two Cisco 3845 routers with switch modules installed.

I am running the Advanced security feature set and using the IOS firewall features with my ISP connection comming directly into one of the Gig ports on my router. Can HSRP be used when NAT is enabled on the router? I would have duplicate NAT entries on both routers an would need to have the outside Gig interface on the second router connected at the same time at the primary router.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
mohammedmahmoud Fri, 06/15/2007 - 21:04


When running HSRP between 2 routers, the standby router takes over if the active router goes down. But if this happens when you're using NAT, the traffic flow will be impacted and thus you need to use Cisco IOS Stateful NAT (SNAT) feature, which helps provide higher availability and higher redundancy on your network when using NAT.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

rjessen Sat, 06/16/2007 - 06:03

Thanks for the reply. It was very helpful. Is there a way to NAT and Firewall rules autimatically replicated from one router to the other? Would implementing Cisco Security Manager to manage the configurations make this easier?


This Discussion