cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
5
Helpful
9
Replies

Stateful NAT with primary and backup

Kevin Dorrell
Level 10
Level 10

I am having some problems with Stateful NAT. The translation works OK at the primary, but the NAT table at the backup seems to have mangled the session information. Has anyone else seen this? I am using 12.2(15)T17.

(Oh I wish we could use the code HTML tag ... this is going to look awful ...)

<code>

R3#show run | beg Stateful

ip nat Stateful id 3

primary 148.49.103.1

peer 148.49.104.1

mapping-id 30

ip nat pool NAT-pool 148.49.108.180 148.49.108.180 prefix-length 24

ip nat inside source list NAT-match pool NAT-pool mapping-id 30

:

R3#show ip snat distributed

Stateful NAT Connected Peers

SNAT: Mode PRIMARY

: State READY

: Local Address 148.49.103.1

: Local NAT id 3

: Peer Address 148.49.104.1

: Peer NAT id 0

: Mapping List 30

R3#show ip nat trans

Pro Inside global Inside local Outside local Outside global

--- 148.49.108.180 148.49.108.1 --- ---

R4#show run | beg Stateful

ip nat Stateful id 4

backup 148.49.104.1

peer 148.49.103.1

mapping-id 40

ip nat pool NAT-pool 148.49.108.180 148.49.108.180 prefix-length 24

ip nat inside source list NAT-match pool NAT-pool mapping-id 40

:

R4#show ip snat dist

Stateful NAT Connected Peers

SNAT: Mode BACKUP

: State READY

: Local Address 148.49.104.1

: Local NAT id 4

: Peer Address 148.49.103.1

: Peer NAT id 3

: Mapping List 40

R4#show ip nat trans

Pro Inside global Inside local Outside local Outside global

--- 108.1.148.49 0.0.148.49 108.180.0.0 ---

</code>

Kevin Dorrell

Luxembourg

9 Replies 9

Kevin Dorrell
Level 10
Level 10

Bump! Anyone know about SNAT?

Nobody? Can someone at least confim that what I am seeing in the translation table of R4 (which is supposed to be a backup translation for R3) is garbled? Or is it supposed to be like that?

Kevin Dorrell

Luxembourg

?? Anybody out there that knows about SNAT ??

Kevin

Can you post copies of configs re SNAT, a quick topology and a quick explanation.

Assuming i can run this on 2621XM's i will emulate your setup in our lab and have a look at the output. Hopefully sometime this week.

Jon

Hi Jon, thank you very much for replying. I was beginning to think I was talking to the trees ("arboreal interlocution").

Unfortunately I have already broken up the lab, but here (attached) are the details as I remember them. The IGP topology was quite complicated, but I think it could be reduced to 2 VLANs, one on each side of the R3-R4 pair, and a single IGP.

I have just got a stack of 2611XMs to replace my old 12.2(15)T17 2520s and 2600s. That should make things easier when they arrive, 'cos I shall be able to keep a library of configs in flash (which you cannot do with a 2500) and swop them in and out quickly and efficiently.

I don't want to put you to too much trouble, but if you just could have a look at the NAT translation tables on my original posting, and see if you agree with me that R4 looks garbled.

Thanks a million.

Edit: Looking at this agin, I wonder if I should have had the keyword overload in order to get the ports into the table. I wonder if SNAT gets confused if you leave it out.

Kevin Dorrell

Luxembourg

Sorry, corrected document attached

Hi Kevin

Apologies for the delay in getting back but i finally got some time to lab this up.

Please see attached word doc for details. Rather than keep you in suspense, it did work for me although i was using different IOS.

Any questions, further tests let me know.

Jon

Thank you Jon, that's really really helpful.

So, with your version, your backup SNAT recorded 148.49.108.180, as opposed to mine which recorded 108.180.148.49. So it looks like a bug in 12.2(15)T17.

I shall be able to try it now, 'cos my wife just phoned to tell me that a parcel arrived this morning with a stack of 2611XMs in it. It'll be a difficult balance of family vs. lab this weekend!

Have a nice weekend.

Kevin Dorrell

Luxembourg

Kevin

No problem, glad to be of help and thanks for the rating.

I'd never done SNAT before so it was a useful exercise.

Have fun with your new routers :)

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco