SNAT at remote network perimeter.

Unanswered Question
Jan 23rd, 2008
User Badges:

- H3 is an HSRP GW

- Ethernet owned and managed by owner of H3

- R1 and R2 are owned and managed by me

- R1 and R2 are also running HSRP and H3 forwards to my HSRP GW

This diagram represents a perimeter edge between my network and a business partner. Our business partner owns the Ethernet segment between us, but I have access to that Ethernet segment. I have users coming over one of the two serial links from my main office via s0. This traffic is source-based overload NAT'd to a specific IP address (not the egress interface e0). Return traffic is forwarded to my HSRP Gw, which is typically hosted on R1 (R2 is backup).

This works good as long as no traffic sourced from my main office traverses the serial link connected to R2. If that is the case, then the return traffic attempts to route through R1. Because the source of the traffic was via R2 and that is where the NAT table resides for those connections, the return traffic is dropped at R1 because it is the HSRP GW and has no information in its NAT table.

I've checked into SNAT using the outside-to-inside asymetric method of dealing with this problem, but my situation is someone reversed than those examples. In the Cisco examples the assumption is that the inside interfaces are connected via an Ethernet segment. This my case, the Ethernet segment is outside. I have not been able to figure out a way to implement SNAT outside-to-inside asymetric traffic flow with this reversed situation.

Has anyone or can anyone suggest a method of dealing with this? Remember that I need to perform a many-to-one NAT from s0 to e0 and then statefully replicate the NAT table between the two routers where the inside interface is the serial interfaces and the outside interfaces are the Ethernet interfaces.

I apologize for the picture. It was the best I could do.





/ \

H3 | + |





| |

| |

_|_e0(outside) _|_e0(outside)

/ \ / \

R1 | + | R2 | + |

\___/ \___/

|s0(inside) |s0(inside)

| |

|/| |/|

| |

| |

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion