IP NAT Pool question

Unanswered Question
Aug 5th, 2008
User Badges:

Hi Experts,

I have one issue here.. There are 2 routers and they are running HSRP on the fast-Ethernet.


THe NAT config is "ip nat pool CISCO x.x.x.x y.y.y.y netmask 255.255.255.0.


ip nat inside source list 21 pool CISCO


access-list 21 permit z.z.z.z



The current NAT always happens at Router 1, meaning when i shown ip nat translations, the entry is there.


Now, when Router 1's HSRP is down, the traffic went to Router 2, but the NAT doesn't get translated there although the commands are the same.


What gone wrong actually?


Thanks,

cindy


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
rsgamage1 Wed, 08/06/2008 - 00:23
User Badges:
  • Bronze, 100 points or more

Hi,


Could you share config. of R1 and R2 with altered sensitive info.?

royalblues Wed, 08/06/2008 - 00:33
User Badges:
  • Green, 3000 points or more

Cindy,


When HSRP state changes, NAT translations will not switch over and all the dynamic NAT entries have to reestablished from the 2nd router. The redundancy is achieved only for static NAT entires which exist in both the routers


Stateful NAT enables continuous service for dynamically mapped NAT sessions.


SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP


http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a0080118b04.shtml

http://www.cisco.com/en/US/docs/ios/12_4/12_4_mainline/snatsca.html


HTH

Narayan


cindylee27 Wed, 08/06/2008 - 00:50
User Badges:

Narayan,

Thanks for your helpful comments.


But if the commands for IP NAT pool also configured at both routers, just curious why the NAT cannot be build again on Router 2 when Router 1 failed on the HSRP?


Thanks,


royalblues Wed, 08/06/2008 - 01:08
User Badges:
  • Green, 3000 points or more

Yes it will.. but the NAT translations have to be reestablished on the second router


Routers do not synchronise the NAT translation entries via HSRP


Narayan

rsgamage1 Wed, 08/06/2008 - 01:14
User Badges:
  • Bronze, 100 points or more

What I understood from Cindy's original post was that there's a problem of re-establishment of NAT translations in R2.


Is that it?



cindylee27 Wed, 08/06/2008 - 02:52
User Badges:

Yeah..

Actually i am curious why the NAT translation cannot work at Router 2. although the command is there..

but i am getting closer to the answer with Narayan and you guys's reply..:)


One thing is, static NAT no prob on Router 2 rite?


is it only applied to Dynamic NAT?


and how can i establish the NAT if i dun want to use SNAT?


thanks.



lamav Wed, 08/06/2008 - 05:13
User Badges:
  • Blue, 1500 points or more

Cindy:


Be clearer.


Is the problem with re-estabishing NAT translations after failover to the secondary or is it that the original NAT translations from the primary are not carried over to the secondary?


VL

cindylee27 Wed, 08/06/2008 - 05:27
User Badges:

VL,


Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..


Thanks again.



lamav Wed, 08/06/2008 - 06:20
User Badges:
  • Blue, 1500 points or more

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.


OK, you don't need SNAT for that. Thats just normal NATing.


Perhaps you should post your configs and lets see what you have going on.


VL



rsgamage1 Wed, 08/06/2008 - 06:24
User Badges:
  • Bronze, 100 points or more

Yes Cindy, let's have a look at your configurations.

lamav Wed, 08/06/2008 - 04:51
User Badges:
  • Blue, 1500 points or more

Narayan:


great explanation!


I like the way you differentiated between static and dynamic NAT. Thats a point a lot of people [used to] miss, including myself.


Victor

cindylee27 Wed, 08/06/2008 - 06:18
User Badges:

VL,


Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..


So,i need to knwo how to re-establish the NAT translation at Router 2 if Router 1 HSRP fails.


Thanks again.


lamav Wed, 08/06/2008 - 06:27
User Badges:
  • Blue, 1500 points or more

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.


OK, you don't need SNAT for that. Thats just normal NATing.


Perhaps you should post your configs and lets see what you have going on.


VL

cindylee27 Thu, 08/07/2008 - 18:11
User Badges:

Thanks VL.


I will get back to you soon. It is dynamic NAT config that runs on both router.


Will get back on the config once ready.



Richard Burts Thu, 08/07/2008 - 18:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Cindy


I do not want to just pile on here. But if we are to give you effective help we really need to see the config (eapecially all the NAT and the interfaces) from both of the routers. You have said a couple of times that the NAT on the second router is similar to the first. We need to see specifically what is the same and what is different.


HTH


Rick

Actions

This Discussion