IP NAT Pool question

Unanswered Question
Aug 5th, 2008

Hi Experts,

I have one issue here.. There are 2 routers and they are running HSRP on the fast-Ethernet.

THe NAT config is "ip nat pool CISCO x.x.x.x y.y.y.y netmask 255.255.255.0.

ip nat inside source list 21 pool CISCO

access-list 21 permit z.z.z.z

The current NAT always happens at Router 1, meaning when i shown ip nat translations, the entry is there.

Now, when Router 1's HSRP is down, the traffic went to Router 2, but the NAT doesn't get translated there although the commands are the same.

What gone wrong actually?

Thanks,

cindy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
rsgamage1 Wed, 08/06/2008 - 00:23

Hi,

Could you share config. of R1 and R2 with altered sensitive info.?

royalblues Wed, 08/06/2008 - 00:33

Cindy,

When HSRP state changes, NAT translations will not switch over and all the dynamic NAT entries have to reestablished from the 2nd router. The redundancy is achieved only for static NAT entires which exist in both the routers

Stateful NAT enables continuous service for dynamically mapped NAT sessions.

SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a0080118b04.shtml

http://www.cisco.com/en/US/docs/ios/12_4/12_4_mainline/snatsca.html

HTH

Narayan

cindylee27 Wed, 08/06/2008 - 00:50

Narayan,

Thanks for your helpful comments.

But if the commands for IP NAT pool also configured at both routers, just curious why the NAT cannot be build again on Router 2 when Router 1 failed on the HSRP?

Thanks,

royalblues Wed, 08/06/2008 - 01:08

Yes it will.. but the NAT translations have to be reestablished on the second router

Routers do not synchronise the NAT translation entries via HSRP

Narayan

rsgamage1 Wed, 08/06/2008 - 01:14

What I understood from Cindy's original post was that there's a problem of re-establishment of NAT translations in R2.

Is that it?

cindylee27 Wed, 08/06/2008 - 02:52

Yeah..

Actually i am curious why the NAT translation cannot work at Router 2. although the command is there..

but i am getting closer to the answer with Narayan and you guys's reply..:)

One thing is, static NAT no prob on Router 2 rite?

is it only applied to Dynamic NAT?

and how can i establish the NAT if i dun want to use SNAT?

thanks.

lamav Wed, 08/06/2008 - 05:13

Cindy:

Be clearer.

Is the problem with re-estabishing NAT translations after failover to the secondary or is it that the original NAT translations from the primary are not carried over to the secondary?

VL

cindylee27 Wed, 08/06/2008 - 05:27

VL,

Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..

Thanks again.

lamav Wed, 08/06/2008 - 06:20

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.

OK, you don't need SNAT for that. Thats just normal NATing.

Perhaps you should post your configs and lets see what you have going on.

VL

lamav Wed, 08/06/2008 - 04:51

Narayan:

great explanation!

I like the way you differentiated between static and dynamic NAT. Thats a point a lot of people [used to] miss, including myself.

Victor

cindylee27 Wed, 08/06/2008 - 06:18

VL,

Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..

So,i need to knwo how to re-establish the NAT translation at Router 2 if Router 1 HSRP fails.

Thanks again.

lamav Wed, 08/06/2008 - 06:27

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.

OK, you don't need SNAT for that. Thats just normal NATing.

Perhaps you should post your configs and lets see what you have going on.

VL

cindylee27 Thu, 08/07/2008 - 18:11

Thanks VL.

I will get back to you soon. It is dynamic NAT config that runs on both router.

Will get back on the config once ready.

Richard Burts Thu, 08/07/2008 - 18:35

Cindy

I do not want to just pile on here. But if we are to give you effective help we really need to see the config (eapecially all the NAT and the interfaces) from both of the routers. You have said a couple of times that the NAT on the second router is similar to the first. We need to see specifically what is the same and what is different.

HTH

Rick

Actions

This Discussion