cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
664
Views
10
Helpful
15
Replies

IP NAT Pool question

cindylee27
Level 1
Level 1

Hi Experts,

I have one issue here.. There are 2 routers and they are running HSRP on the fast-Ethernet.

THe NAT config is "ip nat pool CISCO x.x.x.x y.y.y.y netmask 255.255.255.0.

ip nat inside source list 21 pool CISCO

access-list 21 permit z.z.z.z

The current NAT always happens at Router 1, meaning when i shown ip nat translations, the entry is there.

Now, when Router 1's HSRP is down, the traffic went to Router 2, but the NAT doesn't get translated there although the commands are the same.

What gone wrong actually?

Thanks,

cindy

15 Replies 15

rsgamage1
Level 3
Level 3

Hi,

Could you share config. of R1 and R2 with altered sensitive info.?

Cindy,

When HSRP state changes, NAT translations will not switch over and all the dynamic NAT entries have to reestablished from the 2nd router. The redundancy is achieved only for static NAT entires which exist in both the routers

Stateful NAT enables continuous service for dynamically mapped NAT sessions.

SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a0080118b04.shtml

http://www.cisco.com/en/US/docs/ios/12_4/12_4_mainline/snatsca.html

HTH

Narayan

Narayan,

Thanks for your helpful comments.

But if the commands for IP NAT pool also configured at both routers, just curious why the NAT cannot be build again on Router 2 when Router 1 failed on the HSRP?

Thanks,

Yes it will.. but the NAT translations have to be reestablished on the second router

Routers do not synchronise the NAT translation entries via HSRP

Narayan

What I understood from Cindy's original post was that there's a problem of re-establishment of NAT translations in R2.

Is that it?

Yeah..

Actually i am curious why the NAT translation cannot work at Router 2. although the command is there..

but i am getting closer to the answer with Narayan and you guys's reply..:)

One thing is, static NAT no prob on Router 2 rite?

is it only applied to Dynamic NAT?

and how can i establish the NAT if i dun want to use SNAT?

thanks.

Cindy:

Be clearer.

Is the problem with re-estabishing NAT translations after failover to the secondary or is it that the original NAT translations from the primary are not carried over to the secondary?

VL

VL,

Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..

Thanks again.

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.

OK, you don't need SNAT for that. Thats just normal NATing.

Perhaps you should post your configs and lets see what you have going on.

VL

Yes Cindy, let's have a look at your configurations.

Narayan:

great explanation!

I like the way you differentiated between static and dynamic NAT. Thats a point a lot of people [used to] miss, including myself.

Victor

VL,

Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..

So,i need to knwo how to re-establish the NAT translation at Router 2 if Router 1 HSRP fails.

Thanks again.

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.

OK, you don't need SNAT for that. Thats just normal NATing.

Perhaps you should post your configs and lets see what you have going on.

VL

Thanks VL.

I will get back to you soon. It is dynamic NAT config that runs on both router.

Will get back on the config once ready.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco