Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
2
Replies

SNAT with HSRP and Two Internet connections

Go to solution
Mark Rigby
Level 1
Level 1

‎08-17-2010 03:34 AM - edited ‎03-04-2019 09:27 AM

Greetings, i am going to be deploying a new site with two internet connections terminated on two ISR routers. Each one will be running HSRP and ill be using IP SLA object tracking to determine the active member and default route.


I would also like to try and achieve a more stateful configuration, as such i am considering using the SNAT feature within the HSRP group however i would like to just use PAT and overload all outbound connections onto the interface IP address rather than creating NAT pools which from the examples i have seen is how this is configured.


Has anyone deployed this just using PAT or do you have to use NAT pools w/ PAT?


Regards



Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-17-2010 03:56 AM

Hello Mark,

I'm afraid that using a pool may be required by the SNAT solution as the idea is that the backup router if takes over has to be able to route traffic for current NAT sessions, if you would use the WAN interface of router1 as public IP address, when R1 fails (or just its WAN link fails)  packets cannot be sent back and so it cannot be translated by the backup router.

So SNAT feature  requires to get a small public pool from ISP or it would not be effective.

see figure 1 in

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_cfg_ha_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1047478

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-17-2010 03:56 AM

Hello Mark,

I'm afraid that using a pool may be required by the SNAT solution as the idea is that the backup router if takes over has to be able to route traffic for current NAT sessions, if you would use the WAN interface of router1 as public IP address, when R1 fails (or just its WAN link fails)  packets cannot be sent back and so it cannot be translated by the backup router.

So SNAT feature  requires to get a small public pool from ISP or it would not be effective.

see figure 1 in

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_cfg_ha_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1047478

Hope to help

Giuseppe

0 Helpful

Go to solution
Mark Rigby
Level 1
Level 1
In response to Giuseppe Larosa

‎08-18-2010 08:35 AM

Thank you for the reply Giuseppe, the explanation makes perfect sense

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card