hallo , i have a question if my configuration for dual HSRP is correct, and if the HSRP failover works with nat
ROUTER 1 ======== .. track 10 interface GigabitEthernet0/1 line-protocol track 20 interface GigabitEthernet0/0 line-protocol ! interface GigabitEthernet0/0 ip address 172.16.1.11 255.255.0.0 ip nat inside ip virtual-reassembly duplex auto speed auto standby 10 ip 172.16.1.10 standby 10 priority 110 standby 10 preempt standby 10 authentication standby 10 track 10 decrement 20 ! ! interface GigabitEthernet0/1 ip address 220.127.116.11 255.255.255.224 ip access-group 116 in ip nat outside ip virtual-reassembly duplex auto speed auto standby 20 ip 18.104.22.168 standby 20 priority 110 standby 20 preempt standby 20 authentication standby 20 track 20 decrement 20 ! !
ROUTER 2 ======== .. track 10 interface GigabitEthernet0/1 line-protocol track 20 interface GigabitEthernet0/0 line-protocol ! interface GigabitEthernet0/0 ip address 172.16.1.12 255.255.0.0 ip nat inside ip virtual-reassembly duplex auto speed auto standby 10 ip 172.16.1.10 standby 10 priority 95 standby 10 preempt standby 10 authentication standby 10 track 10 decrement 20 ! ! interface GigabitEthernet0/1 ip address 22.214.171.124 255.255.255.224 ip access-group 116 in ip nat outside ip virtual-reassembly duplex auto speed auto standby 20 ip 126.96.36.199 standby 20 priority 95 standby 20 preempt standby 20 authentication standby 20 track 20 decrement 20 ! !
FOR ANY ROUTER ============== ip forward-protocol nd ! ip nat pool xxx ip nat inside source list 56 pool .... overload ip nat inside source static a.a.a.a b.b.b.b .. .. ip route x.x.x.x 255.255.252.0 87.248.47.xx .. .. ip route y.y.y.y 255.255.255.255 87.248.47.xx ! access-list 56 permit any access-list 116 permit tcp host .............. .. access-list 116 permit ...................... access-list 116 deny ip any any
I do not see anything that is "incorrect" in the syntax of this config for HSRP. I will comment that you may not get the results that you expect if you track the line protocol of the GigEthernet interfaces, especially on the LAN side. Since the router connections are through a switch it is quite possible that you will lose the ability to communicate between HSRP peers but that the interface line protocol will stay up on the active router. I will also question if the connections on G0/1 are really through a router how you will get both interfaces into the same subnet. It is not an issue on router 1 or router 2 but how does the other router have 2 routed ports in the same subnet?
I am slightly confused about your second question. You seem to be asking does HSRP work when you are running NAT. I can not think of anything about NAT that would impact HSRP failover. But if your question is really about whether running NAT is impacted when you run HSRP then I believe that the answer is that if traffic has been running through router 1 and a set of translations have been built on router 1 and then you failover to router 2 then there will not be the same set of translations on that router. So there would be some impact on traffic in that case.
ok, sorry for my english. I need to have two routers with two virtual IP failover on both networks. Using the GE because they are connected to the switch, both in my network in that set. so I wanted to know if I should track both or not. for the second question because I already active in the connection, but where I only have the virtual address on the network and when I switch failover servizo an HTTP is blocked. for this service calls arriving from the network exposed, while the chiamte from my inside to the exposed running properly
below as they are actually connected the router thanks
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...