Cisco Support Community
Community Member


Has anybody ever implemented HSRP between two routers both running NAT using different translation addresses? The documentation I've read says it can be done, but if the primary fails, any NAT connections running on the primary will be lost. I'm assuming that means the user will simply have to reconnect?

Any insight would be appreciated.



Re: HSRP and NAT

Hi, it is possible to run this scenario using a round about way. This idea, eventhough is not mine, i read this in a post in this same forum.

What you need to do is run a back to back serial cable between these 2 routers. Assign a network address. on that link. say and

Now the idea of using this link is that, when primary link fails the second router will become active, but all active translations will be in primary router (NAT translations). What you need to do is, in the secondary router, put a static route, to the network x.x.x.x, where x.x.x.x is the network address to which , primary router NATs the local address. THe next hop for this route should be

So when return packets come from internet, they are first routed to primary router through the serial link, and from their, NATed back to local address, and routed by the primary router to the ethernet.

Community Member

Re: HSRP and NAT

That's an interesting solution, but adds a level of complexity just to spare users the inconvenience of reconnecting. Is the assumption that my original config will work, but will force users to reconnect if the primary WAN link fails?

These are links to two different service providers. I want traffic that exits through a particular router to use the associated providers IP address so that the traffic will return through that router/link.

I am using HSRP to provide outbound failover. Later, I will implment BGP to provide inbound failover.

Thank You,


Community Member

Re: HSRP and NAT


I am running the a similar setup as you are planning to implement.

I have HSRP & NAT (diff Ip pools) with BGP running on my routers.

I have my own IP address block issed by APNIC.

In order to make inbound failover effective via BGP for the NATed clients, I have struggled a lot and in the end I was successful in acheving both inbound and outbound failover but i achieved this by running ospf in addition to EBGP, IBGP, HSRP and NAT.



CreatePlease to create content