08-05-2008 11:52 PM - edited 03-03-2019 11:02 PM
Hi Experts,
I have one issue here.. There are 2 routers and they are running HSRP on the fast-Ethernet.
THe NAT config is "ip nat pool CISCO x.x.x.x y.y.y.y netmask 255.255.255.0.
ip nat inside source list 21 pool CISCO
access-list 21 permit z.z.z.z
The current NAT always happens at Router 1, meaning when i shown ip nat translations, the entry is there.
Now, when Router 1's HSRP is down, the traffic went to Router 2, but the NAT doesn't get translated there although the commands are the same.
What gone wrong actually?
Thanks,
cindy
08-06-2008 12:23 AM
Hi,
Could you share config. of R1 and R2 with altered sensitive info.?
08-06-2008 12:33 AM
Cindy,
When HSRP state changes, NAT translations will not switch over and all the dynamic NAT entries have to reestablished from the 2nd router. The redundancy is achieved only for static NAT entires which exist in both the routers
Stateful NAT enables continuous service for dynamically mapped NAT sessions.
SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a0080118b04.shtml
http://www.cisco.com/en/US/docs/ios/12_4/12_4_mainline/snatsca.html
HTH
Narayan
08-06-2008 12:50 AM
Narayan,
Thanks for your helpful comments.
But if the commands for IP NAT pool also configured at both routers, just curious why the NAT cannot be build again on Router 2 when Router 1 failed on the HSRP?
Thanks,
08-06-2008 01:08 AM
Yes it will.. but the NAT translations have to be reestablished on the second router
Routers do not synchronise the NAT translation entries via HSRP
Narayan
08-06-2008 01:14 AM
What I understood from Cindy's original post was that there's a problem of re-establishment of NAT translations in R2.
Is that it?
08-06-2008 02:52 AM
Yeah..
Actually i am curious why the NAT translation cannot work at Router 2. although the command is there..
but i am getting closer to the answer with Narayan and you guys's reply..:)
One thing is, static NAT no prob on Router 2 rite?
is it only applied to Dynamic NAT?
and how can i establish the NAT if i dun want to use SNAT?
thanks.
08-06-2008 05:13 AM
Cindy:
Be clearer.
Is the problem with re-estabishing NAT translations after failover to the secondary or is it that the original NAT translations from the primary are not carried over to the secondary?
VL
08-06-2008 05:27 AM
VL,
Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..
Thanks again.
08-06-2008 06:20 AM
Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.
OK, you don't need SNAT for that. Thats just normal NATing.
Perhaps you should post your configs and lets see what you have going on.
VL
08-06-2008 06:24 AM
Yes Cindy, let's have a look at your configurations.
08-06-2008 04:51 AM
Narayan:
great explanation!
I like the way you differentiated between static and dynamic NAT. Thats a point a lot of people [used to] miss, including myself.
Victor
08-06-2008 06:18 AM
VL,
Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..
So,i need to knwo how to re-establish the NAT translation at Router 2 if Router 1 HSRP fails.
Thanks again.
08-06-2008 06:27 AM
Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.
OK, you don't need SNAT for that. Thats just normal NATing.
Perhaps you should post your configs and lets see what you have going on.
VL
08-07-2008 06:11 PM
Thanks VL.
I will get back to you soon. It is dynamic NAT config that runs on both router.
Will get back on the config once ready.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: