Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP NAT Pool question

Hi Experts,

I have one issue here.. There are 2 routers and they are running HSRP on the fast-Ethernet.

THe NAT config is "ip nat pool CISCO x.x.x.x y.y.y.y netmask 255.255.255.0.

ip nat inside source list 21 pool CISCO

access-list 21 permit z.z.z.z

The current NAT always happens at Router 1, meaning when i shown ip nat translations, the entry is there.

Now, when Router 1's HSRP is down, the traffic went to Router 2, but the NAT doesn't get translated there although the commands are the same.

What gone wrong actually?

Thanks,

cindy

15 REPLIES
New Member

Re: IP NAT Pool question

Hi,

Could you share config. of R1 and R2 with altered sensitive info.?

Re: IP NAT Pool question

Cindy,

When HSRP state changes, NAT translations will not switch over and all the dynamic NAT entries have to reestablished from the 2nd router. The redundancy is achieved only for static NAT entires which exist in both the routers

Stateful NAT enables continuous service for dynamically mapped NAT sessions.

SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a0080118b04.shtml

http://www.cisco.com/en/US/docs/ios/12_4/12_4_mainline/snatsca.html

HTH

Narayan

New Member

Re: IP NAT Pool question

Narayan,

Thanks for your helpful comments.

But if the commands for IP NAT pool also configured at both routers, just curious why the NAT cannot be build again on Router 2 when Router 1 failed on the HSRP?

Thanks,

Re: IP NAT Pool question

Yes it will.. but the NAT translations have to be reestablished on the second router

Routers do not synchronise the NAT translation entries via HSRP

Narayan

New Member

Re: IP NAT Pool question

What I understood from Cindy's original post was that there's a problem of re-establishment of NAT translations in R2.

Is that it?

New Member

Re: IP NAT Pool question

Yeah..

Actually i am curious why the NAT translation cannot work at Router 2. although the command is there..

but i am getting closer to the answer with Narayan and you guys's reply..:)

One thing is, static NAT no prob on Router 2 rite?

is it only applied to Dynamic NAT?

and how can i establish the NAT if i dun want to use SNAT?

thanks.

Blue

Re: IP NAT Pool question

Cindy:

Be clearer.

Is the problem with re-estabishing NAT translations after failover to the secondary or is it that the original NAT translations from the primary are not carried over to the secondary?

VL

New Member

Re: IP NAT Pool question

VL,

Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..

Thanks again.

Blue

Re: IP NAT Pool question

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.

OK, you don't need SNAT for that. Thats just normal NATing.

Perhaps you should post your configs and lets see what you have going on.

VL

New Member

Re: IP NAT Pool question

Yes Cindy, let's have a look at your configurations.

Blue

Re: IP NAT Pool question

Narayan:

great explanation!

I like the way you differentiated between static and dynamic NAT. Thats a point a lot of people [used to] miss, including myself.

Victor

New Member

Re: IP NAT Pool question

VL,

Yup, is the problem with re-establishing NAT translations after failover to the secondary router as the secondary router also consist of IP nat pool command which is similar to Primary router..

So,i need to knwo how to re-establish the NAT translation at Router 2 if Router 1 HSRP fails.

Thanks again.

Blue

Re: IP NAT Pool question

Ok, so what you're saying is that the NAT translations are not being restablished from scratch on the secondary router.

OK, you don't need SNAT for that. Thats just normal NATing.

Perhaps you should post your configs and lets see what you have going on.

VL

New Member

Re: IP NAT Pool question

Thanks VL.

I will get back to you soon. It is dynamic NAT config that runs on both router.

Will get back on the config once ready.

Hall of Fame Super Silver

Re: IP NAT Pool question

Cindy

I do not want to just pile on here. But if we are to give you effective help we really need to see the config (eapecially all the NAT and the interfaces) from both of the routers. You have said a couple of times that the NAT on the second router is similar to the first. We need to see specifically what is the same and what is different.

HTH

Rick

201
Views
10
Helpful
15
Replies
CreatePlease login to create content