Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SNAT with HSRP and Two Internet connections

Greetings, i am going to be deploying a new site with two internet connections terminated on two ISR routers. Each one will be running HSRP and ill be using IP SLA object tracking to determine the active member and default route.


I would also like to try and achieve a more stateful configuration, as such i am considering using the SNAT feature within the HSRP group however i would like to just use PAT and overload all outbound connections onto the interface IP address rather than creating NAT pools which from the examples i have seen is how this is configured.


Has anyone deployed this just using PAT or do you have to use NAT pools w/ PAT?


Regards



1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: SNAT with HSRP and Two Internet connections

Hello Mark,

I'm afraid that using a pool may be required by the SNAT solution as the idea is that the backup router if takes over has to be able to route traffic for current NAT sessions, if you would use the WAN interface of router1 as public IP address, when R1 fails (or just its WAN link fails)  packets cannot be sent back and so it cannot be translated by the backup router.

So SNAT feature  requires to get a small public pool from ISP or it would not be effective.

see figure 1 in

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_cfg_ha_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1047478

Hope to help

Giuseppe

2 REPLIES
Hall of Fame Super Silver

Re: SNAT with HSRP and Two Internet connections

Hello Mark,

I'm afraid that using a pool may be required by the SNAT solution as the idea is that the backup router if takes over has to be able to route traffic for current NAT sessions, if you would use the WAN interface of router1 as public IP address, when R1 fails (or just its WAN link fails)  packets cannot be sent back and so it cannot be translated by the backup router.

So SNAT feature  requires to get a small public pool from ISP or it would not be effective.

see figure 1 in

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_cfg_ha_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1047478

Hope to help

Giuseppe

Community Member

Re: SNAT with HSRP and Two Internet connections

Thank you for the reply Giuseppe, the explanation makes perfect sense

Regards

525
Views
0
Helpful
2
Replies
CreatePlease to create content