Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Stateful NAT with primary and backup

I am having some problems with Stateful NAT. The translation works OK at the primary, but the NAT table at the backup seems to have mangled the session information. Has anyone else seen this? I am using 12.2(15)T17.

(Oh I wish we could use the code HTML tag ... this is going to look awful ...)

<code>

R3#show run | beg Stateful

ip nat Stateful id 3

primary 148.49.103.1

peer 148.49.104.1

mapping-id 30

ip nat pool NAT-pool 148.49.108.180 148.49.108.180 prefix-length 24

ip nat inside source list NAT-match pool NAT-pool mapping-id 30

:

R3#show ip snat distributed

Stateful NAT Connected Peers

SNAT: Mode PRIMARY

: State READY

: Local Address 148.49.103.1

: Local NAT id 3

: Peer Address 148.49.104.1

: Peer NAT id 0

: Mapping List 30

R3#show ip nat trans

Pro Inside global Inside local Outside local Outside global

--- 148.49.108.180 148.49.108.1 --- ---

R4#show run | beg Stateful

ip nat Stateful id 4

backup 148.49.104.1

peer 148.49.103.1

mapping-id 40

ip nat pool NAT-pool 148.49.108.180 148.49.108.180 prefix-length 24

ip nat inside source list NAT-match pool NAT-pool mapping-id 40

:

R4#show ip snat dist

Stateful NAT Connected Peers

SNAT: Mode BACKUP

: State READY

: Local Address 148.49.104.1

: Local NAT id 4

: Peer Address 148.49.103.1

: Peer NAT id 3

: Mapping List 40

R4#show ip nat trans

Pro Inside global Inside local Outside local Outside global

--- 108.1.148.49 0.0.148.49 108.180.0.0 ---

</code>

Kevin Dorrell

Luxembourg

9 REPLIES

Re: Stateful NAT with primary and backup

Bump! Anyone know about SNAT?

Re: Stateful NAT with primary and backup

Nobody? Can someone at least confim that what I am seeing in the translation table of R4 (which is supposed to be a backup translation for R3) is garbled? Or is it supposed to be like that?

Kevin Dorrell

Luxembourg

Re: Stateful NAT with primary and backup

?? Anybody out there that knows about SNAT ??

Hall of Fame Super Blue

Re: Stateful NAT with primary and backup

Kevin

Can you post copies of configs re SNAT, a quick topology and a quick explanation.

Assuming i can run this on 2621XM's i will emulate your setup in our lab and have a look at the output. Hopefully sometime this week.

Jon

Re: Stateful NAT with primary and backup

Hi Jon, thank you very much for replying. I was beginning to think I was talking to the trees ("arboreal interlocution").

Unfortunately I have already broken up the lab, but here (attached) are the details as I remember them. The IGP topology was quite complicated, but I think it could be reduced to 2 VLANs, one on each side of the R3-R4 pair, and a single IGP.

I have just got a stack of 2611XMs to replace my old 12.2(15)T17 2520s and 2600s. That should make things easier when they arrive, 'cos I shall be able to keep a library of configs in flash (which you cannot do with a 2500) and swop them in and out quickly and efficiently.

I don't want to put you to too much trouble, but if you just could have a look at the NAT translation tables on my original posting, and see if you agree with me that R4 looks garbled.

Thanks a million.

Edit: Looking at this agin, I wonder if I should have had the keyword overload in order to get the ports into the table. I wonder if SNAT gets confused if you leave it out.

Kevin Dorrell

Luxembourg

Re: Stateful NAT with primary and backup

Sorry, corrected document attached

Hall of Fame Super Blue

Re: Stateful NAT with primary and backup

Hi Kevin

Apologies for the delay in getting back but i finally got some time to lab this up.

Please see attached word doc for details. Rather than keep you in suspense, it did work for me although i was using different IOS.

Any questions, further tests let me know.

Jon

Re: Stateful NAT with primary and backup

Thank you Jon, that's really really helpful.

So, with your version, your backup SNAT recorded 148.49.108.180, as opposed to mine which recorded 108.180.148.49. So it looks like a bug in 12.2(15)T17.

I shall be able to try it now, 'cos my wife just phoned to tell me that a parcel arrived this morning with a stack of 2611XMs in it. It'll be a difficult balance of family vs. lab this weekend!

Have a nice weekend.

Kevin Dorrell

Luxembourg

Hall of Fame Super Blue

Re: Stateful NAT with primary and backup

Kevin

No problem, glad to be of help and thanks for the rating.

I'd never done SNAT before so it was a useful exercise.

Have fun with your new routers :)

Jon

713
Views
5
Helpful
9
Replies