From: Kirk Graham (kgraham@instructors.net)
Date: Thu Jun 30 2005 - 23:19:11 GMT-3
I think your problem is that when the active HSRP/VRRP gateway fails over
the dynamic NAT tables are lost. This is because they aren't communicated
to the backup HSRP/VRRP gateway. That's why it works with static NAT... the
tables are on both routers.
You need to look at Stateful NAT...
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801124ad.html
This requires HSRP and is not supported with VRRP.
--kg
At 09:03 PM 6/30/2005, Vishal Patel wrote:
>Yeah thatz right..
>
>HSRP/VRRP will satisfy the need.
>
>But I just wanted to check whatz wrong when I use simple dynamic
>natting..what goes wrong ?
>
>I tried it with static natting it works..
>
>Wanna make it work with dynamic natting :)
>
>Below the config for static natting :
>
>Router#sh run
>Building configuration...
>
>Current configuration : 1519 bytes
>!
>version 12.3
>service timestamps debug datetime msec
>service timestamps log datetime msec
>no service password-encryption
>!
>hostname Router
>!
>interface FastEthernet0
> no ip address
> shutdown
> duplex auto
> speed auto
>!
>interface FastEthernet1
> switchport access vlan 25
> no ip address
>!
>interface FastEthernet2
> switchport access vlan 45
> no ip address
>!
>interface FastEthernet3
> no ip address
> shutdown
>!
>interface FastEthernet4
> switchport access vlan 35
> no ip address
> spanning-tree portfast
>!
>interface Vlan45
> ip address 10.250.1.6 255.255.255.252
> ip nat outside
> ip virtual-reassembly
> backup interface Vlan25
>!
>interface Vlan35
> ip address 172.16.1.1 255.255.255.0
> ip nat inside
> ip virtual-reassembly
>!
>interface Vlan25
> ip address 10.250.1.2 255.255.255.252
> ip nat outside
> ip virtual-reassembly
>!
>interface Vlan1
> no ip address
>!
>ip classless
>ip route 20.1.1.0 255.255.255.0 10.250.1.1
>ip route 20.1.1.0 255.255.255.0 10.250.1.5 254
>no ip http server
>no ip http secure-server
>ip nat inside source static 172.16.1.1 192.168.1.1
>ip nat inside source static 172.16.1.2 192.168.1.2
>!
>!
>!
>ip access-list standard test
> permit 172.16.1.0 0.0.0.255 log
>!
>!
>!
>control-plane
>!
>!
>line con 0
>line aux 0
>line vty 0 4
>!
>end
>
>Router#
>
>
>This is perfectly fine working config..
>
>
>
>
>
>-----Original Message-----
>From: Sila Moni [mailto:silamoni@yahoo.com]
>Sent: Friday, 1 July 2005 11:49 AM
>To: Vishal Patel; ccielab@groupstudy.com
>Subject: Re: nat
>
>Can you run HSRP/VRRP? You can still do your static
>route behind it to satisfy your constraint.
>
>--- Vishal Patel <vpatel@accessproviders.com.au>
>wrote:
>
> > Hi,
> >
> >
> >
> > I want to nat the out going packets and if the out
> > going interface goes
> > down , then the backup interface should come up and
> > do the natting.
> >
> >
> >
> > I don't want to use any dynamic routing protocol.
> >
> >
> >
> > Just two default routes for outbound packets.
> >
> >
> >
> > I tried to lab it ..but unfortunately natting
> > doesn't happen when the backup
> > interface comes up.
> >
> >
> >
> > Any ideas.. or any good reading on this ?
> >
> >
> >
> > Thanks
> >
> >
> >
> > Vishal
> >
> >
>_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
>
>____________________________________________________
>Yahoo! Sports
>Rekindle the Rivalries. Sign up for Fantasy Football
>http://football.fantasysports.yahoo.com
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:46 GMT-3