From: Eric Leung (eric.lwc@gmail.com)
Date: Sat Jul 14 2007 - 02:05:09 ART
I have mistakenly used the same stateful id and make a router in a
translation group crash. And after I assign a different ID, it works fine.
And a very secret note in the Cisco Document states that each router should
have a different ID:
As you can see, the two routers, CHENEY and CAPEFEAR1 form a NAT group. They
are designated members of the group by coding the command:
ip nat stateful id <id-number>
------------------------------
*Note: *Note the ID is different for the each router. Each SNAT router
should have a unique ID number.
2007/7/14, Alexei Monastyrnyi <alexeim@orcsoftware.com>:
>
> Thanks Eric.
>
> In all references different SNAT IDs are used across a translation
> group. Though it works fine with the same SNAT ID across the routers.
>
> Since it seems to be impossible to have more than one SNAT entity on the
> router:
>
> R1(config)#ip nat Stateful id 11
> % SNAT with id : 1 already running. Please remove and reconfigure%
>
> I would guess those IDs being different or same across the group don't
> make much of a difference. Though I might be wrong here.
>
> Mapping IDs, as you have highlighted, are important indeed.
>
> Cheers,
> A.
>
> Eric Leung wrote:
> > Explain a little bit more using Alexei's example working on a SNAT
> group:
> >
> > *On Router 1*
> >
> > in fa 0/1
> > ip nat outside
> >
> > in fa 0/0
> > ip nat inside
> > standby 111 name SNAT-HSRP
> >
> > !*! The stateful id has to be different on this router.*
> > ip nat Stateful id 1
> > redundancy SNAT-HSRP
> > *! the mapping id on both routers has to be the same*
> > mapping-id 19
> > as-queuing disable
> >
> > ip nat pool SNATPOOL1 10.0.0.254 10.0.0.254 prefix-length 24
> > access-list 192 permit ip 192.168.111.0 0.0.0.255 any
> > ip nat inside source list 192 pool SNATPOOL1 mapping-id 19 overload
> >
> > *On Router 2*
> >
> > in fa 0/1
> > ip nat outside
> >
> > in fa 0/0
> > ip nat inside
> > standby 111 name SNAT-HSRP
> >
> > *! The stateful id has to be different on this router.*
> > ip nat Stateful id 2
> > redundancy SNAT-HSRP
> > *! the mapping id on both routers has to be the same*
> > mapping-id 19
> > as-queuing disable
> >
> > ip nat pool SNATPOOL1 10.0.0.254 10.0.0.254 prefix-length 24
> > access-list 192 permit ip 192.168.111.0 0.0.0.255 any
> > ip nat inside source list 192 pool SNATPOOL1 mapping-id 19 overload
> >
> >
> > Reference:
> >
> http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml#wp39308
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > 2007/7/13, Alexei Monastyrnyi <alexeim@orcsoftware.com>:
> >
> >> Hi.
> >>
> >> You mean "should those two be the of same value?"? Not really. In NAT
> >> pool you should refer to the right mapping ID.
> >>
> >> If you are to use it with HSRP, standby name and redundancy name should
> >> match though.
> >>
> >> Something like this should work:
> >>
> >> in fa 0/1
> >> ip nat outside
> >>
> >> in fa 0/0
> >> ip nat inside
> >> standby 111 name SNAT-HSRP
> >>
> >> ip nat Stateful id 1
> >> redundancy SNAT-HSRP
> >> mapping-id 19
> >> as-queuing disable
> >>
> >> ip nat pool SNATPOOL1 10.0.0.254 10.0.0.254 prefix-length 24
> >> access-list 192 permit ip 192.168.111.0 0.0.0.255 any
> >> ip nat inside source list 192 pool SNATPOOL1 mapping-id 19 overload
> >>
> >>
> >> HTH,
> >> A.
> >>
> >>
> >> on 7/13/2007 10:44 AM Ashok CCIE wrote:
> >>
> >>> Hi,
> >>>
> >>> Should the SNAT stateful id and mapping id between the routers. Also,
> >>>
> >> could
> >>
> >>> you send me valid config on this?
> >>>
> >>> Thanks,
> >>> Ashok
> >>>
> >>>
> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART