Re: SNAT stateful id and mapping id

From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Sat Jul 14 2007 - 04:21:52 ART

• Next message: nhatphuc: "Is FR encapsulation between DTEs?"
• Previous message: Eric Leung: "Re: SNAT stateful id and mapping id"
• Maybe in reply to: Ashok CCIE: "SNAT stateful id and mapping id"
• Next in thread: Ben: "Re: SNAT stateful id and mapping id"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes, it is a good idea to follow "should have" sort of recommendations
from Cisco, just to be on the safe side. :-)

Cheers,
A.

Eric Leung wrote:
> I have mistakenly used the same stateful id and make a router in a
> translation group crash. And after I assign a different ID, it works fine.
> And a very secret note in the Cisco Document states that each router should
> have a different ID:
>
>
> As you can see, the two routers, CHENEY and CAPEFEAR1 form a NAT group. They
> are designated members of the group by coding the command:
>
> ip nat stateful id <id-number>
> ------------------------------
>
> *Note: *Note the ID is different for the each router. Each SNAT router
> should have a unique ID number.
>
>
>
> 2007/7/14, Alexei Monastyrnyi <alexeim@orcsoftware.com>:
>
>> Thanks Eric.
>>
>> In all references different SNAT IDs are used across a translation
>> group. Though it works fine with the same SNAT ID across the routers.
>>
>> Since it seems to be impossible to have more than one SNAT entity on the
>> router:
>>
>> R1(config)#ip nat Stateful id 11
>> % SNAT with id : 1 already running. Please remove and reconfigure%
>>
>> I would guess those IDs being different or same across the group don't
>> make much of a difference. Though I might be wrong here.
>>
>> Mapping IDs, as you have highlighted, are important indeed.
>>
>> Cheers,
>> A.
>>
>> Eric Leung wrote:
>>
>>> Explain a little bit more using Alexei's example working on a SNAT
>>>
>> group:
>>
>>> *On Router 1*
>>>
>>> in fa 0/1
>>> ip nat outside
>>>
>>> in fa 0/0
>>> ip nat inside
>>> standby 111 name SNAT-HSRP
>>>
>>> !*! The stateful id has to be different on this router.*
>>> ip nat Stateful id 1
>>> redundancy SNAT-HSRP
>>> *! the mapping id on both routers has to be the same*
>>> mapping-id 19
>>> as-queuing disable
>>>
>>> ip nat pool SNATPOOL1 10.0.0.254 10.0.0.254 prefix-length 24
>>> access-list 192 permit ip 192.168.111.0 0.0.0.255 any
>>> ip nat inside source list 192 pool SNATPOOL1 mapping-id 19 overload
>>>
>>> *On Router 2*
>>>
>>> in fa 0/1
>>> ip nat outside
>>>
>>> in fa 0/0
>>> ip nat inside
>>> standby 111 name SNAT-HSRP
>>>
>>> *! The stateful id has to be different on this router.*
>>> ip nat Stateful id 2
>>> redundancy SNAT-HSRP
>>> *! the mapping id on both routers has to be the same*
>>> mapping-id 19
>>> as-queuing disable
>>>
>>> ip nat pool SNATPOOL1 10.0.0.254 10.0.0.254 prefix-length 24
>>> access-list 192 permit ip 192.168.111.0 0.0.0.255 any
>>> ip nat inside source list 192 pool SNATPOOL1 mapping-id 19 overload
>>>
>>>
>>> Reference:
>>>
>>>
>> http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml#wp39308
>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 2007/7/13, Alexei Monastyrnyi <alexeim@orcsoftware.com>:
>>>
>>>
>>>> Hi.
>>>>
>>>> You mean "should those two be the of same value?"? Not really. In NAT
>>>> pool you should refer to the right mapping ID.
>>>>
>>>> If you are to use it with HSRP, standby name and redundancy name should
>>>> match though.
>>>>
>>>> Something like this should work:
>>>>
>>>> in fa 0/1
>>>> ip nat outside
>>>>
>>>> in fa 0/0
>>>> ip nat inside
>>>> standby 111 name SNAT-HSRP
>>>>
>>>> ip nat Stateful id 1
>>>> redundancy SNAT-HSRP
>>>> mapping-id 19
>>>> as-queuing disable
>>>>
>>>> ip nat pool SNATPOOL1 10.0.0.254 10.0.0.254 prefix-length 24
>>>> access-list 192 permit ip 192.168.111.0 0.0.0.255 any
>>>> ip nat inside source list 192 pool SNATPOOL1 mapping-id 19 overload
>>>>
>>>>
>>>> HTH,
>>>> A.
>>>>
>>>>
>>>> on 7/13/2007 10:44 AM Ashok CCIE wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> Should the SNAT stateful id and mapping id between the routers. Also,
>>>>>
>>>>>
>>>> could
>>>>
>>>>
>>>>> you send me valid config on this?
>>>>>
>>>>> Thanks,
>>>>> Ashok
>>>>>
>>>>>
>>>>>
>> _______________________________________________________________________
>>
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: nhatphuc: "Is FR encapsulation between DTEs?"
• Previous message: Eric Leung: "Re: SNAT stateful id and mapping id"
• Maybe in reply to: Ashok CCIE: "SNAT stateful id and mapping id"
• Next in thread: Ben: "Re: SNAT stateful id and mapping id"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART