From: Tarun Pahuja (pahujat@gmail.com)
Date: Tue Nov 06 2007 - 16:25:39 ART
Gregory,
Static Nat with HSRP. Here HSRP router pairs have identical NAT
configurations for redundancy. No dynamic entries are replicated amongst
routers in the same HSRP redundancy group.
HTH,
Tarun
On 11/6/07, Gregory Gombas <ggombas@gmail.com> wrote:
>
> Thanks. That covers scenario 2 and 3, how about scenario 1?
>
> On 11/6/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> > Gregory,
> > Hopefully Narbik's Lawyer would not be calling me since I
> am
> > jumping ahead of him to help you. I am sure he will have much more
> insight
> > in this matter than me ;-)
> >
> > To answer your question, SNAT(Stateful Nat) can be configured in
> > Primary/Backup Mode and HSRP mode. In Primary/Backup mode, you have to
> > manually configure who the primary router is and who the secondary
> router is
> > and hence you do not need the word redundancy.
> >
> > When you configure SNAT in HSRP mode, SNAT follows what HSRP tells it to
> > hence you use the word redundancy to tie the two together.
> >
> > HTH,
> > Tarun
> >
> >
> >
> >
> >
> > On 11/6/07, Gregory Gombas <ggombas@gmail.com> wrote:
> > >
> > > I'm not sure I follow?
> > >
> > > Let me restate the question and I hope Narbik himself can chime in
> here.
> > > There seem to be three different ways to configure NAT redundancy:
> > >
> > > Scenario 1 - Static NAT with HSRP:
> > > Step 1. Configure HSRP groups named HSRP-1
> > > Step 2. Tie the group name to the static command as follows:
> > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy HSRP-1
> > >
> > > Scenario 2 - Stateful NAT with HSRP:
> > > Step 1. Configure HSRP groups named HSRP-1
> > > Step 2. Tie the group name to the stateful NAT configuration as
> follows:
> > > Router 2:
> > > ip nat Stateful id 1
> > > redundancy HSRP-1
> > > mapping-id 10
> > > Router 3:
> > > ip nat Stateful id 2
> > > redundancy HSRP-1
> > > mapping-id 10
> > >
> > > Scenario 3 - Stateful NAT without HSRP (Primary/Backup):
> > > PRIMARY:
> > > ip nat Stateful id 1
> > > primary 10.88.194.17
> > > peer 10.88.194.18
> > > mapping-id 10
> > > BACKUP
> > > ip nat Stateful id 2
> > > backup 10.88.194.18
> > > peer 10.88.194.17
> > > mapping-id 10
> > >
> > > My questions is what is the first scenario for? What is the
> > > significance of the redundacy keyword? How does it tie in with the
> > > HSRP config?
> > > How does that differ from configuring the two routers with static NAT
> > > and no redundancy keyword????
> > >
> > >
> > > On 11/6/07, Victor Cappuccio < vcappuccio@gmail.com> wrote:
> > > > Hi Gregory,
> > > > I had in CANTV this same issue, checking my old emails I found that
> > > > probably this link could help a lot
> > > >
> >
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper0900aecd8052870b.shtml
> > > > Also:
> > > >
> > http://www.iphelp.ru/faq/29/cisconut2-CHP-13-SECT-3.html
> > > >
> >
> http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1079180
> > > >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnthsrp.htm
> > > >
> > > > Also be aware that CPU Process utilization and memory is critical in
> > this
> > > > situation, using the using the following TCL Script to capture the
> > number
> > > > of translations and using the show ip nat statistics to determine
> the
> > > > number of dynamic entries created in the NAT tables such as in:
> Active
> > as to
> > > > Standby
> > > >
> > > > proc SNAT { DURANTE interval } {
> > > > set end [expr [clock seconds] + $DURANTE]
> > > > set cur [clock seconds]
> > > > set interval "${INTEVALO}000"
> > > > while { $cur < $end } {
> > > > show clock
> > > > show IP NAT sta | inc To
> > > > show proc cpu | exc 0.00
> > > > show memory statistics
> > > > puts "\n"
> > > > after $TIEMPO
> > > > set cur [clock seconds]
> > > > }
> > > > }
> > > >
> > > > My 2 cents
> > > >
> > > > Victor Cappuccio
> > > > www.vcappuccio.wordpress.com
> > > >
> > > >
> > > > On Nov 6, 2007 3:51 PM, Gregory Gombas <ggombas@gmail.com> wrote:
> > > > >
> > > > > Can someone please explain what the redundancy keyword at the end
> of a
> > > > > static nat statement does? For example:
> > > > >
> > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy HSRP-1
> > > > >
> > > > > We tried the configuration from Narkbik's NAT lab excercise #9,
> and we
> > > > > found that failover worked the same with or without the redundancy
> > > > > keyword:
> > > > >
> > > > > Ip nat inside source static 10.1.123.1 192.1.1.1
> > > > >
> > > > > Here is the relevant configuration:
> > > > >
> > > > > On R2
> > > > > interface FastEthernet0/0
> > > > > Standby 1 ip 10.1.123.100
> > > > > Standby 1 priority 110
> > > > > Standby 1 preempt
> > > > > Standby 1 name HSRP-1
> > > > > Standby 1 track FastEthernet0/1 50
> > > > > ip nat inside
> > > > >
> > > > > interface FastEthernet0/1
> > > > > Standby 2 ip 200.1.1.100
> > > > > Standby 2 priority 110
> > > > > Standby 2 preempt
> > > > > Standby 2 track FastEthernet0/0 50
> > > > > ip nat outside
> > > > >
> > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy HSRP-1
> > > > >
> > > > >
> > > > > On R3
> > > > > Interface FastEthernet0/0
> > > > > Standby 1 ip 10.1.123.100
> > > > > Standby 1 preempt
> > > > > Standby 1 name HSRP-1
> > > > > ip nat inside
> > > > >
> > > > > Interface FastEthernet0/1
> > > > > Standby 2 ip 200.1.1.100
> > > > > Standby 2 priority 100
> > > > > Standby 2 preempt
> > > > > ip nat outside
> > > > >
> > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy HSRP-1
> > > > >
> > > > >
> > > >
> > _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART