Re: Stateful NAT

From: Jason Madsen (madsen.jason@gmail.com)
Date: Thu Jan 15 2009 - 10:38:00 ARST

• Next message: Jason Madsen: "Re: configuation change track"
• Previous message: Ali El Moussaoui: "STP Troublshooting"
• Maybe in reply to: mihai.grigore@onlinehome.de: "Stateful NAT"
• Next in thread: mihai.grigore@onlinehome.de: "Re: Re: Stateful NAT"
• Maybe reply: mihai.grigore@onlinehome.de: "Re: Re: Stateful NAT"
• Maybe reply: Jason Madsen: "Re: Re: Stateful NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Mihai,

SNAT is somewhat similar to what you'd find with an ASA. It maintains a
state table of some sort on multiple devices; all of the devices
participating in SNAT share the same Address Translation information. This
is particularly useful for at least 2 main reasons. For one, it allows you
to use NAT in the event that for whatever reason (lab requirement most
likely) you can have Asymmetric routing and still use NAT. Without SNAT,
return traffic that has been Nat'd may not "know" how to route. For
another, it makes for a more seamless transition should you have a device /
link failure. The other SNAT device already knows about existing
translations.

As you mentioned, you can perform SNAT with either HSRP using the
"redundancy" keyword referencing your HSRP group name or with the "primary"
and "backup" keywords. Try setting up either / both versions, have NAT on
one device translate some traffic and then do a "show ip nat translation" on
both devices. You should see that your other SNAT device learns
translations created on the other device. You can also do "verbose" "show"
commands and get a little more info'.

HTH,
Jason

On Thu, Jan 15, 2009 at 2:48 AM, <mihai.grigore@onlinehome.de> wrote:

> Dear Experts,
>
> I just had a revelation about this poorly documented feature (to say the
> least).
>
> As far as I understood this, there are at least 2 flavours of SNAT:
> 1. HSRP with SNAT
> 2. no HSRP with Primary/Backup SNAT peers
>
> This is thanks to IE WB Vol1 Ver5.
>
> Can anyone point to a CLEAR explanation of stateful NAT? Or come up with an
> explanation? Doc-CD is not the best place for SNAT...
>
> TIA,
> Mihai
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jason Madsen: "Re: configuation change track"
• Previous message: Ali El Moussaoui: "STP Troublshooting"
• Maybe in reply to: mihai.grigore@onlinehome.de: "Stateful NAT"
• Next in thread: mihai.grigore@onlinehome.de: "Re: Re: Stateful NAT"
• Maybe reply: mihai.grigore@onlinehome.de: "Re: Re: Stateful NAT"
• Maybe reply: Jason Madsen: "Re: Re: Stateful NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:38 ARST