RE: NAT with redundancy

Err- cleaned up; (fixed 192.168.1/2.x = 192.168.1.0/24 throughout the
example)

Or equivalent commands, but you'll get the logic; I have used (but would
rather avoid) EEM & running config changes on the fly as a result of sla/track
failures, but if you want to see that solution instead I can work it up.

Interface f0/0
Ip address 192.168.1.1 255.255.255.0
Ip nat inside

Interface loop100
Ip address 10.1.1.1 255.255.255.252
No ip nat inside

ip sla monitor 1
type echo protocol ipIcmp 192.168.1.50 source 192.168.1.1
frequency 10
ip sla monitor schedule 1 life forever start now

ip sla monitor 2
type echo protocol ipIcmp 192.168.1.52 source 192.168.1.1
frequency 10
ip sla monitor schedule 2 life forever start now

Track 1 rtr 1 reachability
Track 2 rtr 2 reachability

Ip route 192.168.1.50 255.255.255.255 10.1.1.2 254
Ip route 192.168.1.52 255.255.255.255 10.1.1.2 254

Ip route 192.168.1.50 255.255.255.255 f0/0 192.168.1.50 track 1
Ip route 192.168.1.52 255.255.255.255 f0/0 192.168.1.52 track 2

ip nat pool webmailservers prefix-length 24 type rotary

address 192.168.1.50 192.168.1.50

address 192.168.1.52 192.168.1.52

ip nat inside destination list webmailonatt pool webmailservers

! Note this ACL contains the 1 public IP inbound traffic comes to

ip access-list standard webmailonatt

 permit 12.207.43.148

bottom line, nat won't happen for the external as when track obj's are down
the ip is routed to a loopback that is not ip nat inside. You could monitor

other things, like tcp port 80, an http get, etc.

-Joe

From: Anbu [mailto:ksanpu_at_gmail.com]
Sent: Wednesday, June 02, 2010 2:00 AM
To: Narbik Kocharians; David Bass
Cc: Ryan West; Joseph L. Brunner; Cisco certification
Subject: Re: NAT with redundancy

thanks all,

It is with only one Router , so hope NAT / Redundancy with HSRP will not match
the requirement.

Now customer agreed to have both Servers as active/active , So i have checked
the NAT with rotary type in a lab environment , but still i am facing an issue
that even one server is down router is trying to translate to that down server
and send traffics . so it is failing 50 %.
How can it be solved ? can anyone advise me...

Regards,
Anbu.
On Tue, Jun 1, 2010 at 11:05 AM, Narbik Kocharians
<narbikk_at_gmail.com<mailto:narbikk_at_gmail.com>> wrote:
Anbu,

David's recommendation is a pretty good one, but you can do NAT / Redundancy
using HSRP, if you need a lab Unicast me and i will send you one.
On Tue, Jun 1, 2010 at 2:03 PM, David Bass
<davidbass570_at_gmail.com<mailto:davidbass570_at_gmail.com>> wrote:
What you really want to do is load balancing or clustering. NAT is not the
correct mechanism for this, and you would be better off doing Windows
clustering (assuming it's a windows box), or some other form of cluster
server app. That's if you don't have a LB type device.

As a last resort you could do EEM...

On Mon, May 31, 2010 at 11:27 AM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:

> Anbu,
>
> > -----Original Message-----
> > Sent: Monday, May 31, 2010 12:17 PM
> > To: Joseph L. Brunner; Cisco certification
> > Subject: Re: NAT with redundancy
> >
> > Thanks Joe ,
> >
> > i have some more to get understand regard this and expect your help ,
> >
> > My exact requirement is, in your example the outside global
> (12.207.43.148)
> > should translate to 192.168.1.50 . if 192.168.1.50 is not available only
> it should
> > be translated to 192.168.1.52.
> >
> > So is there any method to do the NAT with IP SLA to check 192.168.1.50 is
> up
> > / down , then if it is down it want to translate to 192.168.1.52.
> >
>
> I don't think this is possible with NAT by default. You could write an
> EEM script to do that though, track the state of your IP SLA and trigger
the
> proper CLI commands.
>
> -ryan
>
>
> Blogs and organic groups at http://www.ccie.net<http://www.ccie.net/>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net<http://www.ccie.net/>
Received on Wed Jun 02 2010 - 02:28:19 ART