From: Vishal Patel (vpatel@accessproviders.com.au)
Date: Thu Jun 30 2005 - 23:36:42 GMT-3
Iam not using hsrp / vrrp
I have a simple a design of two WAN links and one LAN.
One WAN acts as the backup for other and both are doing ip nat outside.
When the primary fails the backup doesn't do dynamic natting.
I will read about stateful nat , thanks.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Kirk
Graham
Sent: Friday, 1 July 2005 12:19 PM
To: ccielab@groupstudy.com
Subject: RE: nat
I think your problem is that when the active HSRP/VRRP gateway fails over
the dynamic NAT tables are lost. This is because they aren't communicated
to the backup HSRP/VRRP gateway. That's why it works with static NAT... the
tables are on both routers.
You need to look at Stateful NAT...
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guid
e09186a00801124ad.html
This requires HSRP and is not supported with VRRP.
--kg
At 09:03 PM 6/30/2005, Vishal Patel wrote:
>Yeah thatz right..
>
>HSRP/VRRP will satisfy the need.
>
>But I just wanted to check whatz wrong when I use simple dynamic
>natting..what goes wrong ?
>
>I tried it with static natting it works..
>
>Wanna make it work with dynamic natting :)
>
>Below the config for static natting :
>
>Router#sh run
>Building configuration...
>
>Current configuration : 1519 bytes
>!
>version 12.3
>service timestamps debug datetime msec
>service timestamps log datetime msec
>no service password-encryption
>!
>hostname Router
>!
>interface FastEthernet0
> no ip address
> shutdown
> duplex auto
> speed auto
>!
>interface FastEthernet1
> switchport access vlan 25
> no ip address
>!
>interface FastEthernet2
> switchport access vlan 45
> no ip address
>!
>interface FastEthernet3
> no ip address
> shutdown
>!
>interface FastEthernet4
> switchport access vlan 35
> no ip address
> spanning-tree portfast
>!
>interface Vlan45
> ip address 10.250.1.6 255.255.255.252
> ip nat outside
> ip virtual-reassembly
> backup interface Vlan25
>!
>interface Vlan35
> ip address 172.16.1.1 255.255.255.0
> ip nat inside
> ip virtual-reassembly
>!
>interface Vlan25
> ip address 10.250.1.2 255.255.255.252
> ip nat outside
> ip virtual-reassembly
>!
>interface Vlan1
> no ip address
>!
>ip classless
>ip route 20.1.1.0 255.255.255.0 10.250.1.1
>ip route 20.1.1.0 255.255.255.0 10.250.1.5 254
>no ip http server
>no ip http secure-server
>ip nat inside source static 172.16.1.1 192.168.1.1
>ip nat inside source static 172.16.1.2 192.168.1.2
>!
>!
>!
>ip access-list standard test
> permit 172.16.1.0 0.0.0.255 log
>!
>!
>!
>control-plane
>!
>!
>line con 0
>line aux 0
>line vty 0 4
>!
>end
>
>Router#
>
>
>This is perfectly fine working config..
>
>
>
>
>
>-----Original Message-----
>From: Sila Moni [mailto:silamoni@yahoo.com]
>Sent: Friday, 1 July 2005 11:49 AM
>To: Vishal Patel; ccielab@groupstudy.com
>Subject: Re: nat
>
>Can you run HSRP/VRRP? You can still do your static
>route behind it to satisfy your constraint.
>
>--- Vishal Patel <vpatel@accessproviders.com.au>
>wrote:
>
> > Hi,
> >
> >
> >
> > I want to nat the out going packets and if the out
> > going interface goes
> > down , then the backup interface should come up and
> > do the natting.
> >
> >
> >
> > I don't want to use any dynamic routing protocol.
> >
> >
> >
> > Just two default routes for outbound packets.
> >
> >
> >
> > I tried to lab it ..but unfortunately natting
> > doesn't happen when the backup
> > interface comes up.
> >
> >
> >
> > Any ideas.. or any good reading on this ?
> >
> >
> >
> > Thanks
> >
> >
> >
> > Vishal
> >
> >
>_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
>
>____________________________________________________
>Yahoo! Sports
>Rekindle the Rivalries. Sign up for Fantasy Football
>http://football.fantasysports.yahoo.com
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:46 GMT-3