Let's take today about the stateful Nat [ SNAT]
-This is Feature give us translation more than one network address which mean Back up nat to the active failure.
- Nat is great feature help us to permit the interconnection of private network to reach the Public network.
- SNAT work as active and back up scenario the active handle the traffic require translation ip address from Private to public.
- Back up SNAT is working as duplication all the translation which in the active table and once the active translator is down the back up will handle the translation and will replay to all requests.
- There is Two phases of the SNAT , phase one was not supported for the application level,
Phase two is provide the application level and asymmetric routing [ Encryption method use two Keys to encrypt the plain text secret key is change over the internet] recommend to read one fully article about the asymmetric & symmetric.
-The mapping-id must be the same between them
-Redundancy string must match the standby name.
Example for the SNAT configuration :
--------------------------------
Interface Gig 0/0/0
Description SNAT
Standby 10 name SNAT-DC
standby 10 ip address 10.100.101.254
ip nat inside
-----
interface Gig 0/0/1
Ip nat outside
----
IP nat stateful id 10
redundancy SNAT-DC
Mapping-id 90
----------------------------
access-list nat
10 permit 10.100.101.0 0.0.0.255
Ip nat pool SNAT-POOL 37.0.0.100 37.0.0.100 prefix-length 24
Ip nat inside source list nat pool SNAT-POOL mapping-id 90 overload
---------
router bgp 6508
bgp router-id 10.10.10.10
no bgp default ipv4-unicast
neighbor 38.0.0.100 remote-as 6509
address-family ipv4
network 37.0.0.100 mask 255.255.255.0
exit
------------
some of commands help for T-shoot
Show ip snat peer
show ip snat distributeed
show ip snat distributed verbose
show standby