cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1182
Views
0
Helpful
2
Replies

Stateful NAT Translation Table not exchanged

ps12
Level 1
Level 1

I have IP SLA running in the north-bound [A]. The redundancy works fine, however, on Router 1 and 3 I have configured Stateful NAT for the traffic leave out [B]. The NAT translation occurs but the NAT tables are not exchanged between router 1 and 3. 

 

I read that asymmetric routing is not supported in IP-SLA. Just want to confirm where should the asymmetry not be? In part A of the network or part B?  

 

In my network design, there is asymmetry only in B network, A network section has no asymmetry. Topology image is attached and sharing my configurations below- 

 

On Router 1-

 

ip access-list extended BLOCK_.65_.17_IP
deny ip any host 172.16.15.65
deny ip any host 172.16.15.17
permit ip any any
int FastEthernet0/1
ip access-group BLOCK_.65_.17_IP in


ip access-list standard NAT 
permit 188.115.126.192 0.0.0.63 
permit 188.115.127.192 0.0.0.63 

ip nat pool NAT 59.99.99.57 59.99.99.57 prefix-length 30
ip nat inside source list NAT pool NAT mapping-id 1 overload

ip nat stateful id 1
primary 172.16.15.50
peer 172.16.15.62
mapping-id 1

On Router 3 - 

ip access-list extended BLOCK_.53_.9_IP
deny ip any host 172.16.15.53
deny ip any host 172.16.15.9
permit ip any any
int FastEthernet0/1
ip access-group BLOCK_.53_.9_IP in


ip access-list standard NAT 
permit 188.115.126.192 0.0.0.63 
permit 188.115.127.192 0.0.0.63 

ip nat pool NAT 59.99.99.57 59.99.99.57 prefix-length 30
ip nat inside source list NAT pool NAT mapping-id 1 overload

ip nat stateful id 1
backup 172.16.15.50
peer 172.16.15.62
mapping-id 1

The SNAT Translation on R1 nut nothing on R3-

R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 59.99.99.57:55 188.115.126.193:55 172.16.15.58:55 172.16.15.58:55
icmp 59.99.99.57:54 188.115.127.193:54 172.16.15.14:54 172.16.15.14:54

SNAT Distribution- 

R1#sh ip snat distributed verbose

Stateful NAT Connected Peers

SNAT: Mode PRIMARY
    : State READY
    : Local Address 172.16.15.50
    : Local NAT id 1
    : Peer Address 172.16.15.62
    : Peer NAT id 1
    : Mapping List 1
    : InMsgs 5, OutMsgs 0, tcb 0x6609A500, listener 0x0
R3#sh ip snat distributed verbose

Stateful NAT Connected Peers

SNAT: Mode BACKUP
    : State READY
    : Local Address 172.16.15.62
    : Local NAT id 1
    : Peer Address 172.16.15.50
    : Peer NAT id 1
    : Mapping List 1
    : InMsgs 53, OutMsgs 0, tcb 0x66138B04, listener 0x66118088

 

2 Replies 2

Hello,

 

post the full configs of all three routers. SNAT with primary and backup is rather outdated as far as I recall, which IOS are you running ? 

Hello

I don’t see any nat redundancy name - Is your snat relating to any hrsp peering ?

 

Also be aware after a certain iOS train snat isnt even support it is superseeded by B2B nat - here  - I found this out the hard way when upgrading some 3900 rtrs not so long ago!

 

Anyway can you test again with the following config

 

Both rtrs

Int  x/x

description hrsp interface  

standby x name SNAT

exit

 

Rtr1

ip nat Stateful id 1

redundancy SNAT

mapping-id 12

protocol   udp

exit

 

Rtr2

ip nat Stateful id 2

redundancy SNAT

mapping-id 12

protocol   udp

exit

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Review Cisco Networking for a $25 gift card