Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
784
Views
5
Helpful
3
Replies

Dynamic NAT with overload and HSRP

Nik Lissov
Level 1
Level 1

ā€Ž03-27-2021 12:06 AM - edited ā€Ž03-27-2021 12:07 AM

Hi!

I'm using two ASR1001-HX with HSRP. Both are running Cisco IOS XE Software, Version 16.03.05. For some reason i need dynamic NAT with overload for some users. Configuration looks like this:

 

ASR1:

interface BDI10

 description INTERNET

  ip address {PUBLIC IP.1} 255.255.255.128

  ip nat outside

  standby version 2

  standby 10 ip {PUBLIC IP.3}

  standby 10 timers 1 3

  standby 10 priority 110

  standby 10 preempt

  standby 10 name BDI10

  cdp enable

  ip virtual-reassembly

  end

 

ip nat pool USERS {PUBLIC IP.5} netmask 255.255.255.128

ip nat inside source list 100 pool USERS overload

 

ASR2:

 

interface BDI10

 description INTERNET

 ip address {PUBLIC IP.2} 255.255.255.128

 ip nat outside

 standby version 2

 standby 10 ip {PUBLIC IP.3}

 standby 10 timers 1 3

 standby 10 preempt

 standby 10 name BDI10

 cdp enable

 ip virtual-reassembly

 end

 

ip nat pool USERS {PUBLIC IP.5} netmask 255.255.255.128

ip nat inside source list 100 pool USERS overload

 

This configuration works fine a bit of time, and then there is an error occurred in logs:

ASR1: 

%IP-4-DUPADDR: Duplicate address {PUBLIC IP.5} on BDI10, sourced by 6cb2.aecb.a1cc <----ASR2 VIP mac address

 

ASR2:

%IP-4-DUPADDR: Duplicate address {PUBLIC IP.5} on BDI10, sourced by 6cb2.aecb.d1bb <----ASR1 VIP mac address 

 

So my question is how to configure correct NAT on ASR with HSRP without errors?

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

ā€Ž03-27-2021 05:21 AM

"ip nat stateful"
this command join NAT for the two ASR 

0 Helpful

Nik Lissov
Level 1
Level 1

ā€Ž03-27-2021 06:09 AM

Isn't stateful nat was End-of-Life on new firmwares?

https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html#q15

paul driver
VIP
VIP
In response to Nik Lissov

ā€Ž03-27-2021 03:21 PM

Hello

Snat  for that software isnt applicable however Box-2-Box nat is, please review.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card