I'm scratching my head over a NAT configuration issue.

I have two border routers, configured similarly. Each router has

an outbound ISP interface on it, running BGP. The routers are located

in seperate places in my metropolitan network. The two are

interconnected with a private fiber backhaul, used for iBGP between the two

and traffic already in the border area. Each router has a link into the

main OSPF area, as well as two stub networks (one public IP, one private

IP).

I announce three /24 nets, two of which are currently unused. I run

defaultless, with full route tables on both routers. The goal of

this, is mainly failover and uptime protection for internet access

by the internal networks (which include significant public safety

resources). Both internet pipes have ample (and symmetric) bandwidth.

Problem: I need to run NAT for the internal network, and the private

stub, on each router. I have some flexibility in numbering and

configuration, since I have two unused /24's. But NAT must not be

nailed to a single router.

What is the best way to configure NAT in a scenario like this? I'm familiar with basic NAT on a cisco, but this is a new layout for me.