Box to Box NAT seems interesting but I probably wont be able to test in gns3 due to my older gns3 code. 

Here is my IOS:

Cisco IOS XE Software, Version 16.09.04
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Versi on 16.9.4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Thu 22-Aug-19 18:09 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2019 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON

xxxxxxxxxxxxx uptime is 16 weeks, 2 days, 6 hours, 23 minutes
Uptime for this control processor is 16 weeks, 2 days, 6 hours, 25 minutes
System returned to ROM by Reload Command at 05:31:34 CDT Tue Oct 15 2019
System restarted at 05:46:00 CDT Tue Oct 15 2019
System image file is "bootflash:isr4400-universalk9.16.09.04.SPA.bin"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None None None
securityk9
appxk9

AdvUCSuiteK9 None None None
uck9
cme-srst
cube

Technology Package License Information:

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None None None
uck9 None None None
securityk9 securityk9 RightToUse securityk9
ipbase ipbasek9 Permanent ipbasek9

The current throughput level is 500000 kbps

Smart Licensing Status: Smart Licensing is DISABLED

cisco ISR4431/K9 (1RU) processor with 1784318K/6147K bytes of memory.
Processor board ID xxxxxxxxxx
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7057407K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.

Configuration register is 0x2102

Hello

Fyi - I am aware csr1000v vm supports it within gns3 

Is this for proof of concept or just interested in learning about stateful hsrp nat or B2B nat

If you provide some additional information i can provide an example for you

are those two rtrs in your topology using the same internal and external ip space and do you wish to have a specifc static translations or dynamic 

This is proof of concept.  both inside interfaces are in the same subnet and outside interfaces are in the same subnet

example:

outside physical interfaces and HSRP are all in same subnet

inside interfaces are in 10.254.28.160/28.  

Only requirement is for all of those /16 networks in cloud to be translated to a single IP address after hitting rtrs.

Hello

You mention an inside subnet of 10.254.28.160/28 but also you wish to nat two /16 subnets , 172.x,x,x/16

Is the an additional routing device between the routers in you OP inside lan interfaces 10.254.28.160/28 and the 172.x.x.x./16 hosts?

Yes, there are more routers (not displayed here) between the 172.x.x.x/16 prefixes and my NAT routers.

Hello @davinci 
The attached file is an example of B2B HA nat based on your network addressing.

Please note you would require an additional physical link between each nat rtr for the B2B control data to allow the synchronization of the nat translation table.

In this example, any failure of either the inside/outside domain interfaces would initiate a failover to the other nat hrsp router and allow continuous connection the assumption here you already have valid routing place for those lan subnets?

thanks, Paul

I don't understand why a direct connection is required between both routers.  Is that more a best practice solution?  They have IP connectivity through the layer 2 switch.  

Hello

Its for control traffic between the two rtrs this needs to a be separate link so to synchronise the nat table it cannot be the lan connected interfaces as these are used for data traffic.

If the rtrs were firewalls then you would need a minimum of two additional interfaces for b2b nat control traffic

Dear Sir, Your details was informational. However, I have some doubts as im also checking similar config. HSRP configuraiton, im familiar but the syntax used by you below are not familiar. Devies C1800, 2800, 3845. My current scenario is PAT without redundancy, so i'm plannig to make similar setup with redundancy. VIP, i will use private IP and LAN Subnet need to be pat. 

redundancy rii 100
redundancy group 1 & 

control GigabitEthernet0/0/3 protocol 1
data GigabitEthernet0/0/3
asymmetric-routing interface GigabitEthernet0/0/3
asymmetric-routing always-divert enable
track 3 decrement 100

post your Q in separate, this make all read and answer you