Hi Giuseppe,

your post developed confidence in me with the concept. But can you please explain further the why and what is the behaviour of "redundancy CCIE"

"ip nat inside source static x.x.x.x y.y.y.y redundancy CCIE"

I noticed that this keyword "redundancy CCIE" is not used in configuration when Stateful NAT is enabled.

The link you refered are useful, But i have made thorough study before writing here.

Please help

sairam

Hello Sairam,

see the redundancy CCIE as a pointer to another object that has an attribute /name "CCIE"

the same is used for Stateful IPSec

we have a paif of C7200 NPE G2 with stateful ipsec

on internal network there is

standby 20 ip 10.98.144.20

standby 20 priority 90

standby 20 preempt

standby 20 name HA-ins

then the redundancy inter-device object in config points to the name

redundancy inter-device

scheme standby HA-ins

!

Commands are slightly different but the concept is the same a name is used like a label to put in relationship two objects like NAT and HSRP in your case.

Hope to help

Giuseppe

Hi Giuseppe,

Very good explanation. I got it.

Now another point raised in my mind.

If so, then how it differs from stateful nat command

ip nat stateful 1

redundancy CCIE

mapping 10

What is the difference. I tried this in lab yesterday. I found to be similar.

I may be refering some thing wrong. Please clarify this point.

Sairam

Hello Sairam,

thanks for your kind remarks.

very similar indeed.

in stateful NAT as I wrote the syntax is slightly different and you assign the label "CCIE" to both the standby group name and to the ip nat stateful instance 1.

Here the same label is used in the two objects that have to be linked

so redundancy CCIE says points to whatever object has an attribute with this string.

From a conceptual point of view I think it is very similar.

Hope to help

Giuseppe

Hi Giuseppe,

This topic picked the interest. I tested the setup using "redundancy HSRP-GROUP" keyword in "ip nat inside source" command. The result is as below:

Two Routers running HSRP

R2 - ACTIVE

R3 - STANDY

Configurations are attached for your kind reference.

1. I created static one to one NAT in both the routers R2 & R3 (as shown in attached configuration)

2. when i telnet an outside host from an inside host, NAT table is formed in R2. But it is not replicated in R3.

3. When i made the R2 inside port down, R3 router become active and new nat translation is created in R3. Where is the connection is statefull here??

Then i read somewhere that it is very useful only in PAT scenario. So started to configure PAT in routers

But, I donot see "redundancy" key word. (see the attachment for output)

Please tell me where I am deviating from the point?

Thanks in advance and I am scrathing my head for the past one day. please help

Sairam

Hi experts,

do you find any clues, why and what for ir is like this. I will look forward to hear from you

Sairam

Hi,

I tried to take this details. No where it is available clearly, Seems CISCO has not documented this to the depth.

Shall i wait for your comments

SAIRAM

Hello Sairam,

your results confirm this is a stateless redundancy not able to pass nat entries states between the two devices.

>> 3. When i made the R2 inside port down, R3 router become active and new nat translation is created in R3. Where is the connection is statefull here??

Practical usage of this is zero and everyone is going to use real stateful NAT in real world networks.

This can be the residual of old times pre -SNAT support.

Hope to help

Giuseppe