Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
2
Replies

ARP & NAT on external network

Go to solution
Mokhalil82
Level 4
Level 4

‎07-13-2015 04:23 AM - edited ‎03-08-2019 12:56 AM

Hi

I am trying to understand how ARP works on the external part of a network, that is between our external routers to the ISP routers. Please see the attached diagram. Both my primary and backup sites area mile or 2 apart and the ISP is using HSRP to failover their routers. 

We also have incoming NATS and some or all of this failed during us testing the failover. So we initiated a failover and as expected all our traffic started using the backup router to go out. On the backup path we currently do not have NAT configured so not expecting anything back. When we restore the failover we ntice the incoming NATS are now not working until we clear the arp cache and nat translations on our primary router.

Just trying to figure out what is going on here. Any hep would be greatly appreciated.

Thanks

Labels:
Preview file
21 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Mc Nicholas
Level 1
Level 1

‎07-13-2015 11:37 AM

Part of the problem you are running into is related to arp being cached and a solution like this will also break established NAT translations (Outbound & Inbound) in a fail over situation especially if your wan IP changes from your primary to your secondary. I could suggest maybe looking at HSRP on your wan interfaces however I thing the better solution would be to get your ISP to route your ip addresses to you even if they are /32's using BGP, You could use any routing protocol you can agree with your provider however BGP is generally accepted as the go-to choice as an external routing protocol. this won't find the broken nat sessions when things fail over however it will make life easier 

Hope this helps

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mark Mc Nicholas
Level 1
Level 1

‎07-13-2015 11:37 AM

Part of the problem you are running into is related to arp being cached and a solution like this will also break established NAT translations (Outbound & Inbound) in a fail over situation especially if your wan IP changes from your primary to your secondary. I could suggest maybe looking at HSRP on your wan interfaces however I thing the better solution would be to get your ISP to route your ip addresses to you even if they are /32's using BGP, You could use any routing protocol you can agree with your provider however BGP is generally accepted as the go-to choice as an external routing protocol. this won't find the broken nat sessions when things fail over however it will make life easier 

Hope this helps

 

0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to Mark Mc Nicholas

‎07-16-2015 03:18 AM

Hi Mark

 

Thanks for the explanation. Think il have to look into BGP with the ISP

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card