08-10-2007 06:32 AM - edited 03-05-2019 05:50 PM
I need to have two redundant routers that should provide static NAT services. I run 12.2 (no flash memory to store 12.3) that can't bind static nat addresses to active hsrp (as recommended at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnthsrp.htm)
Is it a supported configuration to have identical static IP rules on both routers? Should I have different IP addresses for outgoing packets?
*******config looks like this ************************************
version 12.2
interface FastEthernet0/0
ip address 10.2.2.98 255.255.255.0
ip access-group 102 in
no ip redirects
no ip proxy-arp
ip nat outside
no ip mroute-cache
speed 100
full-duplex
standby 31 ip 10.2.2.97
standby 31 priority 105
standby 31 preempt
standby 31 authentication XXX
standby 31 track FastEthernet0/1
!
interface FastEthernet0/1
ip address 10.1.1.54 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
speed 100
full-duplex
standby 32 ip 10.1.1.53
standby 32 priority 105
standby 32 preempt
standby 32 authentication XXX
standby 32 track FastEthernet0/0
!
!
ip nat inside source static 10.1.1.51 10.2.2.95
ip nat inside source static 10.1.1.56 10.2.2.83
***********************************************
NAT worked on the active router for a very long period of time.
After stopping of active router for maintenance and booting it again,I got the following problems. Both routers claimed they have 10.2.2.95
Duplicate address 10.2.2.95 on FastEthernet0/0, sourced by 0003.e389.3d61
Duplicate address 10.2.2.95 on FastEthernet0/0, sourced by 0007.855c.e340
Second NAT rule does not work at all - it didn't activate on standby node, but now traceroute comes into the active node and stops there, even after disabling nat and rebooting of standby node; it does not answer to ARP replies about address 10.2.2.83).
I believed that 10.2.2.95 should be released because no traffic to be translated is travelling via standby router.
HSRP changes of states were normal.
Thanks a lot for your comments!
08-11-2007 07:39 PM
You should configure stateful NAT instead, that will fix your problem.
Narbik Kocharians
CCSI, CCIE #12410 (R&S, Security and SP)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide