NAT problems

Vignesh Srinivasan · ‎09-26-2012

Hello Everyone,

Ran into a slight problem and looking for some ideas.

I have two L3 devices directly connected to two of my clients routers.

The configurations are similar and all routes are learned via OSPF

I have HSRP running at the back interfaces

Now my problem is ,

My first L3 device generates and NAT's out traffic, all return traffic comes via the second router and is thereby unable to reverse NAT since the session is only at the first router.

I wanted ot know

1) IS there anyway I can run HSRP on the outside interfaces as well and inject the virtual IP into OSPF ( is it possible cuz its a L3 device)?

2) IF I use SNAT to replicate sessions, will the second L3 device be able to reverse NAT even though the first router is up and running ( Not failed) ?

Also, if you guys could suggest anything else that could help me with this little problem...

Thanks in advance

Giuseppe Larosa · ‎09-26-2012

Hello Vignesh,

I would suggest you to follow the SNAT deployment guidelines

see

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6969/ps1839/prod_white_paper0900aecd8052870b.html

To solve your issue you probably need to remove OSPF on outside interface and to use another HSRP group that is coordinated with the HSRP group running on the inside so that the same router is HSRP active at the same time on the inside interface and on the outside interface.

The HSRP VIP on outside interface has to be used as the IP next-hop of a static route with destination the NAT pool.

Edit:

2) you can refer to SNAT phase 2 for support of asymmetric routing

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtsnatay.html

Hope to help

Giuseppe