10-10-2011 01:05 AM - edited 03-07-2019 02:42 AM
Hi dears
this is my configuration at router.
i know hsrp configuration but i want you to help me how to apply hsrp config to my nat translations??
interface GigabitEthernet0/0
ip address x.x.x.62 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
description connect to ASA outside
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool Internet x.x.x.2 x.x.x.4 netmask 255.255.255.240
ip nat inside source list NAT pool Internet overload
ip nat inside source static tcp 10.0.0.10 25 x.x.x.5 25 extendable
ip nat inside source static udp 10.0.0.2 500 x.x.x.6 500 extendable
ip nat inside source static udp 10.0.0.2 4500 x.x.x.6 4500 extendable
ip nat inside source static tcp 10.0.0.11 80 x.x.x.7 80 extendable
ip nat inside source static tcp 10.0.0.11 443 x.x.x.7 443 extendable
ip nat inside source static 192.168.193.252 x.x.x.8
ip nat inside source static 192.168.193.254 x.x.x.9
ip nat inside source static 10.0.0.254 x.x.x.10
ip route 0.0.0.0 0.0.0.0 x.x.x.61
ip route 10.10.1.0 255.255.255.0 10.0.0.2
10-10-2011 01:26 AM
Hi,
1) For dynamic NAT:
Active HSRP Router
interface g0/1
ip address 10.0.0.1 255.255.255.0
standby 1 ip 10.0.0.x
standby 1 priority 105
standby 1 preempt
standby name HSRP-1
ip nat stateful id 1
redundancy HSRP-1
mapping-id 50
no ip nat inside source list NAT pool Internet overload
ip nat inside source list 1 pool internet mapping-id 50 overload
Standby HSRP Router
interface g0/1
ip address 10.0.0.2 255.255.255.0
standby 1 ip 10.0.0.x
standby 1 preempt
standby name HSRP-1
ip nat stateful id 2
redundancy HSRP-1
mapping-id 50
ip nat inside source list 1 pool internet mapping-id 50 overload
2) for static NAT:
just add the redundancy HSRP-1 to your static NAT commands
Regards.
Alain.
10-10-2011 02:21 AM
Hi Teymur,
Here is the example config as per best practice.
ACTIVE ROUTER CONFIG:
interface GigabitEthernet0/0
ip address xxxxxxxxxxxxx
standby delay minimum 20 reload 20
standby 10 ip xxxxxxxxxxxx
standby 10 priority 110
standby 10 preempt delay minimum 20 reload 20 sync 10
standby 10 name WanHSRP
crypto map vpn redundancy WanHSRP
ip nat Stateful id 1
redundancy WanHSRP
mapping-id 1
protocol udp
ip nat pool nonat xxx.xxx.xxx.xx xxx.xxx.xxx.xx netmask 255.255.255.0
ip nat inside source route-map nonat pool nonat mapping-id 1 overload
ip nat inside source static tcp xx.xx.xx.xx 21 xxx.xxx.xxx.xx redundancy WanHSRP mapping-id 1 extendable
ip nat inside source static tcp xx.xx.xx.xx 80 xxx.xxx.xxx.xx 80 redundancy WanHSRP mapping-id 1 extendable
STANDBY ROUTER CONFIG:
interface GigabitEthernet0/0
ip address xxxxxxxxxxxxxxxxx
standby delay minimum 20 reload 20
standby 10 ip xxxxxxxxxxxxxx
standby 10 priority 90
standby 10 preempt delay minimum 20 reload 20 sync 10
standby 10 name WanHSRP
crypto map vpn redundancy WanHSRP
!
ip nat Stateful id 2
redundancy WanHSRP
mapping-id 1
protocol udp
ip nat pool nonat xxx.xxx.xxx.xx xxx.xxx.xxx.xx netmask 255.255.255.0
ip nat inside source route-map nonat pool nonat mapping-id 1 overload
ip nat inside source static tcp xxx.xxx.xxx.xx 80 xxx.xxx.xxx.xx 80 redundancy WanHSRP mapping-id 1 extendable
ip nat inside source static tcp xx.xx.xx.xx 389 xxx.xxx.xxx.xx 389 redundancy WanHSRP mapping-id 1 extendable
Please rate the helpful posts.
Regards,
Naidu.
10-10-2011 02:36 AM
thansk to reply me.
i have one questions.
1. when i configurated standby router must i write different ip address at intefaces????
this mean that:
interface GigabitEthernet0/0
ip address x.x.x.63 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
description connect to ASA outside
ip address 10.0.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
2. must i write same default route to isp site at standby router?
ip route 0.0.0.0 0.0.0.0 x.x.x.61
3 is it need a isp site write a route to my standby router?
10-10-2011 02:45 AM
Hi,
1. when i configurated standby router must i write different ip address at intefaces????
The physical interface IP should be different from the same subnet but the satndby ip must be same.
2. must i write same default route to isp site at standby router?
Yes, if you have same provider then the default route must be pointing to the same ip what you have in primary router.
3 is it need a isp site write a route to my standby router?
You only need to point your default route to your ISP router.
Please rate the helpful posts.
Regards,
Naidu.
10-10-2011 02:58 AM
Thanks Naidu to help me.
i want to know exatly:
you write to do static nat this way:
ip nat inside source static tcp xxx.xxx.xxx.xx 80 xxx.xxx.xxx.xx 80 redundancy WanHSRP mapping-id 1 extendable
ip nat inside source static tcp xx.xx.xx.xx 389 xxx.xxx.xxx.xx 389 redundancy WanHSRP mapping-id 1 extendable
if i do not write mapping-id 1command at the end of static nat this mean that the static nat translation is not working??? or it is not necessary to add mapping-id 1 command??
why we need to add mapping-id 1 command ??
10-10-2011 03:07 AM
Hi,
the mapping-id command is needed so active translations on the active router can be taken by the standby router without disruption of the traffic.
Alain.
10-10-2011 03:20 AM
Hi,
Good question Teymur..
HSRP NAT means we are doing Statefull nating which is SNAT, which means like a statefull failover kind of thing....
When you added mapping id command the current NAT translations will be handover to standby router when the active router connection is gone so that you wont see any distrub or connection loss while NAT translation handing over from active rotuer to standby router.
Please rate the helpful posts.
Regards,
Naidu.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide