Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > NAT and HSRP on CISCO 2650 IOS 12.2

Reply
Thread Tools

NAT and HSRP on CISCO 2650 IOS 12.2

 
 
Hub
Guest
Posts: n/a
 
      12-31-2003
Hi,

Let me explain you a small problem with NAT and HSRP on a 2650 CISCO
IOS 12.2 :

We have this simple topology :


Network 2.0.0.0/24
outside
!
!
!
!

standby group 20
standby IP : 2.0.0.4
_______________ ________________
! ! ! !
! 2.0.0.5 ! ! 2.0.0.6 !
! Active Router ! ! Passive Router !
! A ! ! B !
! 1.0.0.5 ! ! 1.0.0.6 !
!_______________! !________________!

standby group 10
standby IP : 1.0.0.4

!
!
!
!
inside
Network 1.0.0.0/24


So we have configured 2 Cisco routers with HSRP. All works normally,
no problem on this side.

But twe have also configured a NAT entry on those 2 routers :
ip nat outside source static 2.0.0.15 1.0.0.15 extendable

When the router A is active (and B passive). The nat is ok and we are
able to join the host 1.0.0.15 (from inside) : Our client stations are
on the same network (1.0.0.0/24) and they can ping 1.0.0.15.

But we have noticed that ARP resolution of 1.0.0.15 is done with the
Router A's private Mac Address. And this is a real problem when the
router A is down : client arp entries are still seeing ip 1.0.0.15
though this private Mac Address and Router B becomes useless...

Of course we have not this problem if the NAT is done with IP that is
on a different network. For example :
ip nat outside source static 2.0.0.15 1.2.0.15 extendable

In this case, the client passes though a default gateway and this
default gateway do the arp resolution with his next hop : 1.0.0.4. The
returned Mac Address is the HSRP virtual Mac Address and all is
fine...

But we must keep our internal address 1.0.0.15 (it's another
problem... . And with this NAT entry, we are not able to ensure
backup security on these 2 routers...

Would you have any suggestion ?

I'm thinking about something like forcing the routers A and B to
answer with HSRP Mac Address but how could I do that ?

Thanks in advance for your help !

Regards. Hub'
 
Reply With Quote
 
 
 
 
Phillip Remaker
Guest
Posts: n/a
 
      12-31-2003

"Hub" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I'm thinking about something like forcing the routers A and B to
> answer with HSRP Mac Address but how could I do that ?


Have you read
http://www.cisco.com/univercd/cc/td/...4/ftnthsrp.htm

(First hit with "NAT HSRP" in google)

in 12.2(4)T and later (and 12.3, by extension) The "redundancy" keyword is
added to ip nat inside source static

Eg

ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1

Where HSRP1 is the standby group name.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
instructions on how to perform an IOS upgrade on a Catalyst 6500 switch (IOS to IOS) Mike Rahl Cisco 1 05-30-2007 05:22 PM
Cisco 2650 Nat anomaly nashweber@gmail.com Cisco 0 10-13-2005 12:58 AM
Cisco 804 ISDN w/NAT (not familiar with Cisco IOS) Bob Willey Cisco 0 07-25-2003 03:01 PM
Re: Cisco 804 ISDN w/NAT (not familiar with Cisco IOS) RC Cisco 1 07-23-2003 07:45 PM
Re: Cisco 804 ISDN w/NAT (not familiar with Cisco IOS) JShepherd Cisco 0 07-22-2003 10:28 PM



Advertisments