«

Hi all,

Stateful NAT failover is described here:

http://www.cisco.com/en/US/products/...0801fce09.html

If you have a setup like the one shown in Figure 1, things will fall
down if the routers in question are running the IOS firewall feature
set. The dynamic ACL entries added by CBAC on the "Primary NAT" router
will not have been replicated to the "Backup NAT" router, and the return
traffic will be dropped (even though a NAT translation exists for it).

Is there anything like stateful CBAC failover, in a similar vein to the
above? Or some other way to synchronize dynamic ACL entries between two
IOS Firewall routers?

thanks a lot,
alec
--