NAT and HSRP on CISCO 2650 IOS 12.2

Discussion in 'Cisco' started by Hub, Dec 31, 2003.

  1. Hub

    Hub Guest

    Hi,

    Let me explain you a small problem with NAT and HSRP on a 2650 CISCO
    IOS 12.2 :

    We have this simple topology :


    Network 2.0.0.0/24
    outside
    !
    !
    !
    !

    standby group 20
    standby IP : 2.0.0.4
    _______________ ________________
    ! ! ! !
    ! 2.0.0.5 ! ! 2.0.0.6 !
    ! Active Router ! ! Passive Router !
    ! A ! ! B !
    ! 1.0.0.5 ! ! 1.0.0.6 !
    !_______________! !________________!

    standby group 10
    standby IP : 1.0.0.4

    !
    !
    !
    !
    inside
    Network 1.0.0.0/24


    So we have configured 2 Cisco routers with HSRP. All works normally,
    no problem on this side.

    But twe have also configured a NAT entry on those 2 routers :
    ip nat outside source static 2.0.0.15 1.0.0.15 extendable

    When the router A is active (and B passive). The nat is ok and we are
    able to join the host 1.0.0.15 (from inside) : Our client stations are
    on the same network (1.0.0.0/24) and they can ping 1.0.0.15.

    But we have noticed that ARP resolution of 1.0.0.15 is done with the
    Router A's private Mac Address. And this is a real problem when the
    router A is down : client arp entries are still seeing ip 1.0.0.15
    though this private Mac Address and Router B becomes useless...

    Of course we have not this problem if the NAT is done with IP that is
    on a different network. For example :
    ip nat outside source static 2.0.0.15 1.2.0.15 extendable

    In this case, the client passes though a default gateway and this
    default gateway do the arp resolution with his next hop : 1.0.0.4. The
    returned Mac Address is the HSRP virtual Mac Address and all is
    fine...

    But we must keep our internal address 1.0.0.15 (it's another
    problem... ;-). And with this NAT entry, we are not able to ensure
    backup security on these 2 routers...

    Would you have any suggestion ?

    I'm thinking about something like forcing the routers A and B to
    answer with HSRP Mac Address but how could I do that ?

    Thanks in advance for your help !

    Regards. Hub'
    Hub, Dec 31, 2003
    #1
    1. Advertising

  2. "Hub" <> wrote in message
    news:...
    > I'm thinking about something like forcing the routers A and B to
    > answer with HSRP Mac Address but how could I do that ?


    Have you read
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnthsrp.htm

    (First hit with "NAT HSRP" in google)

    in 12.2(4)T and later (and 12.3, by extension) The "redundancy" keyword is
    added to ip nat inside source static

    Eg

    ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1

    Where HSRP1 is the standby group name.
    Phillip Remaker, Dec 31, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian R. Jack
    Replies:
    1
    Views:
    3,244
    Øystein Berg
    Sep 15, 2004
  2. Brian R. Jack
    Replies:
    8
    Views:
    1,677
    Hansang Bae
    Sep 14, 2004
  3. Replies:
    0
    Views:
    557
  4. Guest

    Re: Fuji Finepix 2650 Focusing Noise???

    Guest, Aug 6, 2003, in forum: Digital Photography
    Replies:
    1
    Views:
    434
    Guest
    Aug 6, 2003
  5. Mike Rahl
    Replies:
    1
    Views:
    1,227
    Trendkill
    May 30, 2007
Loading...

Share This Page