Stateful NAT failover = yes. Stateful CBAC failover = ????

Discussion in 'Cisco' started by Alec Waters, Jun 9, 2004.

  1. Alec Waters

    Alec Waters Guest

    Hi all,

    Stateful NAT failover is described here:

    http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801fce09.html

    If you have a setup like the one shown in Figure 1, things will fall
    down if the routers in question are running the IOS firewall feature
    set. The dynamic ACL entries added by CBAC on the "Primary NAT" router
    will not have been replicated to the "Backup NAT" router, and the return
    traffic will be dropped (even though a NAT translation exists for it).

    Is there anything like stateful CBAC failover, in a similar vein to the
    above? Or some other way to synchronize dynamic ACL entries between two
    IOS Firewall routers?

    thanks a lot,
    alec
    --
     
    Alec Waters, Jun 9, 2004
    #1

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. CBAC & NAT & Access Lists

  2. PIX Stateful Failover

  3. cbac, nat & dialer issues

  4. yes yes

  5. Linksys WRT54GS Router with SPI Stateful Packet Inspection and Vonage

  6. yes minister and yes prime minister wanted

  7. Stateful Failover

  8. cisco ASA/PIX failover and VPN, failover IP access problem

Loading...