Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - END-OF-SALE AND END-OF-LIFE PRODUCTS
      - CISCO IOS SOFTWARE RELEASES 12.2 T
        CONFIGURE
        FEATURE GUIDES
        NAT - Static Mapping Support with HSRP for High Availability

Cisco IOS Software Releases 12.2 T

NAT - Static Mapping Support with HSRP for High Availability

Downloads

NAT - Static Mapping Support with HSRP for High Availability

Table Of Contents

NAT—Static Mapping Support with HSRP for High Availability

Feature Overview

Restrictions for Configuring Static Mapping Support for HSRP

Benefits of Configuring Static Mapping Support for HSRP

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Enabling HSRP on the Interface

Enabling Static NAT in an HSRP Environment

Verifying HSRP on the Interface

Verifying Static NAT in an HSRP Environment

Configuration Examples

Command Reference

ip nat inside source

ip nat outside source

NAT—Static Mapping Support with HSRP for High Availability

Feature History

Release

Modification

12.2(4)T

This feature was introduced.

12.2(4)T2

Support for the Cisco 7500 series routers was added.

This document describes the NAT—Static Mapping Support with HSRP for High Availability feature. It includes the following sections:

•Feature Overview

•Supported Platforms

•Supported Standards, MIBs, and RFCs

•Configuration Tasks

•Configuration Examples

•Command Reference

Feature Overview

When an Address Resolution Protocol (ARP) query is triggered for an address that is configured with Network Address Translation (NAT) static mapping and owned by the router, NAT responds with the BIA MAC address on the interface to which the ARP is pointing. Two routers are acting as HSRP active and standby. Their NAT inside interfaces must be enabled and configured to belong to a group.

Restrictions for Configuring Static Mapping Support for HSRP

•Configuring static mapping support for SRP provides NAT support in the presence of HSRP using static mapping configuration only.

•Static NAT mappings must be mirrored on two or more HSRP routers, because NAT state will not be exchanged between the routers running NAT in an HSRP group.

•Behavior will be unpredictable if both HSRP routers have the same static NAT and are not configured with the hsrp keyword linking them to the same HSRP group.

Benefits of Configuring Static Mapping Support for HSRP

•Using static mapping support for HSRP, fail-over is ensured without having to time out and repopulate upstream ARP caches in a high-availability environment, where HSRP router pairs have identical NAT configurations for redundancy.

•Static mapping support for HSRP allows the option of having only the HSRP active router respond to an incoming ARP for a router configured with a NAT address.

Related Documents

•Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2

•Cisco IOS IP Configuration Guide, Release 12.2

Supported Platforms

•Cisco 2500 series

•Cisco 2600 series

•Cisco 3620 router

•Cisco 3640 router

•Cisco 3660 router

•Cisco 7100 series

•Cisco 7200 series

•Cisco 7500 series

Determining Platform Support Through Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.

To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

No new or modified RFCs are supported by this feature.

Configuration Tasks

See the following sections for configuration tasks for the NAT—Static Mapping Support with HSRP for High Availability feature. Each task in the list is identified as either required or optional:

•Enabling HSRP on the Interface (required)

•Enabling Static NAT in an HSRP Environment (required)

•Verifying HSRP on the Interface (optional)

•Verifying Static NAT in an HSRP Environment (optional)

Enabling HSRP on the Interface

To enable HSRP on the interface, use the following commands in interface configuration mode:

Command

Purpose

Step 1

Router(config-if)# ip address

Sets the primary IP address for the interface.

Step 2

Router(config-if)# no ip redirects

Disables sending of redirect messages.

Step 3

Router(config-if)# ip nat {inside | outside}

Marks the interface as connected to the inside or outside.

Step 4

Router(config-if)# standby [group-number] ip [ip-address [secondary]]

Enables the HSRP.

Step 5

Router(config-if)# standby name [group-name]

Sets the HSRP group name.

Enabling Static NAT in an HSRP Environment

To enable static mapping support with HSRP for high availability, use the following commands in global configuration mode, as needed:

Command

Purpose

Router(config)# ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip redundancy group-name}

Enables the router to respond to ARP queries using BIA MAC, if HSRP is configured on the NAT inside interface.

Router(config)# ip nat outside source {list {access-list-number | access-list-name} pool pool-name | static local-ip global-ip redundancy group-name}

Enables the router to respond to ARP queries using BIA MAC, if HSRP is configured on the NAT outside interface.

Verifying HSRP on the Interface

To verify the HSRP configuration, use the following command in privileged EXEC mode:

Command

Purpose

Router# show standby

Displays HSRP information.

Verifying Static NAT in an HSRP Environment

To verify the static NAT configuration in an HSRP environment, use the following command in privileged EXEC mode:

Command

Purpose

Router# show ip nat translations [verbose]

Displays active NAT translations.

Configuration Examples

This section provides the following configuration example:

•Enabling Static NAT in an HSRP Environment

Enabling Static NAT in an HSRP Environment Example

The following example shows support for NAT with a static configuration in an HSRP environment. Two routers are acting as HSRP "active" and "standby," and the NAT inside interfaces are HSRP enabled and configured to belong to the group HSRP1.

Active Router Configuration
interface BVI10
 ip address 192.168.5.54 255.255.255.255.0
 no ip redirects
 ip nat inside
 standby 10 priority 105 preempt
 standby 10 name HSRP1
 standby 10 ip 192.168.5.30
 standby 10 track Ethernet2/1
!
!
 ip default-gateway 10.0.18.126
 ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1
 ip classless
 ip route 11.11.11.0 255.255.255.0 Ethernet2/1
 ip route 172.22.33.0 255.255.255.0 Ethernet2/1
 no ip http server
Standby Router Configuration
interface BVI10
 ip address 192.168.5.56 255.255.255.255.0
 no ip redirects
 ip nat inside
 standby 10 priority 100 preempt
 standby 10 name HSRP1
 standby 10 ip 192.168.5.30
 standby 10 track Ethernet3/1
!
 ip default-gateway 10.0.18.126
 ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1
 ip classless
 ip route 10.0.32.231 255.255.255 Ethernet3/1
 ip route 11.11.11.0 255.255.255.0 Ethernet3/1
no ip http server

Command Reference

This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publication.

•ip nat inside source

•ip nat outside source

ip nat inside source

To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.

ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip redundancy group-name}
no ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip redundancy group-name}
Syntax Description

list access-list-number

Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

list access-list-name

Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

pool pool-name

Name of the pool from which global IP addresses are allocated dynamically.

overload

(Optional) Enables the router to use one global address for many local addresses. When overloading is configured, the TCP or User Datagram Protocol (UDP) port number of each inside host distinguishes between the multiple conversations using the same local IP address.

static local-ip

Sets up a single static translation. The local-ip argument establishes the local IP address assigned to a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete.

global-ip

Sets up a single static translation. The global-ip argument establishes the globally unique IP address of an inside host as it appears to the outside world.

redundancy group-name

Name of the group configured on the NAT inside interface in a Hot Standby Routing Protocol (HSRP) environment.

Defaults

No default behavior or values

Command Modes

Global configuration

Command History

Release

Modification

11.2

This command was introduced.

12.2(4)T

This command was modified to include static translation with Hot Standby Routing Protocol (HSRP), and the redundancy group-name keyword/argument was added.

Usage Guidelines

This command has two forms: dynamic and static address translation. The form with an access list establishes dynamic translation. Packets from addresses that match the standard access list are translated using global addresses allocated from the pool named with the ip nat pool command.

Alternatively, the syntax form with the static keyword establishes a single static translation.

Examples

The following example translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 network to the globally unique 171.69.233.208/28 network:
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface ethernet 0
 ip address 171.69.232.182 255.255.255.240
 ip nat outside
!
interface ethernet 1
 ip address 192.168.1.94 255.255.255.0
 ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
The following example shows support for NAT with a static configuration in an HSRP environment. Two routers are acting as HSRP "active" and "standby," and the NAT inside interfaces are HSRP enabled and configured to belong to the group HSRP1.

Active Router Configuration
interface BVI10
 ip address 192.168.5.54 255.255.255.255.0
 no ip redirects
 ip nat inside
 standby 10 priority 105 preempt
 standby 10 name HSRP1
 standby 10 ip 192.168.5.30
 standby 10 track Ethernet2/1
!
!
 ip default-gateway 10.0.18.126
 ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1
 ip classless
 ip route 11.11.11.0 255.255.255.0 Ethernet2/1
 ip route 172.22.33.0 255.255.255.0 Ethernet2/1
 no ip http server
Standby Router Configuration
interface BVI10
 ip address 192.168.5.56 255.255.255.255.0
 no ip redirects
 ip nat inside
 standby 10 priority 100 preempt
 standby 10 name HSRP1
 standby 10 ip 192.168.5.30
 standby 10 track Ethernet3/1
!
 ip default-gateway 10.0.18.126
 ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1
 ip classless
 ip route 10.0.32.231 255.255.255 Ethernet3/1
 ip route 11.11.11.0 255.255.255.0 Ethernet3/1
no ip http server

Related Commands

Command

Description

clear ip nat translation

Clears dynamic NAT translations from the translation table.

ip nat

Designates that traffic originating from or destined for the interface is subject to NAT.

ip nat inside destination

Enables NAT of the inside destination address.

ip nat outside source

Enables NAT of the outside source address.

ip nat pool

Defines a pool of IP addresses for NAT.

show ip nat statistics

Displays NAT statistics.

show ip nat translations

Displays active NAT translations.

ip nat outside source

To enable Network Address Translation (NAT) of the outside source address, use the ip nat outside source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.

ip nat outside source {list {access-list-number | access-list-name} pool pool-name | static global-ip local-ip redundancy group-name}
no ip nat outside source {list {access-list-number | access-list-name} pool pool-name | static global-ip local-ip redundancy group-name}
Syntax Description

list access-list-number

Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

list access-list-name

Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

pool pool-name

Name of the pool from which global IP addresses are allocated.

static global-ip

Sets up a single static translation. The global-ip argument establishes the globally unique IP address assigned to a host on the outside network by its owner. It was allocated from globally routable network space.

local-ip

Sets up a single static translation. The local-ip argument establishes the local IP address of an outside host as it appears to the inside world. The address was allocated from address space routable on the inside (RFC 1918, Address Allocation for Private Internets).

redundancy group-name

Name of the group configured on the NAT outside interface in a Hot Standby Routing Protocol (HSRP) environment.

Defaults

No default behavior or values

Command Modes

Global configuration

Command History

Release

Modification

11.2

This command was introduced.

12.2(4)T

This command was modified to include static translation with Hot Standby Routing Protocol (HSRP), and the redundancy group-name keyword/argument was added.

Usage Guidelines

You might have IP addresses that are not legal, officially assigned IP addresses. Perhaps you chose IP addresses that officially belong to another network. The case of an address used illegally and legally is called overlapping. You can use NAT to translate inside addresses that overlap with outside addresses. Use this feature if your IP addresses in the stub network happen to be legitimate IP addresses belonging to another network, and you need to communicate with those hosts or routers.

This command has two forms: dynamic and static address translation. The form with an access list establishes dynamic translation. Packets from addresses that match the standard access list are translated using global addresses allocated from the pool named with the ip nat pool command.

Alternatively, the syntax form with the static keyword establishes a single static translation.

Examples

The following example translates between inside hosts addressed from the 9.114.11.0 network to the globally unique 171.69.233.208/28 network. Further packets from outside hosts addressed from the 9.114.11.0 network (the true 9.114.11.0 network) are translated to appear to be from the 10.0.1.0/24 network.
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28 
ip nat pool net-10 10.0.1.0 10.0.1.255 prefix-length 24
ip nat inside source list 1 pool net-208
ip nat outside source list 1 pool net-10
!
interface ethernet 0
 ip address 171.69.232.182 255.255.255.240
 ip nat outside
!
interface ethernet 1
 ip address 9.114.11.39 255.255.255.0
 ip nat inside
!
access-list 1 permit 9.114.11.0 0.0.0.255
The following example shows support for NAT with a static configuration in an HSRP environment. Two routers are acting as HSRP "active" and "standby," and the NAT outside interfaces are HSRP enabled and configured to belong to the group HSRP1.

Active Router Configuration
interface BVI10
 ip address 192.168.5.54 255.255.255.255.0
 no ip redirects
 ip nat outside
 standby 10 priority 105 preempt
 standby 10 name HSRP1
 standby 10 ip 192.168.5.30
 standby 10 track Ethernet2/1
!
!
 ip default-gateway 10.0.18.126
 ip nat outside source static 192.168.5.33 3.3.3.5 redundancy HSRP1
 ip classless
 ip route 11.11.11.0 255.255.255.0 Ethernet2/1
 ip route 172.22.33.0 255.255.255.0 Ethernet2/1
 no ip http server
Standby Router Configuration
interface BVI10
 ip address 192.168.5.56 255.255.255.255.0
 no ip redirects
 ip nat outside
 standby 10 priority 100 preempt
 standby 10 name HSRP1
 standby 10 ip 192.168.5.30
 standby 10 track Ethernet3/1
!
 ip default-gateway 10.0.18.126
 ip nat outside source static 192.168.5.33 3.3.3.5 redundancy HSRP1
 ip classless
 ip route 10.0.32.231 255.255.255 Ethernet3/1
 ip route 11.11.11.0 255.255.255.0 Ethernet3/1
 no ip http server
Related Commands.

Command

Description

clear ip nat translation

Clears dynamic NAT translations from the translation table.

ip nat

Designates that traffic originating from or destined for the interface is subject to NAT.

ip nat inside destination

Enables NAT of the inside destination address.

ip nat inside source

Enables NAT of the inside source address.

ip nat pool

Defines a pool of IP addresses for NAT.

show ip nat statistics

Displays NAT statistics.

show ip nat translations

Displays active NAT translations.