Introduction:

This post shows a way to configure Stateful NAT using HSRP for failover. This configuration does not use peer ip but uses the HSRP group name to find the primary and peer for the NAT.

Configuration Checklist:

• Configure HSRP between R1 – R2
• Use unique standby {1} name {name} – this name is used in the stateful nat configuration
• Configure access-list, pool for NAT
• Configure interfaces with nat inside and outside
• Configure stateful nat using above pool, access-list and standy name

R1:

interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 1 ip 192.168.1.1
standby 1 priority 110
standby 1 preempt
standby 1 name SNAT-1
# SNAT-1 should be unique as this will form the stateful nat's peer
!
interface Ethernet0/1
ip address 37.0.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
router ospf 1
router-id 1.1.1.1
network 37.0.0.0 0.0.0.255 area 0
!
ip nat Stateful id 1
# stateful id need not be unique
redundancy SNAT-1
# Use the redundancy name as the standby groups name
mapping-id 1
# mapping-id id need to be unique and same on both devices
protocol udp
ip nat pool NAT-37.0.0.0/24 37.0.0.10 37.0.0.100 prefix-length 24
ip nat inside source list RANGE-192.168.1.0/24 pool NAT-37.0.0.0/24 mapping-id 1 overload
!
ip access-list standard RANGE-192.168.1.0/24
permit 192.168.1.0 0.0.0.255

R2:

interface Ethernet0/0
ip address 192.168.1.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 1 ip 192.168.1.1
standby 1 preempt
standby 1 name SNAT-1
!
interface Ethernet0/2
ip address 38.0.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
router ospf 1
router-id 2.2.2.2
network 38.0.0.0 0.0.0.255 area 0
!
ip nat Stateful id 1
redundancy SNAT-1
mapping-id 1
protocol udp
ip nat pool NAT-38.0.0.0/24 38.0.0.10 38.0.0.100 prefix-length 24
ip nat inside source list RANGE-192.168.1.0/24 pool NAT-38.0.0.0/24 mapping-id 1 overload
!
ip access-list standard RANGE-192.168.1.0/24
permit 192.168.1.0 0.0.0.255
!