HSRP and NAT

[lobo66]

Having an issue with duplicate address showing up in my log files.

I have two routers running HSRP, on both routers they have identical static NAT statement any reason why the router would be getting DUPADDR errors??

THX ALL

 

[ADB100]

I assume from your comment that both routers are NAT's for hosts that would reside on the local subnet (broadcast domain)? If so this behaviour unavoidable since both routers will reply to ARP's for the psuedo addresses (inside global addresses) of the hosts they are performing NAT for.

You can get around the issue by introducing some Layer-3 boundaries so the routers won't respond to ARP's directly for the hosts - i.e. to reach the hosts you are NATing for from the outside they must go through a routed connection.

HTH

Andy

 

[lobo66]

how would I send it throught a routed connection.

 

[helpdeskdan]

Good point ADB100!

Arp makes use of broadcasts. The only way to stop a broadcast is by using router. (Well, there's vacls and whatnot, but that won't do here) If you have a layer 3 switch, you could put the HSRP routers on a seperate vlan and route inbetween the two vlans.

Where do the HSRP routers connect to? Your only other option would be to do Nat further on. Like, on a firewall. Firewalls are good places to do Nat.

 

[lobo66]

Well the setup looks something like this two 2811 routers plugged into two 3745, HSRP is setup on to FA INT's on the 3745 and HSRP is setup on two INT's on the 2811 (Vendor router, black box no access). NAT is set on the 3745 where I am getting the DUP IP's..

 

[UnaBomber]

There is a work around for this problem:

http://www.cisco.com/univercd/cc/td...22/122newft/122t/122t4/ftnthsrp.htm#wp1021949

Using the command redundancy [group-name] at the end of your nat statements.




UnaBomber
ccnp mcse2k

 

[helpdeskdan]

Never heard of that one - thnkx for sharing

 

[lobo66]

I have used it but it broke all my static NAT's, most likely I had a config issue that I have to work through in a lab.. THX ALL