Good morning, SNAT should be available in IOS on CCO around the first half of December. Please be aware that SNAT will be released in two phases as follows: Phase 1 - SNAT for TCP/UDP protocols with NO embedded port info in the payload. - Symmetric routing only - inside NAT pools only
Phase 2 due out in 1Q'03 - support for protocols that embed port info in the payload. E.G FTP, PPTP/GRE, Skinny, TFTP. - Asymmetric routing support - outside NAT pool support - ip nat inside destination support PLEASE NOTE THESES DATES ARE NOT SET IN STONE AND COULD/PROBABLY WILL CHANGE!!!! Hope this helps :) -----Original Message----- From: Mike Fountain [mailto:[EMAIL PROTECTED]] Sent: 23 November 2002 01:17 To: [EMAIL PROTECTED] Subject: Re: Stateful NAT Failover [7:57857] I've seen some stuff on Cisco, but it has only been for the 7500, 10000, and 12000 series routers. I haven't read too closely, but it may only be for failover for RPs within the same chassis. It also seems to require the 12.0(22)S code, I'm not sure where that train was rolled into the 12.1 or 12.2 trains. Here is the only link I've seen so far that gives config commands: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120 limit/120s/120s22/sso120s.htm#xtocid29 ----- Original Message ----- From: "Howard C. Berkowitz" To: Sent: Thursday, November 21, 2002 4:29 PM Subject: Stateful NAT Failover [7:57857] > I've been hunting for specific technical documentation on stateful > failover between NAT instances in two routers, or even PIX. I can > find lots of marketing references in the description of the Cisco GRIP > architecture, and details of stateful IPsec failover. No details of > NAT failover. > > On assorted search engines (Cisco and non-Cisco), it keeps coming back > to stateful packet inspection, but not NAT per se. > > By stateful NAT failover, assume the following scenario: > > R1 is primary and R2 is backup. R1 knows its mappings from outside > address/port to inside address/port. It shares this information with > R2, which remains passive. Presumably, inside routers use HSRP to find > the active NAT, which is on the DMZ. HSRP on the DMZ can tell the > Internet access routers which NAT is active. > > Does anyone know where this is documented, or is it simply considered > a subset of stateful packet inspection at the implementation, not > marketing, level? For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58020&t=57857 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
