Paul,
If you change it does it take away the error message you were seeing? My understanding was the ID's need to be unique if they are both going to be passing traffic. So if both routers are actively forming NAT entries in the table they need the unique entries to correlate the correct entries to each host. Now if both are running in a redundant state and only the active HSRP device is performing NAT translations then they should share an identical ID as only the active device should be creating NAT entries. This is the conclusion I have drawn based off the documentation. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Paul Stewart Sent: Saturday, August 01, 2009 12:38 PM To: [email protected] Subject: [OSL | CCIE_Security] 2a SNAT According to the proctor guide, both routers use a stateful-id of 1. The Addressing configuration guide is gray on whether this should be unique or not and even shows HSRP peers as having the identical config. If you look at the Cisco article below, it clearly states that they should be unique. http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper0 9186a0080118b04.shtml "Note: <http://www.cisco.com/warp/public/illus/images/blank.gif> Note the ID is different for the each router. Each SNAT router should have a unique ID number. " It also goes on to say "NAT entries have been extended to include information about which of the SNAT routers created them, and which router is responsible for the state and timing of that particular entry. The combination of the entry id-number and the SNAT router id-number make each entry unique within the group." The following document states that the "stateful id" is a "Unique number given to each router in the stateful translation group." I guess I am trying to understand the router's way of thinking. How can this work both ways?
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
