Howard C. Berkowitz wrote: > > I've been hunting for specific technical documentation on > stateful > failover between NAT instances in two routers, or even PIX.
I don't know about routers, but there's an OK document about PIX failover here: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml If you look at the section on Stateful Failover, you'll see that PIX address translation (xlate, static and dynamic) and connection (conn) records are passed to the standby unit from the active unit along with other state information. PIX has a Logical Update (LU) software module that provides transport to PIX applications supporting stateful failover. The state update occurs from the active to standby through the LAN interface. The state update sent to the standby PIX is triggered by the application. The LU transport is UDP-like, with no retransmission. (Bet that's not what you though LU stood for! ;-) There's not a whole lot of detail in the document, but it might be a start. Priscilla > I > can > find lots of marketing references in the description of the > Cisco > GRIP architecture, and details of stateful IPsec failover. No > details of NAT failover. > > On assorted search engines (Cisco and non-Cisco), it keeps > coming > back to stateful packet inspection, but not NAT per se. > > By stateful NAT failover, assume the following scenario: > > R1 is primary and R2 is backup. R1 knows its mappings from > outside > address/port to inside address/port. It shares this > information with > R2, which remains passive. Presumably, inside routers use HSRP > to > find the active NAT, which is on the DMZ. HSRP on the DMZ can > tell > the Internet access routers which NAT is active. > > Does anyone know where this is documented, or is it simply > considered > a subset of stateful packet inspection at the implementation, > not > marketing, level? > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57866&t=57857 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
