Thanks much! Couldn't anyone come up with a more pleasing acronym than SNAT? It's even worse than SLARP.
Can you give me any source on this announcement, offline if you prefer? At 4:04 PM +0000 11/23/02, [EMAIL PROTECTED] wrote: >SNAT should be available in IOS on CCO around the first half of >December. Please be aware that SNAT will be released in two phases as >follows: >Phase 1 >- SNAT for TCP/UDP protocols with NO embedded port info in the payload. >- Symmetric routing only >- inside NAT pools only > >Phase 2 due out in 1Q'03 >- support for protocols that embed port info in the payload. E.G FTP, >PPTP/GRE, Skinny, TFTP. >- Asymmetric routing support >- outside NAT pool support >- ip nat inside destination support > >Hope this helps :) > >-----Original Message----- >From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] >Sent: 22 November 2002 04:32 >To: [EMAIL PROTECTED] >Subject: RE: Stateful NAT Failover [7:57857] > > >Howard C. Berkowitz wrote: >> >> I've been hunting for specific technical documentation on >> stateful >> failover between NAT instances in two routers, or even PIX. > >I don't know about routers, but there's an OK document about PIX failover >here: > >http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note0918 >6a0080094ea7.shtml > >If you look at the section on Stateful Failover, you'll see that PIX address >translation (xlate, static and dynamic) and connection (conn) records are >passed to the standby unit from the active unit along with other state >information. > >PIX has a Logical Update (LU) software module that provides transport to PIX >applications supporting stateful failover. The state update occurs from the >active to standby through the LAN interface. The state update sent to the >standby PIX is triggered by the application. The LU transport is UDP-like, >with no retransmission. > >(Bet that's not what you though LU stood for! ;-) > >There's not a whole lot of detail in the document, but it might be a start. > >Priscilla > >> I >> can >> find lots of marketing references in the description of the >> Cisco >> GRIP architecture, and details of stateful IPsec failover. No >> details of NAT failover. >> >> On assorted search engines (Cisco and non-Cisco), it keeps >> coming >> back to stateful packet inspection, but not NAT per se. >> >> By stateful NAT failover, assume the following scenario: >> >> R1 is primary and R2 is backup. R1 knows its mappings from >> outside >> address/port to inside address/port. It shares this >> information with >> R2, which remains passive. Presumably, inside routers use HSRP >> to >> find the active NAT, which is on the DMZ. HSRP on the DMZ can >> tell >> the Internet access routers which NAT is active. >> >> Does anyone know where this is documented, or is it simply >> considered >> a subset of stateful packet inspection at the implementation, >> not >> marketing, level? >For more information about Barclays Capital, please >visit our web site at http://www.barcap.com. > > >Internet communications are not secure and therefore the Barclays >Group does not accept legal responsibility for the contents of this >message. Although the Barclays Group operates anti-virus programmes, >it does not accept responsibility for any damage whatsoever that is >caused by viruses being passed. Any views or opinions presented are >solely those of the author and do not necessarily represent those of the >Barclays Group. Replies to this email may be monitored by the Barclays >Group for operational or business reasons. > >------------------------------------------------------------------------ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57948&t=57857 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
