Cisco ASR 5000 series Product Overview page 835

Network Address Translation Overview
In case of bypass NAT flow, in most cases the flow gets checkpointed as part of micro checkpoint.
Any information that is checkpointed as part of full checkpoint is always recovered. Data checkpointed through micro
checkpoint cannot be guaranteed to be recovered. The timing of switchover plays a role for recovery of data done
through micro checkpoint. If failover happens after micro checkpoint is completed, then the micro checkpointed data
will get recovered. If failover happens during micro checkpoint, then the data recovered will be the one obtained from
full checkpoint.
Once NAT IP/and Port-Chunks/Bypass NAT flow are recovered, the following holds good:
One-to-one NAT: Since NAT IP address being used for one-to-one NAT is recovered, on-going flows will be
recovered as part of Firewall Flow Recovery algorithm as one-to-one NAT does not change the port.
Many-to-one NAT: On-going flows will not be recovered as the port numbers being used for flows across
chassis peers/SessMgr peers are not preserved.
Bypass NAT Flow: On-going flows will be recovered as part of Firewall Flow Recovery algorithm.
All of the above items is applicable for ICSR as well.
Category Event
One-to-One Session
NAT
New Traffic
Ongoing Traffic
Unsolicited Traffic
(downlink packets)
Many-to-One Session
NAT
New Traffic
Ongoing
Traffic
Unsolicited Traffic
(downlink packets)
Bypass NAT Session
New Traffic
Ongoing Traffic
Unsolicited Traffic
(downlink packets)
For more information, in the System Enhanced Feature Configuration Guide, see the Session Recovery and Interchassis
Session Recovery chapters.
OL-22938-02
Impacted Details
No Session recovered.
No NAT will be applied.
Yes Cannot differentiate between ongoing traffic and unsolicited traffic. A rule-
match is done and if allowed, NAT will be applied accordingly on the
packet.
Yes Cannot differentiate between ongoing traffic and unsolicited traffic.
Translation will be done and packet action taken based on the rule-match.
No Session recovered.
No NAT will be applied.
TCP Yes Packet will be dropped.
UDP Yes and If it is downlink packet, it will be dropped. If it is uplink packet, NAT will be
No applied with a new port.
ICMP Yes and If it is downlink packet, it will be dropped. If it is uplink packet, NAT will be
No applied with a new port.
No Packet will be dropped.
No Session recovered.
No Traffic will be NAT bypassed.
No Traffic will be NAT bypassed.
No Traffic will be NAT bypassed.
NAT Feature Overview ▀
Cisco ASR 5000 Series Product Overview ▄