Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3738
Views
0
Helpful
4
Replies

AWS CSR1000V (NAT) - Automated Methods?

vault2002
Level 1
Level 1

‎03-16-2021 07:32 PM

Hello,

 

We are looking to use the CSR1000V for multiple clients using IPSEC tunnels into our AWS Environment so we can manage 1000's of client end devices. To support this we wanted to setup NAT but were unsure on the best method being used by most organisations today.

 

How are others doing NAT on these CSR1000V devices, is there any automated method that is suggested for NAT solutions with clients devices or is it more a manual process.

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-17-2021 12:30 AM

When did you say Client devices? is this a site-to-site VPN or remote access VPN?

 

how about considering ASAv for remote access VPN solution? CSR Router most cases used for Point to Point VPN,(not that i can not be used, its bit manual task, ) 

 

ASAv you can use ASDM and manage things as easily as - when you doing from remote.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

vault2002
Level 1
Level 1
In response to balaji.bandi

‎03-17-2021 03:02 PM

Hi,

 

The CSR's are for Point to Point VPN. (Essentially we will have 10-15 client Point to Point VPN's) and we will be supporting their client end devices via monitoring. Due to possible overlapping IP's we are investigating what the best possible NAT solution would be.

 

0 Helpful

calloes
Level 1
Level 1
In response to vault2002

‎03-17-2021 06:31 PM

We do most of our automation with Ansible, works reasonably well, have had a play with the API module but looks like a lot of work to implement hopefully someone will write a terraform module for it in the future.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to vault2002

‎03-18-2021 03:20 AM

ok then CSR is good to go, you need to look for overlap IP with NAT or if possible VRF.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents