Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
2
Replies

Cisco CSR in AWS with GRE/IPsec Tunnel

dbrossart1
Level 1
Level 1

‎02-24-2016 01:18 PM - edited ‎03-05-2019 03:25 AM

I posted this as a reply to another discussion, but I thought it would be better separate.

We have a Cisco CSR 1000 as an AWS EC2 instance with two interfaces.  We have a tunnel setup with a customer.  We have an AWS server that can communicate with the local (inside) interface.  There is a device that is connected to the customer network that we need that device to communicate to the server and vice versa. 

CSR:

GigabitEthernet1      172.31.61.118/24 DHCP

GigabitEthernet2      172.31.43.254/20 Static

Tunnel0                     192.168.0.2/30

Tunnel0 Source       172.31.61.118

IP Route

Gateway of last resort is 172.31.61.1 to network 0.0.0.0

S*   0.0.0.0/0 [254/0] via 172.31.61.1

     100.0.0.0/23 is subnetted, 1 subnets

B       100.126.16.0 [20/0] via 192.168.0.1, 01:00:47

     172.31.0.0/16 is variably subnetted, 4 subnets, 3 masks

C       172.31.32.0/20 is directly connected, GigabitEthernet2

L       172.31.43.254/32 is directly connected, GigabitEthernet2

C       172.31.61.0/24 is directly connected, GigabitEthernet1

L       172.31.61.118/32 is directly connected, GigabitEthernet1

     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks

C       192.168.0.0/30 is directly connected, Tunnel0

L       192.168.0.2/32 is directly connected, Tunnel0

Server:

Ethernet 1                 172.31.33.203/20 gw 172.31.32.1

Device:

Ethernet 1                 100.126.16.1/23


Currently, this is what's happening:

I can ping the 172.31.33.203 via 172.31.43.254 on the CSR and vice versa.

I can't ping the 172.31.33.203 via 172.31.61.118 on the CSR and vice versa.

I can ping the 192.168.0.0/30 IPs via 172.31.43.254 on the CSR

I can’t ping the 192.168.0.0/30 IPs via 172.31.61.118 on the CSR

I can’t ping the 192.168.0.0/30 IPs via 172.31.33.203

I can’t ping 100.126.16.1 from anywhere in AWS

The device 100.126.16.1 can ping 172.31.43.254, but nothing else.

 

Is there some static routes that I’m needing to implement in AWS to get this to work?

 

I’m not very familiar with Cisco and less familiar with AWS networking.

 

Any help would be greatly appreciated!

 

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-26-2016 12:21 AM

It almost sounds like routing is turned off.  Try adding this to the config:

ip routing
0 Helpful

dbrossart1
Level 1
Level 1
In response to Philip D'Ath

‎03-01-2016 01:20 PM

I added that, but was still unable to ping through any interface on the router.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card