09-10-2018 12:58 AM
I have just installed a CSR into Amazon AWS and have a query on routing between VPCs.
There is a Public VPC with the CSR Outside interface in and a private VPC with a test server.
The CSR is fully integrated into our private DMVPN and that side seems to be working OK and the CSR can ping the test server.
The issue is that our remote sites can not ping the test server. The routes for the private VPC subnet are advertised out in DMVPN.
I understand that we don’t want the private VPC to route directly through the public VPC as that is not how AWS is supposed to work.
I am guessing the CSR is seeing the server through this interface –
interface VirtualPortGroup0
vrf forwarding GS
ip address 192.168.55.101 255.255.255.0
ip nat inside
and the rest of the config that is relevant
interface GigabitEthernet1
ip address dhcp
ip nat outside
negotiation auto
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 10.180.100.1
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 10.180.100.1 global
ip access-list standard GS_NAT_ACL
permit 192.168.35.0 0.0.0.255
Can anyone help with the routing to this server ?
09-10-2018 01:41 AM - edited 09-10-2018 01:44 AM
09-10-2018 06:16 AM
Thanks, that has given me some other options to try. I have now assigned another interface to the CSR, which is in the private VPC.
It is still not working, as I suspect the test server config is still not 100% (not under my control).
Have a meeting with AWS later on to discuss the issue.
09-10-2018 06:19 AM
From personal experience, AWS support is pretty good.
Should help resolve the issue.
09-10-2018 02:02 AM
Hello,
off the top of my head, I think you need to add the route below:
ip route 192.168.55.0 255.255.255.0 VirtualPortGroup0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide