03-13-2018 07:52 AM - edited 03-05-2019 10:05 AM
Hi Guys, I am new to the Cisco Router. I need some help from you experts badly.
I have a Cisco CSR 1000v launched on AWS. I have totally 4 interfaces say, eth1: 172.25.10.196 (Public Subnet) eth2: 172.25.20.10 (Private Subnet) L0: 90.204.xx.xx l1: 52.10.xx.xx.
I have an IPSec Tunnel to my Vendor which is UP. The problem here is I need to connect to the remote server via Loopback0 interface, i.e 90.204.216.21. However, I feel I am connecting via eth1. I am not sure how I can achieve this. As I researched over the internet. I think I need to setup NAT on a Stick. Basically, I need to connect to remote network 90.xx.xx.xx.xx via loopback interface i.e 90.204.xx xx
Any help would be much appreciated.
Thank you, Arul
03-13-2018 03:27 PM
Please check your encryption domain access list is allowed the loopback IP you want to source ?
also try to run "sh cry ipsec sa" to see the allowed traffic via the IPSec tunnel.
03-14-2018 11:19 PM - edited 03-14-2018 11:20 PM
Hi Ranil,
Sorry for the delayed response.
I don't think so if we have allowed the loopback IP in the access list.
We have allowed only l1 and eth1 IP addresses as follows.
access-list 141 permit gre host 52.10.105.195 host 193.29.78.5
access-list 141 permit gre host 172.25.10.196 host 193.29.78.5
Also, On running sh cry ipsec sa. I can see the local addr 172.25.10.196. Which is my eth1 ip address.
Here is think happening,
When i telnet <destination ip> <dest port> --> Not working
telnet <dest ip> <dest port> /source-interface l0 --> working
Please help me.
Thank you for your help.
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide