Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1082
Views
0
Helpful
5
Replies

Passing internet Traffic over GRE Tunnel

Go to solution
mudvayne15
Level 1
Level 1

‎01-13-2021 10:37 PM

Hi Everyone,

 

Need help on how to force the traffic from 10.10.10.1 AWS Server to the Internet over GRE tunnel

AWS-Cisco GRE.jpg

 

I have a tunnel established between AWS and Cisco and we have tested to route internet traffic over GRE but it did not go through. 

 

I have a default route to the internet and the other option that I have not tried is to create a route map. 

 

The configuration of the tunnel on cisco

!
interface Tunnel1
ip address 192.168.1.2 255.255.255.252
ip virtual-reassembly
ip tcp adjust-mss 1387
shutdown
tunnel source 2.2.2.2
tunnel destination 3.3.3.3
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsec-vpn-243c4476-1
!

ip route 0.0.0.0 0.0.0.0 172.31.1.2

The route map below is I haven't tried yet, do you have other suggestions to do this?

 

access-list 110 permit ip 10.10.10.1 255.255.255.255

!
route-map AWS_To_Internet permit 50
match ip address 110
set ip next-hop 172.31.1.1
!
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to mudvayne15

‎01-14-2021 12:13 AM

Hello,

 

the route map you initially had in mind could be an option. Use that in combination with policy routing (applied to the physical interface connecting the 4431 to AWS. This should look something like below:

 

access-list 110 permit ip host 10.10.10.1 any
!
route-map AWS_To_Internet permit 50
match ip address 110
set ip next-hop 172.31.1.2
!
interface GigabitEthernet0/0
description Link to AWS
ip policy route-map AWS_To_Internet

View solution in original post

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-14-2021 01:06 AM

Hello

Your config looks fine, just append the policy based route-map to the lan interface that you acl host reside in

int x/x
Description lan host subnet
ip policy route-map xxx


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎01-13-2021 11:00 PM

Hello,

 

is the traffic from AWS actually arriving at your 4431 router ? The default route should be sufficient, provided you have all the NAT configuration in place.

 

Post the full running configuration (sh run) of the 4431.

0 Helpful

Go to solution
mudvayne15
Level 1
Level 1
In response to Georg Pauwen

‎01-13-2021 11:28 PM

Hi Georg, 

 

Thanks for getting back to me, the traffic between the tunnel is good. The only thing we want is that 1 server to only access the Internet, since there are a bunch of servers on the AWS side. I might have not showed the completed diagram but on the Cisco side, there is another router as well.

 

Aside from adding NAT, is there anything else that we can do on this?

 

AWS-Cisco GRE.jpg

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to mudvayne15

‎01-14-2021 12:13 AM

Hello,

 

the route map you initially had in mind could be an option. Use that in combination with policy routing (applied to the physical interface connecting the 4431 to AWS. This should look something like below:

 

access-list 110 permit ip host 10.10.10.1 any
!
route-map AWS_To_Internet permit 50
match ip address 110
set ip next-hop 172.31.1.2
!
interface GigabitEthernet0/0
description Link to AWS
ip policy route-map AWS_To_Internet

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-14-2021 01:06 AM

Hello

Your config looks fine, just append the policy based route-map to the lan interface that you acl host reside in

int x/x
Description lan host subnet
ip policy route-map xxx


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
mudvayne15
Level 1
Level 1

‎01-14-2021 03:47 PM

Thank you everyone, I will try it and let you know the results.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card