Hi, Do u have any NAT

Boat88888 · ‎06-16-2014

Information:
I have an Amazon VPC setup that is connected to another company's VPN. It's done with isakmp, bgp, gre, with two tunnels. I'm using the Cisco CSR1000V on Amazon, connected to it via Putty (SSH).

The router and tunnel setup all works correctly. From the router on my side (Amazon) I can ping any device over the tunnel successfully. Phase1/2/3 are all working correctly.

I can ping my router from the window servers but I can't ping across the tunnel from the windows server. I can ping the windows server from the router too.

Question:
What can I do to allow access across the tunnel for the windows server? It seems like it must be a router setting that I am missing.

Setup:

Here's a list of things that I've tried so far:
Adding the private IPs to the access-list
I've allowed all types of traffic to all sources/destinations on Amazon's firewall
I added static routing to 10.48.0.0 255.255.255.240 in the windows server to gateway 10.48.253.5

My IP address setup:

Router: 10.48.253.5
Windows server: 10.48.252.5
Across the tunnel device I'm trying to ping: 10.48.0.1
This is the IP I can ping from the router but not from the windows server

My subnets:

10.48.252.0/28
10.48.253.0/28
10.48.254.0/28 GRE#1
10.48.255.0/28 GRE#2

I've attached the router configuration and detailed interface configuration.

nkarthikeyan · ‎06-16-2014

Hi,

Do u have any NAT configuration which affects your LAN traffic. If so you may need to create the NAT exemption rule for the private ranges. All you need to create an no NAT rule and assign that to outside interface. There should not be a problem with routing since you are able to reach it from the router to end systems and from LAN to your router.

Hope this helps

Regards

Karthik

Can ping across tunnel from router but not from other pc/server behind tunnel