Well, my idea is to connect to 4
CSR 1000v routers in different VPC (without VPC peering).
I've basically finished with everything with the pre-configuration creating VPCs, subnets IGW, modifying Route Tables ... etc. Then, using
IPsec over GRE tunnels, the 4 instances can see each other. (Thanks to @MLu for suggesting this idea).
After having 4 instances and each of them their Primary Network Interfaces is associated with public IP addresses (
18.104.22.168 is for
22.214.171.124 is for
CSR2). I saw this video where I almost have the same configuration YouTube Video link. I started to configure the tunnel between 2
CSRs 1000v routers, where I created an interface inside the router called
Tunnel 0 with its source interface which is here
GigabitEthernet 1 so my configuration is the following:
CSR1(config)#interface tunnel 0
CSR1(config-if)#tunnel source GigabitEthernet 1
CSR1(config-if)#tunnel destination 126.96.36.199
CSR2(config)#interface tunnel 0
CSR2(config-if)#tunnel source GigabitEthernet 1
CSR2(config-if)#tunnel destination 188.8.131.52
Then I configured the IP addresses of these both tunnels' interfaces as it shows in the figure below.
CSR1(config)#int tun 0
CSR1(config-if)#ip address 10.10.1.2 255.255.255.252
CSR2(config)#int tun 0
CSR2(config-if)#ip address 10.10.1.1 255.255.255.252
My problem now is that the status of these tunnels' interfaces are
down as it shows
show ip int br:
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 184.108.40.206 YES DHCP up up
Tunnel0 10.10.1.1 YES manual up down
VirtualPortGroup0 192.168.35.101 YES NVRAM up up
I realized that I have to create a subnet for the tunnel which I did at the end
10.10.1.0/28 then I created other interfaces in all instances but I was not allowed to associate it with a public IP address because
The maximum number of addresses has been reached. in order to change GRE tunnel configuration.
My idea was to attach those new interfaces with a generated public IP address then I will get a new interface which is
GigabitEthernet 2 obviously, and I continue the configuration using this new interface
GigabitEthernet 2 instead of
Tunnel 0, but I'm not allowed to create more
Elastic addresses. I'm not sure if I am on the right track.