Skip to main content

How to create interfaces for CSR 1000v for GRE tunnels? [Resolved]

Well, my idea is to connect to 4 CSR 1000v routers in different VPC (without VPC peering). I've basically finished with everything with the pre-configuration creating VPCs, subnets IGW, modifying Route Tables ... etc. Then, using IPsec over GRE tunnels, the 4 instances can see each other. (Thanks to @MLu for suggesting this idea).

After having 4 instances and each of them their Primary Network Interfaces is associated with public IP addresses (52.37.168.182 is for CSR1 and 3.41.68.82 is for CSR2). I saw this video where I almost have the same configuration YouTube Video link. I started to configure the tunnel between 2 CSRs 1000v routers, where I created an interface inside the router called Tunnel 0 with its source interface which is here GigabitEthernet 1 so my configuration is the following:

CSR1(config)#interface tunnel 0
CSR1(config-if)#tunnel source GigabitEthernet 1
CSR1(config-if)#tunnel destination 52.37.168.182

CSR2(config)#interface tunnel 0
CSR2(config-if)#tunnel source GigabitEthernet 1
CSR2(config-if)#tunnel destination 3.41.68.82

Then I configured the IP addresses of these both tunnels' interfaces as it shows in the figure below.

CSR1(config)#int tun 0
CSR1(config-if)#ip address 10.10.1.2 255.255.255.252

CSR2(config)#int tun 0
CSR2(config-if)#ip address 10.10.1.1 255.255.255.252

enter image description here

My problem now is that the status of these tunnels' interfaces are down as it shows show ip int br:

Interface              IP-Address      OK? Method Status           Protocol
GigabitEthernet1       172.0.1.10      YES DHCP   up                  up
Tunnel0                10.10.1.1       YES manual up                 down    
VirtualPortGroup0      192.168.35.101  YES NVRAM  up                  up      

I realized that I have to create a subnet for the tunnel which I did at the end 10.10.1.0/28 then I created other interfaces in all instances but I was not allowed to associate it with a public IP address because The maximum number of addresses has been reached. in order to change GRE tunnel configuration.

My idea was to attach those new interfaces with a generated public IP address then I will get a new interface which is GigabitEthernet 2 obviously, and I continue the configuration using this new interface GigabitEthernet 2 instead of Tunnel 0, but I'm not allowed to create more Elastic addresses. I'm not sure if I am on the right track.


Question Credit: Khalil Mebarkia
Question Reference
Asked June 14, 2019
Posted Under: Network
27 views
1 Answers

Either VPC peering or Transit Gateway must be set between both VPCs in order to run GRE tunnel.


credit: Khalil Mebarkia
Answered June 14, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA