Skip to main content

How to create interfaces for CSR 1000v for GRE tunnels? [Resolved]

Well, my idea is to connect to 4 CSR 1000v routers in different VPC (without VPC peering). I've basically finished with everything with the pre-configuration creating VPCs, subnets IGW, modifying Route Tables ... etc. Then, using IPsec over GRE tunnels, the 4 instances can see each other. (Thanks to @MLu for suggesting this idea).

After having 4 instances and each of them their Primary Network Interfaces is associated with public IP addresses ( is for CSR1 and is for CSR2). I saw this video where I almost have the same configuration YouTube Video link. I started to configure the tunnel between 2 CSRs 1000v routers, where I created an interface inside the router called Tunnel 0 with its source interface which is here GigabitEthernet 1 so my configuration is the following:

CSR1(config)#interface tunnel 0
CSR1(config-if)#tunnel source GigabitEthernet 1
CSR1(config-if)#tunnel destination

CSR2(config)#interface tunnel 0
CSR2(config-if)#tunnel source GigabitEthernet 1
CSR2(config-if)#tunnel destination

Then I configured the IP addresses of these both tunnels' interfaces as it shows in the figure below.

CSR1(config)#int tun 0
CSR1(config-if)#ip address

CSR2(config)#int tun 0
CSR2(config-if)#ip address

enter image description here

My problem now is that the status of these tunnels' interfaces are down as it shows show ip int br:

Interface              IP-Address      OK? Method Status           Protocol
GigabitEthernet1      YES DHCP   up                  up
Tunnel0             YES manual up                 down    
VirtualPortGroup0  YES NVRAM  up                  up      

I realized that I have to create a subnet for the tunnel which I did at the end then I created other interfaces in all instances but I was not allowed to associate it with a public IP address because The maximum number of addresses has been reached. in order to change GRE tunnel configuration.

My idea was to attach those new interfaces with a generated public IP address then I will get a new interface which is GigabitEthernet 2 obviously, and I continue the configuration using this new interface GigabitEthernet 2 instead of Tunnel 0, but I'm not allowed to create more Elastic addresses. I'm not sure if I am on the right track.

Question Credit: Khalil Mebarkia
Question Reference
Asked June 14, 2019
Posted Under: Network
1 Answers

Either VPC peering or Transit Gateway must be set between both VPCs in order to run GRE tunnel.

credit: Khalil Mebarkia
Answered June 14, 2019
Your Answer