Well, my idea is to connect to 4 CSR 1000v routers in different VPC (without VPC peering).
I've basically finished with everything with the pre-configuration creating VPCs, subnets IGW, modifying Route Tables … etc. Then, using IPsec over GRE tunnels, the 4 instances can see each other. (Thanks to @MLu for suggesting this idea How to do routing between the instances in AWS using Route Table?
).
After having 4 instances and each of them their Primary Network Interfaces is associated with public IP addresses (52.37.168.182 is for CSR1 and 3.41.68.82 is for CSR2). I saw this video where I almost have the same configuration YouTube Video link. I started to configure the tunnel between 2 CSRs 1000v routers, where I created an interface inside the router called Tunnel 0 with its source interface which is here GigabitEthernet 1 so my configuration is the following:
CSR1(config)#interface tunnel 0
CSR1(config-if)#tunnel source GigabitEthernet 1
CSR1(config-if)#tunnel destination 52.37.168.182
CSR2(config)#interface tunnel 0
CSR2(config-if)#tunnel source GigabitEthernet 1
CSR2(config-if)#tunnel destination 3.41.68.82
Then I configured the IP addresses of these both tunnels' interfaces as it shows in the figure below.
CSR1(config)#int tun 0
CSR1(config-if)#ip address 10.10.1.2 255.255.255.252
CSR2(config)#int tun 0
CSR2(config-if)#ip address 10.10.1.1 255.255.255.252
My problem now is that the status of these tunnels' interfaces are down as it shows show ip int br:
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 172.0.1.10 YES DHCP up up
Tunnel0 10.10.1.1 YES manual up down
VirtualPortGroup0 192.168.35.101 YES NVRAM up up
I realized that I have to create a subnet for the tunnel which I did at the end 10.10.1.0/28 then I created other interfaces in all instances.
My idea is to attach those new interfaces with a generated public IP address then I will get a new interface which is GigabitEthernet 2 obviously, and I continue the configuration using this new interface GigabitEthernet 2 instead of Tunnel 0. Can I do the same configuration for tunnels in GigabitEthernet interfaces? I'm not sure if I am on the right track.
Best Answer
I sort the problem out. When setting up the public for the interface source, GRE tunneling is mixing up with the NAT. Therefore, I used IPIP mode, and the problem is solved.