AWS (NOT VPC) / VyOS / Cisco (GRE? VTI?)


#1

Hi,

I currently co-locate servers with a /24 assigned to them. Hardware issues are forcing me to consider AWS (I know, it brings its own set of issues).

What I’d LIKE to do is NOT spend $$ on a VPC, but on the AWS side have an EIP assigned to my VyOS instance for its “outside” interface (could be loopback/etc), and another “inside” interface.

On the Cisco side I’d like to be able to get that to have a link (VTI? GRE? But definitely ipsec) to that VyOS instance and push my /24 across and 1:1 NAT.

Pretty much every reference I find talks about just doing the Cisco to an Amazon VPC, or using your VyOS to connect to a foreign AWS VPC. I did find one that was exactly what I wanted, but it didn’t work and the author didn’t have the time to discuss why. (Cisco side kept complaining of no “crypto map” in Phase 2 IPSEC negotiation).

Has anyone actually done something like this, especially with the tricky fact that the public IP for the AWS/VyOS side isn’t actually bound ON the VyOS instance itself, its a “NAT”.