Setting up a gateway on Cisco Routers: Difference between revisions

From 44Net Wiki
Jump to navigation Jump to search
4Z4ZQ (talk | contribs)
No edit summary
4Z4ZQ (talk | contribs)
No edit summary
Line 2: Line 2:


Cisco  support  IPIP  tunneling and that's what needed
Cisco  support  IPIP  tunneling and that's what needed
First of all you must have a Cisco Router  (preferred from  series 2600  and  above)
First of all you must have a Cisco Router  (preferred from  series 2600  and  above)
Preferred with two  Ethernet cards (but can be done also with one Ethernet card)
Preferred with two  Ethernet cards (but can be done also with one Ethernet card)
I  will give example of  one Ethernet card  
I  will give example of  one Ethernet card  
You have to assign the router Ethernet card the Commercial IP   
You have to assign the router Ethernet card the Commercial IP   
The command is :
The command is :
  int eth0  ip add <and here you give the ip of the commercial ip the router sit on (it can be also IP of a network the router sit on  (as long as  this IP is accessible to the outside world))> <The NetMask of the network>
 
  int eth0  ip add <and here you give the ip of the commercial ip the router sit on (it can  
be also IP of a network the router sit on  (as long as  this IP is accessible to the outside world))> <The NetMask of the network>


Then you have to assign the 44 Net IP   
Then you have to assign the 44 Net IP   
The command for  router with 0ne ethernet card is:
The command for  router with 0ne ethernet card is:


Line 15: Line 23:
    
    
Now you have to add some  tunneling command to be able to do tunnel to  the main  AMPRNET router  you do it because every ISP  block  IP's which is not belong to him (and 44 net is not belong to any  ISP) so in order to allow the 44 Net Packet to gain  access to the outside world  you need to do a tunnel to the AMPR.ORG  also to the  outgoing  traffic (for NON AMPR IP)
Now you have to add some  tunneling command to be able to do tunnel to  the main  AMPRNET router  you do it because every ISP  block  IP's which is not belong to him (and 44 net is not belong to any  ISP) so in order to allow the 44 Net Packet to gain  access to the outside world  you need to do a tunnel to the AMPR.ORG  also to the  outgoing  traffic (for NON AMPR IP)
To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established and to where the tunnel establish to  (tunnel destination)
To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established and to where the tunnel establish to  (tunnel destination)
it is a few commands  here they are
it is a few commands  here they are
Line 23: Line 32:
tunnel mode ipip  (this command is to tell the tunnel (cisco support lot of tunneling types) which  mode to use
tunnel mode ipip  (this command is to tell the tunnel (cisco support lot of tunneling types) which  mode to use


In addition you must tell  the router to pass all the  outgoing 44 Net Traffic to the tunnel Interface and not to route it just like that to the  Internet  (because as i Have said they will be probably  blocked by the  closest ISP you are connecting to   
In addition you must tell  the router to pass all the  outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the  Internet  (because as i Have said they will be probably  blocked by the  closest ISP you are connecting to   
the command to do it is   
 
The command to do it is   
 
ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router > (0.0.0.0 0.0.0.0  mean "everything)  (will explained latter)
ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router > (0.0.0.0 0.0.0.0  mean "everything)  (will explained latter)


Another important command is a command to let the traffic from the router  to the main ampr.org router to pass their IP not via a tunnel (this important to establish  tunnel   
Another important command is a command to let the traffic from the router  to the main ampr.org router to pass their IP not via a tunnel (this important to establish  tunnel   
This command override the "everything" route command  described before and say to the router  pass the traffic  belong to the other side of the tunnel  
This command override the "everything" route command  described before and say to the router  pass the traffic  belong to the other side of the tunnel  
The Command is :  
The Command is :  
ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your  router commercial IP>
 
ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your  router commercial  
IP>


This  are the minimum  Commands to be able to route your  inside 44  Net ip to the outside world (but not to any  other 44 net  networks worldwide)
This  are the minimum  Commands to be able to route your  inside 44  Net ip to the outside world (but not to any  other 44 net  networks worldwide)
Line 36: Line 51:
In order to route your traffic  to other 44 net gateways  you need to build  a tunnel interface to every gateway  (unlike JNOS that one tunnel deal with all  tunnels)
In order to route your traffic  to other 44 net gateways  you need to build  a tunnel interface to every gateway  (unlike JNOS that one tunnel deal with all  tunnels)
and the tunnel  have to have a tunnel source  tunnel destination  (as explained above ) and tunnel  mode
and the tunnel  have to have a tunnel source  tunnel destination  (as explained above ) and tunnel  mode
in addition two route lines have to  be added   
 
In addition two route lines have to  be added   
 
One is route command to route the specific 44 network of the gateway  this tunnel deal  to this  tunnel   
One is route command to route the specific 44 network of the gateway  this tunnel deal  to this  tunnel   
and another is to allow the tunnel traffic to go thorough  the internet   
 
so here is example from my  router  for doing tunnel to the main  AMPR router and to  one gateway  somewhere in the world
And another is to allow the tunnel traffic to go thorough  the internet   
 
Enclosed is example from my  router  for doing tunnel to the main  AMPR router and to  one gateway  somewhere in the world
 
The tunnel0 interface is the Main AMPR.ORG  router  and the tunnel with 741916672 is one tunnel to a gateway  
The tunnel0 interface is the Main AMPR.ORG  router  and the tunnel with 741916672 is one tunnel to a gateway  


The part of tunnel74... have to duplicated to every 44 net gateway  (of course with the corresponding ip of it) (currently about 4oo times
The part of tunnel74... have to duplicated to every 44 net gateway  (of course with the corresponding ip of it) (currently about 4oo times


Leter on we will deal of how to create these tunnels  lines configuration  using a script  
Later on we will deal of how to create these tunnels  lines configuration  using a script  
that takes the info from the ENCAP.TXT  file and convert it to  Cisco config
that takes the info from the ENCAP.TXT  file and convert it to  Cisco config



Revision as of 20:45, 29 February 2016

You can setup gateway on Cisco routers

Cisco support IPIP tunneling and that's what needed

First of all you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

I will give example of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0  ip add <and here you give the ip of the commercial ip the router sit on (it can 

be also IP of a network the router sit on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with 0ne ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to be able to do tunnel to the main AMPRNET router you do it because every ISP block IP's which is not belong to him (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG also to the outgoing traffic (for NON AMPR IP)

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established and to where the tunnel establish to (tunnel destination) it is a few commands here they are

interface tunnel0 tunnel source <here you put the router commercial IP> tunnel destination <here you put the AMPR.ORG main tunnel router IP> tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as i Have said they will be probably blocked by the closest ISP you are connecting to

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router > (0.0.0.0 0.0.0.0 mean "everything) (will explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel

This command override the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels) and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal to this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from my router for doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The part of tunnel74... have to duplicated to every 44 net gateway (of course with the corresponding ip of it) (currently about 4oo times

Later on we will deal of how to create these tunnels lines configuration using a script that takes the info from the ENCAP.TXT file and convert it to Cisco config


interface Tunnel0

ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip

! interface Tunnel741916672

description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0

description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251 ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138 ip route 44.56.192.0 255.255.255.0 Tunnel741916672 ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138