Setting up a gateway on Cisco Routers: Difference between revisions

You can setup gateway on Cisco routers

Cisco support IPIP tunneling and that's what needed

First of all you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

I will give example of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0  ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on  (as long as  this IP is accessible 
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with 0ne ethernet card is:

int eth0  ip add <the AMPR IP > <the netmask of the network > secondary
 

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of his network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination) it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put  the AMPR.ORG main tunnel router IP>
tunnel mode ipip   (this command is to tell the tunnel (cisco support lot of tunneling types) which  mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your  router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels) and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically mainly because alot of gateway sit on dynamic ip and because the tunnel ip as a result change you may loose the tunnel to these gateways in order to be "updated" it is needed to take the new encap file periodically and put it into the cisco roouter