Setting up a gateway on Cisco Routers

From 44Net Wiki
Revision as of 20:41, 29 February 2016 by 4Z4ZQ (talk | contribs)
Jump to navigation Jump to search

You can setup gateway on Cisco routers

Cisco support IPIP tunneling and that's what needed First of all you must have a Cisco Router (preferred from series 2600 and above) Preferred with two Ethernet cards (but can be done also with one Ethernet card) I will give example of one Ethernet card You have to assign the router Ethernet card the Commercial IP The command is :

int eth0  ip add <and here you give the ip of the commercial ip the router sit on (it can be also IP of a network the router sit on  (as long as  this IP is accessible to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP The command for router with 0ne ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to be able to do tunnel to the main AMPRNET router you do it because every ISP block IP's which is not belong to him (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG also to the outgoing traffic (for NON AMPR IP) To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established and to where the tunnel establish to (tunnel destination) it is a few commands here they are

interface tunnel0 tunnel source <here you put the router commercial IP> tunnel destination <here you put the AMPR.ORG main tunnel router IP> tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel Interface and not to route it just like that to the Internet (because as i Have said they will be probably blocked by the closest ISP you are connecting to the command to do it is ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router > (0.0.0.0 0.0.0.0 mean "everything) (will explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel This command override the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel The Command is : ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels) and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode in addition two route lines have to be added One is route command to route the specific 44 network of the gateway this tunnel deal to this tunnel and another is to allow the tunnel traffic to go thorough the internet so here is example from my router for doing tunnel to the main AMPR router and to one gateway somewhere in the world The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The part of tunnel74... have to duplicated to every 44 net gateway (of course with the corresponding ip of it) (currently about 4oo times

Leter on we will deal of how to create these tunnels lines configuration using a script that takes the info from the ENCAP.TXT file and convert it to Cisco config


interface Tunnel0

ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip

! interface Tunnel741916672

description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0

description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251 ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138 ip route 44.56.192.0 255.255.255.0 Tunnel741916672 ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138