Dear Jessie Thank for the config it is very close to what i have done I didnt use loopback and also didnt use tunnel source statement
from the two following route lines ip route 0.0.0.0 0.0.0.0 24.229.88.254
ip route 44.0.0.0 255.0.0.0 Tunnel1
May i assume that if a client on your 44 segment want to gain acess a host on the internet say google.com (which have non 44 net adress ) it wil be routed direct to the ISP without tunnel and since it has a 44 net source ip it will be probebly be filter by the ISP and therefore it will not be able to be reached to the destination ? if thats true how it can be overcome ? i want to give 44 network users acess to not only 44 network worldwide and more important to be able to reach these 44 net hosts from non 44 net IP (example is from work) Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org
----- Original Message ----- From: "Jesse Hindmarsh" jesse@hindmarsh.cc To: "44Net@hamradio.ucsd.edu" 44net@hamradio.ucsd.edu Sent: Monday, December 28, 2015 9:00 PM Subject: Re: [44net] Using Cisco Router as a gateway ?
(Please trim inclusions from previous messages) _______________________________________________ Rouen,
I hope I have enough in the config as I stripped a lot out to send this to you. I am currently using a 3625 router and using it as a CME, DMVPN, and PPTP server as well as an AMPRNet gateway. I have the 44.56.192.0 255.255.254.0 subnet allocated to me. I am not sure if I have the route maps and route configuration setup correctly as I have my remote DMVPN endpoints shut down now and cannot troubleshoot. When you are testing, you should be able to ping 44.56.193.1 and telnet to that address as well. I have included notes below:
ip name-server 44.64.192.254 <— DNS servers ip name-server 44.56.192.254
interface Loopback0 ip address 44.56.193.1 255.255.255.0 <— Using one of my subnet addresses for Loopback0 ! interface Tunnel1 <— Tunnel1 connecting to the AMPRNet gateway for all other traffic description Default AMPRNet tunnel ip unnumbered Loopback0 ip tcp adjust-mss 1360 tunnel source 24.229.88.253 tunnel destination 169.228.66.251 tunnel mode ipip
! !
interface FastEthernet0/0 <— Outside interface pointing to my ISP (static IP) ip address 24.229.88.253 255.255.255.240 ip mtu 1400 load-interval 30 duplex auto speed auto
! !
interface FastEthernet0/1 <— Inside interface for devices on my network ip address 44.56.192.254 255.255.255.240 load-interval 30 duplex auto speed auto
! This section was omitted and is generated by the encapconvertnew.pl script ! ! TUNNEL INTERFACES HERE !
ip local policy route-map NET44-ROUTE-MAP <— Route Map to force local generated traffic to Tunnel1 interface
ip route 0.0.0.0 0.0.0.0 24.229.88.254 <— default route to ISP ip route 44.0.0.0 255.0.0.0 Tunnel1 <— route for all 44.0.0.0 traffic not specified by a configured Interface/Route entry
! ! This section was omitted and is generated by the encapconvertnew.pl script ! ! ROUTE STATEMENTS HERE !
ip access-list extended NET44-PBR <- Route map ACL for local generated traffic and other interfaces as needed permit ip any 44.0.0.0 0.255.255.255 permit ip 44.0.0.0 0.255.255.255 any ! route-map NET44-ROUTE-MAP permit 10 <- Route map for local generated traffic and other interfaces as needed match ip address NET44-PBR set default interface Tunnel1
! ! ! end
Thanks Jesse - WC3XS
On 12/28/15, 1:19 PM, "44Net on behalf of Drorap" <44net-bounces+jesse=hindmarsh.cc@hamradio.ucsd.edu on behalf of drorap@netvision.net.il> wrote:
(Please trim inclusions from previous messages) _______________________________________________ If your Gateway is a CISCO router may you please send me the config file dealing with the interfaces ? (the Ethernet and the Tunnel ) ? and the route commands so can take it as a reference ? Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org
----- Original Message ----- From: "Jesse Hindmarsh" jesse@hindmarsh.cc To: "44Net@hamradio.ucsd.edu" 44net@hamradio.ucsd.edu Sent: Monday, December 28, 2015 5:30 AM Subject: Re: [44net] Using Cisco Router as a gateway ?
(Please trim inclusions from previous messages) _______________________________________________ My apologies, I am using a different script. That one I sent was not correct…
Use http://ah6bw.ampr.org/encapconvertnew.pl
Thanks Jesse - WC3XS
On 12/27/15, 10:25 PM, "44Net on behalf of Jesse Hindmarsh" <44net-bounces+jesse=hindmarsh.cc@hamradio.ucsd.edu on behalf of jesse@hindmarsh.cc> wrote:
(Please trim inclusions from previous messages) _______________________________________________ Going with Linux is definitely easier day to day, but I still use a Cisco router. I am using a slightly modified script from KY9J that works well. I start out with a saved base config on my router, then apply the config generated by the script provided by KY9J. I don’t save the config after that as it is too cumbersome to remove all the config before applying a new config.
The website for the script is http://www.ky9j.com/tools/ and the file is encapconvert.pl
Thanks Jesse - WC3XS
On 12/27/15, 3:10 PM, "44Net on behalf of Rob Janssen" <44net-bounces+jesse=hindmarsh.cc@hamradio.ucsd.edu on behalf of pe1chl@amsat.org> wrote:
(Please trim inclusions from previous messages) _______________________________________________
Subject: [44net] Using Cisco Router as a gateway ? From: Drorap drorap@netvision.net.il Date: 12/26/2015 10:22 PM
To: AMPRNet working group 44net@hamradio.ucsd.edu
Hi there I have started to config a Cisco rouer to serve as a gateway for the AMPRNET I put in the command the following lines
interface Tunnel0 ip unnumbered Ethernet0 no ip directed-broadcast tunnel source Ethernet0 tunnel destination 132.239.255.131 tunnel mode ipip
Unfortunately due to the way tunnels work in Cisco and other commercial routers you will need to repeat that 300 times with different destinations and setup 500 routes to route the traffic, and repeat that regularly because the destinations and routes change all the time.
With a Linux system instead of the Cisco you can automate that very easily. There are possibilities to automate it on the Cisco (see that link Steve gave you) but still it will be a lot easier to just use a Raspberry Pi or other small Linux system.
Rob