My apologies, I am using a different script. That one I sent was not correct… Use http://ah6bw.ampr.org/encapconvertnew.pl Thanks Jesse - WC3XS On 12/27/15, 10:25 PM, "44Net on behalf of Jesse Hindmarsh" <44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of jesse(a)hindmarsh.cc> wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >Going with Linux is definitely easier day to day, but I still use a Cisco router. I am using a slightly modified script from KY9J that works well. I start out with a saved base config on my router, then apply the config generated by the script provided by KY9J. I don’t save the config after that as it is too cumbersome to remove all the config before applying a new config. > >The website for the script is http://www.ky9j.com/tools/ and the file is encapconvert.pl > >Thanks >Jesse - WC3XS > > > > > > >On 12/27/15, 3:10 PM, "44Net on behalf of Rob Janssen" <44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of pe1chl(a)amsat.org> wrote: > >>(Please trim inclusions from previous messages) >>_______________________________________________ >>> Subject: >>> [44net] Using Cisco Router as a gateway ? >>> From: >>> Drorap <drorap(a)netvision.net.il> >>> Date: >>> 12/26/2015 10:22 PM >>> >>> To: >>> AMPRNet working group <44net(a)hamradio.ucsd.edu> >>> >>> >>> Hi there >>> I have started to config a Cisco rouer to serve as a gateway for the AMPRNET >>> I put in the command the following lines >>> >>> interface Tunnel0 >>> ip unnumbered Ethernet0 >>> no ip directed-broadcast >>> tunnel source Ethernet0 >>> tunnel destination 132.239.255.131 >>> tunnel mode ipip >> >>Unfortunately due to the way tunnels work in Cisco and other commercial routers you will >>need to repeat that 300 times with different destinations and setup 500 routes to route the >>traffic, and repeat that regularly because the destinations and routes change all the time. >> >>With a Linux system instead of the Cisco you can automate that very easily. There are >>possibilities to automate it on the Cisco (see that link Steve gave you) but still it will be a lot >>easier to just use a Raspberry Pi or other small Linux system. >> >>Rob >>

Rouen, I hope I have enough in the config as I stripped a lot out to send this to you. I am currently using a 3625 router and using it as a CME, DMVPN, and PPTP server as well as an AMPRNet gateway. I have the 44.56.192.0 255.255.254.0 subnet allocated to me. I am not sure if I have the route maps and route configuration setup correctly as I have my remote DMVPN endpoints shut down now and cannot troubleshoot. When you are testing, you should be able to ping 44.56.193.1 and telnet to that address as well. I have included notes below: ****************************************************************************************** ip name-server 44.64.192.254 <— DNS servers ip name-server 44.56.192.254 interface Loopback0 ip address 44.56.193.1 255.255.255.0 <— Using one of my subnet addresses for Loopback0 ! interface Tunnel1 <— Tunnel1 connecting to the AMPRNet gateway for all other traffic description Default AMPRNet tunnel ip unnumbered Loopback0 ip tcp adjust-mss 1360 tunnel source 24.229.88.253 tunnel destination 169.228.66.251 tunnel mode ipip ! ! interface FastEthernet0/0 <— Outside interface pointing to my ISP (static IP) ip address 24.229.88.253 255.255.255.240 ip mtu 1400 load-interval 30 duplex auto speed auto ! ! interface FastEthernet0/1 <— Inside interface for devices on my network ip address 44.56.192.254 255.255.255.240 load-interval 30 duplex auto speed auto ! This section was omitted and is generated by the encapconvertnew.pl script ! ! TUNNEL INTERFACES HERE ! ip local policy route-map NET44-ROUTE-MAP <— Route Map to force local generated traffic to Tunnel1 interface ip route 0.0.0.0 0.0.0.0 24.229.88.254 <— default route to ISP ip route 44.0.0.0 255.0.0.0 Tunnel1 <— route for all 44.0.0.0 traffic not specified by a configured Interface/Route entry ! ! This section was omitted and is generated by the encapconvertnew.pl script ! ! ROUTE STATEMENTS HERE ! ip access-list extended NET44-PBR <- Route map ACL for local generated traffic and other interfaces as needed permit ip any 44.0.0.0 0.255.255.255 permit ip 44.0.0.0 0.255.255.255 any ! route-map NET44-ROUTE-MAP permit 10 <- Route map for local generated traffic and other interfaces as needed match ip address NET44-PBR set default interface Tunnel1 ! ! ! end ***************************************************************************************** Thanks Jesse - WC3XS On 12/28/15, 1:19 PM, "44Net on behalf of Drorap" &lt;44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of drorap(a)netvision.net.il&gt; wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >If your Gateway is a CISCO router may you please send me the config file >dealing with the interfaces ? (the Ethernet and the Tunnel ) ? and the >route commands so can take it as a reference ? >Thanks Forward >Ronen - 4Z4ZQ >http://www.ronen.org > >----- Original Message ----- >From: "Jesse Hindmarsh" &lt;jesse(a)hindmarsh.cc&gt; >To: &quot;44Net(a)hamradio.ucsd.edu&quot; &lt;44net(a)hamradio.ucsd.edu&gt; >Sent: Monday, December 28, 2015 5:30 AM >Subject: Re: [44net] Using Cisco Router as a gateway ? > > >> (Please trim inclusions from previous messages) >> _______________________________________________ >> My apologies, I am using a different script. That one I sent was not >> correct… >> >> Use http://ah6bw.ampr.org/encapconvertnew.pl >> >> Thanks >> Jesse - WC3XS >> >> >> >> >> On 12/27/15, 10:25 PM, "44Net on behalf of Jesse Hindmarsh" >> &lt;44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of >> jesse(a)hindmarsh.cc&gt; wrote: >> >>>(Please trim inclusions from previous messages) >>>_______________________________________________ >>>Going with Linux is definitely easier day to day, but I still use a Cisco >>>router. I am using a slightly modified script from KY9J that works well. >>>I start out with a saved base config on my router, then apply the config >>>generated by the script provided by KY9J. I don’t save the config after >>>that as it is too cumbersome to remove all the config before applying a >>>new config. >>> >>>The website for the script is http://www.ky9j.com/tools/ and the file is >>>encapconvert.pl >>> >>>Thanks >>>Jesse - WC3XS >>> >>> >>> >>> >>> >>> >>>On 12/27/15, 3:10 PM, "44Net on behalf of Rob Janssen" &gt;&gt;&gt;&lt;44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of &gt;&gt;&gt;pe1chl(a)amsat.org&gt; wrote: >>> >>>>(Please trim inclusions from previous messages) >>>>_______________________________________________ >>>>> Subject: >>>>> [44net] Using Cisco Router as a gateway ? >>>>> From: >>>>> Drorap &lt;drorap(a)netvision.net.il&gt; >>>>> Date: >>>>> 12/26/2015 10:22 PM >>>>> >>>>> To: >>>>> AMPRNet working group &lt;44net(a)hamradio.ucsd.edu&gt; >>>>> >>>>> >>>>> Hi there >>>>> I have started to config a Cisco rouer to serve as a gateway for the >>>>> AMPRNET >>>>> I put in the command the following lines >>>>> >>>>> interface Tunnel0 >>>>> ip unnumbered Ethernet0 >>>>> no ip directed-broadcast >>>>> tunnel source Ethernet0 >>>>> tunnel destination 132.239.255.131 >>>>> tunnel mode ipip >>>> >>>>Unfortunately due to the way tunnels work in Cisco and other commercial >>>>routers you will >>>>need to repeat that 300 times with different destinations and setup 500 >>>>routes to route the >>>>traffic, and repeat that regularly because the destinations and routes >>>>change all the time. >>>> >>>>With a Linux system instead of the Cisco you can automate that very >>>>easily. There are >>>>possibilities to automate it on the Cisco (see that link Steve gave you) >>>>but still it will be a lot >>>>easier to just use a Raspberry Pi or other small Linux system. >>>> >>>>Rob >>>>

Ronen, In that case, you are correct in that the local default route will send the traffic out the ISP and without NAT, the request will fail. To fix this, use policy based routing on the ingress interface. In my config, you would add the policy to the fa0/1 interface. Use "ip policy route-map NET44-ROUTE-MAP" This will direct any 44.0.0.0 source OR destination traffic to the Tunnel1 interface to be routed by the UCSD for public access. Remember, any hosts that require public access via UCSD need a DNS entry for the host. Check with your 44net coordinator to have the entry added. Thanks Jesse - WC3XS Sent from my iPhone > On Dec 28, 2015, at 3:18 PM, Drorap &lt;drorap(a)netvision.net.il&gt; wrote: > > (Please trim inclusions from previous messages) > _______________________________________________ > Dear Jessie > Thank for the config it is very close to what i have done > I didnt use loopback and also didnt use tunnel source statement > > from the two following route lines > ip route 0.0.0.0 0.0.0.0 24.229.88.254 >> ip route 44.0.0.0 255.0.0.0 Tunnel1 > May i assume that if a client on your 44 segment want to gain acess a host on the internet say google.com (which have non 44 net adress ) it wil be routed direct to the ISP without tunnel and since it has a 44 net source ip it will be probebly be filter by the ISP and therefore it will not be able to be reached to the destination ? > if thats true how it can be overcome ? i want to give 44 network users acess to not only 44 network worldwide and more important to be able to reach these 44 net hosts from non 44 net IP (example is from work) > Please Advice > Thanks Forward > Ronen - 4Z4ZQ > http://www.ronen.org > > > ----- Original Message ----- From: "Jesse Hindmarsh" &lt;jesse(a)hindmarsh.cc&gt; > To: &quot;44Net(a)hamradio.ucsd.edu&quot; &lt;44net(a)hamradio.ucsd.edu&gt; > Sent: Monday, December 28, 2015 9:00 PM > Subject: Re: [44net] Using Cisco Router as a gateway ? > > >> (Please trim inclusions from previous messages) >> _______________________________________________ >> Rouen, >> >> I hope I have enough in the config as I stripped a lot out to send this to you. I am currently using a 3625 router and using it as a CME, DMVPN, and PPTP server as well as an AMPRNet gateway. I have the 44.56.192.0 255.255.254.0 subnet allocated to me. I am not sure if I have the route maps and route configuration setup correctly as I have my remote DMVPN endpoints shut down now and cannot troubleshoot. When you are testing, you should be able to ping 44.56.193.1 and telnet to that address as well. I have included notes below: >> >> >> ****************************************************************************************** >> >> ip name-server 44.64.192.254 <— DNS servers >> ip name-server 44.56.192.254 >> >> >> >> >> interface Loopback0 >> ip address 44.56.193.1 255.255.255.0 <— Using one of my subnet addresses for Loopback0 >> ! >> interface Tunnel1 <— Tunnel1 connecting to the AMPRNet gateway for all other traffic >> description Default AMPRNet tunnel >> ip unnumbered Loopback0 >> ip tcp adjust-mss 1360 >> tunnel source 24.229.88.253 >> tunnel destination 169.228.66.251 >> tunnel mode ipip >> >> ! >> ! >> >> interface FastEthernet0/0 <— Outside interface pointing to my ISP (static IP) >> ip address 24.229.88.253 255.255.255.240 >> ip mtu 1400 >> load-interval 30 >> duplex auto >> speed auto >> >> ! >> ! >> >> interface FastEthernet0/1 <— Inside interface for devices on my network >> ip address 44.56.192.254 255.255.255.240 >> load-interval 30 >> duplex auto >> speed auto >> >> ! This section was omitted and is generated by the encapconvertnew.pl script >> ! >> ! TUNNEL INTERFACES HERE >> ! >> >> ip local policy route-map NET44-ROUTE-MAP <— Route Map to force local generated traffic to Tunnel1 interface >> >> >> ip route 0.0.0.0 0.0.0.0 24.229.88.254 <— default route to ISP >> ip route 44.0.0.0 255.0.0.0 Tunnel1 <— route for all 44.0.0.0 traffic not specified by a configured Interface/Route entry >> >> ! >> ! This section was omitted and is generated by the encapconvertnew.pl script >> ! >> ! ROUTE STATEMENTS HERE >> ! >> >> ip access-list extended NET44-PBR <- Route map ACL for local generated traffic and other interfaces as needed >> permit ip any 44.0.0.0 0.255.255.255 >> permit ip 44.0.0.0 0.255.255.255 any >> ! >> route-map NET44-ROUTE-MAP permit 10 <- Route map for local generated traffic and other interfaces as needed >> match ip address NET44-PBR >> set default interface Tunnel1 >> >> ! >> ! >> ! >> end >> >> ***************************************************************************************** >> >> >> >> >> Thanks >> Jesse - WC3XS >> >> >> >>> On 12/28/15, 1:19 PM, "44Net on behalf of Drorap" &lt;44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of drorap(a)netvision.net.il&gt; wrote: >>> >>> (Please trim inclusions from previous messages) >>> _______________________________________________ >>> If your Gateway is a CISCO router may you please send me the config file >>> dealing with the interfaces ? (the Ethernet and the Tunnel ) ? and the >>> route commands so can take it as a reference ? >>> Thanks Forward >>> Ronen - 4Z4ZQ >>> http://www.ronen.org >>> >>> ----- Original Message ----- From: "Jesse Hindmarsh" &lt;jesse(a)hindmarsh.cc&gt; >>> To: &quot;44Net(a)hamradio.ucsd.edu&quot; &lt;44net(a)hamradio.ucsd.edu&gt; >>> Sent: Monday, December 28, 2015 5:30 AM >>> Subject: Re: [44net] Using Cisco Router as a gateway ? >>> >>> >>>> (Please trim inclusions from previous messages) >>>> _______________________________________________ >>>> My apologies, I am using a different script. That one I sent was not >>>> correct… >>>> >>>> Use http://ah6bw.ampr.org/encapconvertnew.pl >>>> >>>> Thanks >>>> Jesse - WC3XS >>>> >>>> >>>> >>>> >>>> On 12/27/15, 10:25 PM, "44Net on behalf of Jesse Hindmarsh" >>>> &lt;44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of >>>> jesse(a)hindmarsh.cc&gt; wrote: >>>> >>>>> (Please trim inclusions from previous messages) >>>>> _______________________________________________ >>>>> Going with Linux is definitely easier day to day, but I still use a Cisco >>>>> router. I am using a slightly modified script from KY9J that works well. >>>>> I start out with a saved base config on my router, then apply the config >>>>> generated by the script provided by KY9J. I don’t save the config after >>>>> that as it is too cumbersome to remove all the config before applying a >>>>> new config. >>>>> >>>>> The website for the script is http://www.ky9j.com/tools/ and the file is >>>>> encapconvert.pl >>>>> >>>>> Thanks >>>>> Jesse - WC3XS >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 12/27/15, 3:10 PM, "44Net on behalf of Rob Janssen" >>>>> &lt;44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of >>>>> pe1chl(a)amsat.org&gt; wrote: >>>>> >>>>>> (Please trim inclusions from previous messages) >>>>>> _______________________________________________ >>>>>>> Subject: >>>>>>> [44net] Using Cisco Router as a gateway ? >>>>>>> From: >>>>>>> Drorap &lt;drorap(a)netvision.net.il&gt; >>>>>>> Date: >>>>>>> 12/26/2015 10:22 PM >>>>>>> >>>>>>> To: >>>>>>> AMPRNet working group &lt;44net(a)hamradio.ucsd.edu&gt; >>>>>>> >>>>>>> >>>>>>> Hi there >>>>>>> I have started to config a Cisco rouer to serve as a gateway for the >>>>>>> AMPRNET >>>>>>> I put in the command the following lines >>>>>>> >>>>>>> interface Tunnel0 >>>>>>> ip unnumbered Ethernet0 >>>>>>> no ip directed-broadcast >>>>>>> tunnel source Ethernet0 >>>>>>> tunnel destination 132.239.255.131 >>>>>>> tunnel mode ipip >>>>>> >>>>>> Unfortunately due to the way tunnels work in Cisco and other commercial >>>>>> routers you will >>>>>> need to repeat that 300 times with different destinations and setup 500 >>>>>> routes to route the >>>>>> traffic, and repeat that regularly because the destinations and routes >>>>>> change all the time. >>>>>> >>>>>> With a Linux system instead of the Cisco you can automate that very >>>>>> easily. There are >>>>>> possibilities to automate it on the Cisco (see that link Steve gave you) >>>>>> but still it will be a lot >>>>>> easier to just use a Raspberry Pi or other small Linux system. >>>>>> >>>>>> Rob >>>>>>