Creating Tunnel interface on Cisco

interface Tunnel0
ip address 172.19.2.2 255.255.255.0
tunnel source IP_ADDR
tunnel destination IP_ADDR
ip nat inside

interface FastEthernet3/0
ip address IP_ADDR 255.255.255.252
ip nat outside
no ip mroute-cache
load-interval 30
duplex full

Adding routes

ip route 172.19.3.0 255.255.255.0 tunnel0

ip access-list standard Ips
permit 172.19.2.2
permit 172.19.3.3

route-map VPN permit 10
match ip address Ips

Configuring NAT

ip nat inside source route-map VPN interface FastEthernet3/0 overload
ip nat inside source static tcp 172.19.3.3 2200 fas3/0_ip_addr 7200 extendable

!!! ip nat outside must be on the external interface where internet comes !!!

Linux Tunnel

[root@fastline ~]# ip tun add tun0 mode gre local LOCAL remote REMOTE ttl 255 <br/>
[root@fastline ~]# ip add add 172.19.3.3 dev tun0 <br/>
[root@fastline ~]# ip link set tun0 up <br/>
[root@fastline ~]# ip r a 172.19.2.0/24 dev tun0 <br/>
[root@fastline ~]# echo “201 tun” >> /etc/iproute2/rt_tables <br/>
[root@fastline ~]# ip rule add from 172.19.3.3 lookup tun <br/>
[root@fastline ~]# ip route add default via 172.19.2.2 table tun <br/>
[root@fastline ~]# /sbin/ip route flush cache <br/>

This way all traffic from 172.19.3.3 will be forwarded to 172.19.2.2.

ip r a 66.197.0.0/24 dev tun0 (Traffic from this network will go via tunnel)

Forwarding Traffic
Forward specific traffic:

[root@fastline ~]# iptables -A PREROUTING -t mangle -p tcp –dport 22 -j MARK –set-mark 0×22<br/>
[root@fastline ~]# iptables -t mangle -L -v<br/>
Chain PREROUTING (policy ACCEPT 28 packets, 346K bytes)
pkts bytes target prot opt in out source destination
1 40 MARK tcp — any any anywhere anywhere tcp dpt:ssh MARK set 0×22

[root@fastline ~]# ip rule add fwmark 0×22 lookup tun
[root@fastline ~]# ip route add default via 172.19.2.2 table tun

No related posts.