Summary:
​
Objective: the goal is for an outsider to access our web server 172.16.1.3
​
1.1 Security Policy + Destination NAT
1.2 Test with a GNS3 router
​
​
1.1 Security Policy + Destination NAT
-
Destination NAT Policy (think as of NAT happens before security rules)
-
Security rule: Pre-NAT address, Post-NAT zone
1.2 Test with a virtual router in GNS3
​
-
Configure a virtual router (associated with vmnet1) with username, password, http enabled, IP, DG - see script below:
conf t
username admin privilege 15 secret admin
ip http server
ip http authentication local
interface fa0/0
no shutdown
ip address 172.16.1.3 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.1.1
end
wr
-
The rest of setup and configuration, see the notes of "Security Policy and Static NAT" session 2.2
