Summary:

Objective: the goal is for an outsider to access our web server 172.16.1.3 

1.1 Security Policy + Destination NAT 

1.2 Test with a GNS3 router

1.1 Security Policy + Destination NAT 

  • Destination NAT Policy (think as of NAT happens before security rules)

  • Security rule: Pre-NAT address, Post-NAT zone

1.2 Test with a virtual router in GNS3

  • Configure a virtual router (associated with vmnet1) with username, password, http enabled, IP, DG - see script below:

conf t
username admin privilege 15 secret admin
ip http server
ip http authentication local
interface fa0/0
no shutdown
ip address 172.16.1.3 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.1.1
end

wr

 

  • The rest of setup and configuration, see the notes of "Security Policy and Static NAT" session 2.2