Summary:

Objective 1: the goal is for the inside user Tiger 172.16.2.2 to be able to surf Internet

1.1 Security Policy + PAT

1.2 Test with Windows, and GNS3

Objective 2: an outsider should be able to http to a web server behind of our firewall

2.1 Security Policy + Static NAT

2.2 Test with GNS3

Details:

 

1.1 Security Policy + PAT

 

  • Security Policy

 

 

  • PAT

 

1.2 Test with Windows, and GNS3

  • I have a PC with IP address 172.16.2.2 aka Tiger. Make sure the Windows network adapter is associated with VMnet2 (same adapter with inside interface of the firewall.

  • GNS3 - alternatively, if you do not have an extra PC license, you can use gns3 to perform a similar test.

 

  • Add a pc, generic switch, then connect them; make sure to power them up

  • Now, we need configure virtual PC simulator to represent the inside user Tiger. I am using 172.168.2.3 since windows PC is assigned to .2 for Tiger.

  • Add a new security policy

  • Add a new PAT policy

  • Now test

2.1 Security Policy + Static NAT

 

  • Security Policy

 

  • Static NAT

 

2.2 Test with a virtual router in GNS3

  • Configure a virtual router (associated with vmnet1) with username, password, http enabled, IP, DG - see script below:

conf t
username admin privilege 15 secret admin
ip http server
ip http authentication local
interface fa0/0
no shutdown
ip address 172.16.1.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.1.1
end

wr


 

Open a browser go to http://10.1.1.101; enter username/password  - admin/admin