Summary:
Objective 1: the goal is for the inside user Tiger 172.16.2.2 to be able to surf Internet
1.1 Security Policy + PAT
1.2 Test with Windows, and GNS3
​
Objective 2: an outsider should be able to http to a web server behind of our firewall
2.1 Security Policy + Static NAT
2.2 Test with GNS3
Details:
​
​
1.1 Security Policy + PAT
-
Security Policy
​
​
-
PAT
​
1.2 Test with Windows, and GNS3
​
-
I have a PC with IP address 172.16.2.2 aka Tiger. Make sure the Windows network adapter is associated with VMnet2 (same adapter with inside interface of the firewall.
-
Configure PC's IP and test with i.e. https://www.cisco.com
​
-
GNS3 - alternatively, if you do not have an extra PC license, you can use gns3 to perform a similar test.
-
Add a pc, generic switch, then connect them; make sure to power them up
-
Now, we need configure virtual PC simulator to represent the inside user Tiger. I am using 172.168.2.3 since windows PC is assigned to .2 for Tiger.
-
Add a new security policy
-
Add a new PAT policy
-
Now test
2.1 Security Policy + Static NAT
​
​
-
Security Policy
​
​
​
-
Static NAT
​
2.2 Test with a virtual router in GNS3
​
-
Configure a virtual router (associated with vmnet1) with username, password, http enabled, IP, DG - see script below:
conf t
username admin privilege 15 secret admin
ip http server
ip http authentication local
interface fa0/0
no shutdown
ip address 172.16.1.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.1.1
end
wr
Open a browser go to http://10.1.1.101; enter username/password - admin/admin
