Summary:
Objective 1: the goal is for the inside user Tiger 172.16.2.2 to be able to surf Internet
1.1 Security Policy + PAT
1.2 Test with Windows, and GNS3
Objective 2: an outsider should be able to http to a web server behind of our firewall
2.1 Security Policy + Static NAT
2.2 Test with GNS3
Details:

1.1 Security Policy + PAT
-
Security Policy

-
PAT

1.2 Test with Windows, and GNS3
-
I have a PC with IP address 172.16.2.2 aka Tiger. Make sure the Windows network adapter is associated with VMnet2 (same adapter with inside interface of the firewall.

-
Configure PC's IP and test with i.e. https://www.cisco.com

-
GNS3 - alternatively, if you do not have an extra PC license, you can use gns3 to perform a similar test.

-
Add a pc, generic switch, then connect them; make sure to power them up

-
Now, we need configure virtual PC simulator to represent the inside user Tiger. I am using 172.168.2.3 since windows PC is assigned to .2 for Tiger.

-
Add a new security policy

-
Add a new PAT policy

-
Now test

2.1 Security Policy + Static NAT

-
Security Policy

-
Static NAT

2.2 Test with a virtual router in GNS3
-
Configure a virtual router (associated with vmnet1) with username, password, http enabled, IP, DG - see script below:
conf t
username admin privilege 15 secret admin
ip http server
ip http authentication local
interface fa0/0
no shutdown
ip address 172.16.1.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.1.1
end
wr


Open a browser go to http://10.1.1.101; enter username/password - admin/admin

