AIm of this lab is to configure CBAC trafic inspection on ISR 2911 "Router1" connecting the branch office to the Internet.
An inbound DENY ANY ANY access list is configured on the Gi0/2 interface of the router to deny all incoming flows from the internet. Despite this access list, the branch office laptops have to be able to access the 46.20.150.2 web server.
1. Activate security license on ISR 2911 router
2. Configure DHCP for the 192.168.1.0/24 LAN network. Gateway is 192.168.1.1 on Router 1. The first 8 IP addresses are reserved for network use and don't have to be used by LAN clients.
3. Configure NAT on Router 1 to allow branch laptops to access the Internet. Use the first standard access list to configure the source network and the Gi 0/2 interface for ourgoing trafic to the internet
4. Configure a named accesslist to deny all the inbound trafic from the internet and apply it on the internet facing network interface. The access-list will be named DENY_ANY
5. Configure CBAC to allow outbound HTTP trafic
6. Verify CBAC configuration by accessing http://46.20.150.2 from a laptop's web browser. CBAC inspection policy will be named ALLOWED_TRAFIC