Set up a Router CSR on AWS

Below is a diagram that I have used to deploy this lab.

Create a new VPC.

New Public subnet and Private subnet.

Create and attach a new Internet gateway to your VPC.

Create a new Public Route table.

Create a new route to to your Internet gateway.

Launches a new CSR instance.

Enter on Primary IP setting.

Security Group.

Go to Network interfaces, and create a new network interface for Router CSR.

Then attach this network to Router CSR.

Disable “Change/source/dest check” for both Cisco CSR interfaces.

Back to route tables, configure the new route to the private Cisco CSR interface.

SSH from putty to Cisco Router.

conf t
int g2
ip add
no shut

Launches a new Windows 2016 machine to test RDP traffic from the Internet.

Enable SNAT and DNAT on the Router.

conf t
access-list 1 permit any
# Allow inside to outside
ip nat inside source list 1 interface g1 overload
# Allow outside to Windows server via the RDP service
ip nat inside source static tcp 3389 3389
int g1
ip nat outside
int g2
ip nat inside

Edit Router CSR Security Group and add RDP service into this group to allow RDP traffic from the Internet.

RDP to Elastic IP address of CSR Router.