Below is a diagram that I have used to deploy this lab.
![](https://tungle.ca/wp-content/uploads/2022/04/image-444.png)
Create a new VPC.
![](https://tungle.ca/wp-content/uploads/2022/04/image-410.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-411.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-412.png)
Create and attach a new Internet gateway to your VPC.
![](https://tungle.ca/wp-content/uploads/2022/04/image-413.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-414-1024x305.png)
Create a new route to 0.0.0.0/0 to your Internet gateway.
![](https://tungle.ca/wp-content/uploads/2022/04/image-415-1024x410.png)
Launches a new CSR instance.
![](https://tungle.ca/wp-content/uploads/2022/04/image-416-1024x409.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-417.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-418.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-419.png)
Enter 10.0.0.10 on Primary IP setting.
![](https://tungle.ca/wp-content/uploads/2022/04/image-420-1024x662.png)
Security Group.
![](https://tungle.ca/wp-content/uploads/2022/04/image-421-1024x316.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-422-1024x525.png)
Go to Network interfaces, and create a new network interface for Router CSR.
![](https://tungle.ca/wp-content/uploads/2022/04/image-423.png)
Then attach this network to Router CSR.
![](https://tungle.ca/wp-content/uploads/2022/04/image-426.png)
Disable “Change/source/dest check” for both Cisco CSR interfaces.
![](https://tungle.ca/wp-content/uploads/2022/04/image-424.png)
Back to route tables, configure the new route to the private Cisco CSR interface.
![](https://tungle.ca/wp-content/uploads/2022/04/image-425-1024x431.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-427-1024x492.png)
SSH from putty to Cisco Router.
conf t
int g2
ip add 10.0.1.10 255.255.255.0
no shut
exit
ping 8.8.8.8
![](https://tungle.ca/wp-content/uploads/2022/04/image-429.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-430.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-431.png)
Launches a new Windows 2016 machine to test RDP traffic from the Internet.
![](https://tungle.ca/wp-content/uploads/2022/04/image-433.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-434-1024x416.png)
Enable SNAT and DNAT on the Router.
conf t
access-list 1 permit any
# Allow inside to outside
ip nat inside source list 1 interface g1 overload
# Allow outside to Windows server via the RDP service
ip nat inside source static tcp 10.0.1.174 3389 10.0.0.10 3389
int g1
ip nat outside
int g2
ip nat inside
![](https://tungle.ca/wp-content/uploads/2022/04/image-439.png)
Edit Router CSR Security Group and add RDP service into this group to allow RDP traffic from the Internet.
![](https://tungle.ca/wp-content/uploads/2022/04/image-437-1024x582.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-438-1024x574.png)
RDP to Elastic IP address of CSR Router.
![](https://tungle.ca/wp-content/uploads/2022/04/image-440.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-441.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-442-1024x643.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-443.png)