08-13-2013 05:49 AM - edited 03-04-2019 08:44 PM
Hi
my DMVPN knowledge in relation to spefic nat and bandwidth throttle is kind of rusty so would like some advice.
Request :backup firewall. enable NAT on the gigabit interface 9WAN)
to access Internet limit connection speed up/down to 50/50Mbit
Basically request is divide the 100MBs WAN connection into a 50Mbs Firewall. other 50 Mbs sif for the DMPVN which work perfect no issues.
DMVPN
works and is in production.
WAN connection 100MBs
interface GigabitEthernet0/0
LAN
is a RFC 1918 address /24 subnet
Cisco 2901
IOS: c2900-universalk9-mz.SPA.151-4.M6.bin
08-13-2013 04:12 PM
Hi,
You need to enable NAT on the LAN facing interface and WAN facing interface. For bandwidth throttle, you need apply policy-map shaping for Internet traffic. You can shape to 50M for all traffic except DMVPN packets. This policy-map applies on WAN facing interface outbound direction.
HTH,
Lei Tian
HTH,
Lei Tian
Sent from Cisco Technical Support iPhone App
08-14-2013 09:42 AM
Hi Lei
Thanks fort the feedback think that I made a error in this configuration mentioned below.
if you have any info in relation to DMPVN and sharing the wan connection, in relation to good Qos (for spoke for their sharred wan connection dmpvn/internet and QoS for our Hub).
c2900-universalk9-mz.SPA.151-4.M6.bin
Cisco 2901 int gi0/0 WAN 100 Mbs
policy-map FW_
class class-default
police 100000000 conform-action transmit exceed-action drop
service-policy FW_Anubis
exit
!
class-map FW_Anubis
bandwidth percent 50
08-14-2013 06:26 PM
Hi,
The QoS policy should look similar to
Class-map Internet
match IP access-list Internet
Policy-map QoS
Class Internet
Shape 50m
Class class-default
IP access-list ex Internet
Deny IP DMVPN DMVPN
Permit IP any any
HTH,
Lei Tian
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide