cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
632
Views
5
Helpful
3
Replies

DMVPN and wan connection nat dedicated for FW

j.bontje
Level 1
Level 1

Hi

my DMVPN knowledge in relation to spefic nat and bandwidth throttle is kind of rusty so would like some advice.

Request :backup  firewall.  enable NAT on the gigabit interface 9WAN)

to access Internet limit connection speed up/down to 50/50Mbit

Basically request is divide the 100MBs WAN connection into  a 50Mbs Firewall. other 50 Mbs sif for the DMPVN which work perfect no issues.

DMVPN

works and is in production.

WAN connection 100MBs

interface GigabitEthernet0/0

LAN

is a RFC  1918 address /24 subnet

Cisco 2901

IOS: c2900-universalk9-mz.SPA.151-4.M6.bin

3 Replies 3

Lei Tian
Cisco Employee
Cisco Employee

Hi,

You need to enable NAT on the LAN facing interface and WAN facing interface. For bandwidth throttle, you need apply policy-map shaping for Internet traffic. You can shape to 50M for all traffic except DMVPN packets. This policy-map applies on WAN facing interface outbound direction.

HTH,
Lei Tian

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

Hi Lei

Thanks fort the feedback think that I made a error in this configuration mentioned below.

if you have any info in relation to DMPVN and sharing the wan connection, in relation to good Qos (for spoke for their sharred wan connection dmpvn/internet and QoS for our Hub).

c2900-universalk9-mz.SPA.151-4.M6.bin

Cisco 2901 int gi0/0 WAN 100 Mbs

policy-map FW_

class class-default

  police 100000000 conform-action transmit exceed-action drop

  service-policy FW_Anubis

exit

!

class-map FW_Anubis

  bandwidth percent 50

Lei Tian
Cisco Employee
Cisco Employee

Hi,

The QoS policy should look similar to

Class-map Internet
match IP access-list Internet
Policy-map QoS
Class Internet
Shape 50m
Class class-default
IP access-list ex Internet
Deny IP DMVPN DMVPN
Permit IP any any

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco