09-23-2007 08:12 PM - edited 03-03-2019 06:53 PM
Dear all,
I have setup a Cisco 871 router configured with VPN and Internet service. My line is a 1M line and I am wondering if there is a minimum or maximum bandwidth used for VPN.
When there is no traffic, how much bandwidth does a keep-alive traffic take if it is enabled?
Also, in what order does Cisco matches traffic first?
I have attached a my sample configuration.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TEST
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
!
no aaa new-model
ip cef
!
!
!
!
crypto pki trustpoint TP-self-signed-1579893558
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1579893558
revocation-check none
rsakeypair TP-self-signed-1579893558
!
!
crypto pki certificate chain TP-self-signed-1579893558
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
.
C1AB46A9 1B23B635 6781BBDC F24B6518 DAC5EEFB 521CF839 5E553763 C850049B 7F4470
quit
!
!
username admin privilege 15 secret 5 $1$J5X7$Lza4y093b9CI2eCPj3zN9.
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key jmdgpmwajjtd address <REMOTE_IP_ADDRESS>
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to<REMOTE_IP_ADDRESS>
set peer <REMOTE_IP_ADDRESS>
set transform-set ESP-3DES-SHA
match address 100
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
bandwidth 1024
ip address <ROUTER_IP_ADDRESS> 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
ip address 172.30.205.1 255.255.255.0
ip access-group 130 in
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 <GATEWAY_IP_ADDRESS>
ip route 133.0.0.0 255.0.0.0 172.30.162.254
ip route 172.30.159.0 255.255.255.0 172.30.162.254
ip route 172.30.160.0 255.255.255.0 172.30.162.254
ip route 172.30.161.0 255.255.255.0 172.30.162.254
ip route 172.30.162.0 255.255.255.0 172.30.162.254
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.30.205.0 0.0.0.255 133.0.0.0 0.255.255.255
access-list 100 permit ip 172.30.205.0 0.0.0.255 172.30.159.0 0.0.0.255
access-list 100 permit ip 172.30.205.0 0.0.0.255 172.30.160.0 0.0.0.255
access-list 100 permit ip 172.30.205.0 0.0.0.255 172.30.161.0 0.0.0.255
access-list 100 permit ip 172.30.205.0 0.0.0.255 172.30.162.0 0.0.0.255
access-list 101 deny ip 172.30.205.0 0.0.0.255 133.0.0.0 0.255.255.255
access-list 101 deny ip 172.30.205.0 0.0.0.255 172.30.159.0 0.0.0.255
access-list 101 deny ip 172.30.205.0 0.0.0.255 172.30.160.0 0.0.0.255
access-list 101 deny ip 172.30.205.0 0.0.0.255 172.30.161.0 0.0.0.255
access-list 101 deny ip 172.30.205.0 0.0.0.255 172.30.162.0 0.0.0.255
access-list 101 permit ip 172.30.205.0 0.0.0.255 any
!
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
login local
line vty 0 4
login local
transport input ssh
!
scheduler max-task-time 5000
end
09-28-2007 08:39 AM
With default settings router do not limit the bandwidth allocated for a VPN client. VPN client connection can get as much bandwidth as possible. You have to impose special QOS policies if you want to limit bandwidth.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide