I need clarification on the BW policies. With the new software release 4.x it is possible to specify a default BW policy which is applied to the public interface. And you can also specify a BW policy for every group and/or LAN-to-LAN. If you don't specify a specific BW policy, the default policy is applied. Let's say, for example, my default policy is 128 k. Does that mean every group and LAN-to-LAN gets 128 k each if nothing else is specified, or do all the groups and LAN-to-LANs in total get 128 k?
With the bandwidth policy applied to an interface, every user connecting to that interface will get a fixed amount of bandwidth. This amount depends on the configured value. If you leave it at the default, and if the default is 128K, every user will get 128K reserved bandwidth and also access to the remaining unreserved bandwidth. I found this great example in one of the documents. "Suppose the link rate on your public interface is 1,544 kbps. And suppose you apply a reserved bandwidth policy to that interface that sets the reserved bandwidth to the default: 56 kbps per user. With this link rate and policy setting, only a total of 27 users can connect to the VPN Concentrator at one time. (1544 kbps per interface divided by 56 kbps per user equals 27 connections.) The first user who logs on to the VPN Concentrator gets his reserved 56 kbps plus the remainder of the bandwidth (1488 kbps). The second user who logs on to the VPN Concentrator gets his reserved 56 kbps plus he shares the remainder of the bandwidth (1432 kbps) with the first user. When the twenty-seventh user connects, all users are throttled to their minimum of 56 kbps per connection. When the twenty-eighth user attempts to connect, the VPN Concentrator refuses the connection. It does not allow any additional connections because it cannot supply the minimum 56 kbps reserve to more users".
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :