I'm building up my iWan skills, and in the most recent CVD (Cisco Validated Design) for iWan, Cisco recommends setting up an FVRF (Front Door VRF) for each internet connection you have at a site.
FVRFs allow your WAN routing to exist in a separate VRF from your internal network. There is security there, but it also allows for your default routes to the internet to not even risk being redistributed into your internal routing domain.
Now, I don't have access to any images in GNS3 to run the full iWan, but I do have images capable of running FVRFs, so that's what I've built here.
Download the GNS3 and Do It Yourself
Files are here: https://1drv.ms/f/s!AliOPzHSO-Gng6BvZdB1wkuBgPnrFA
Good luck out there.
Kyler
Kyler