Can the ASA police flows based on the destination IP but not related to a VPN tunnel?
I am trying to set download rate limits to my users. Limit each individual IP to 2megs on Internet to help smooth out the peaks in the Intnernet pipe.
I am thinking that i want to match on destination IP in the direction of transmitting out the inside interface. This should give me a per IP flow policing policy but the ASA wants the 'match tunnel group' statement first so it seems the per flow policing feature is only usable within a tunnel? Do