04-21-2009 12:13 AM
Can I police bandwidth for my VPN sessions on ASA?
I didn't find that in ASDM
04-21-2009 02:59 AM
You would need to write an ACL with destination/source IP then apply the bw limitations based on the ACL.
HTH>
04-21-2009 03:10 AM
With this I will not police VPN session. I will police all VPN traffic. Am I right?
04-21-2009 03:18 AM
MMMM that all depends on how you have your VPN tunnels configured and where you actually apply the policy.
If the traffic is entering a VPN tunnel over the internet - simple QoS will not fix the issue.....as how can you tell the VPN encrypting device there is congestion 2 hops away in the internet - you can't.
Please explain your issue and topology with as much detail as you have and lets see if we can fix it. All info in a diagram would be best - real IP addresses are not required for this.
HTH>
04-21-2009 03:54 AM
Inside -> ASA <- INTERNET
Users from Internet connects via Cisco VPN Client with ASA. Some users take too much bandwidth. I want to fix that, I want to allocate bandwidth for each VPN sessions and police or shape them with threshold 1Mbps
04-21-2009 04:46 AM
OK - not sure if you can do it per users/session, but I suppose if each user gets a specific IP every time then it's possible.
In the past I have performed QoS Policing on a specific group of users = the tunnel remtoe VPN group.
HTH>
04-23-2009 09:43 AM
Maybe this will be helpful.
04-23-2009 08:09 PM
This link doesn't open
Forbidden File or Application
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: