Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
3
Replies

Bandwidth Allocation

ronald.ramzy
Level 1
Level 1

‎06-12-2009 12:56 PM - edited ‎03-09-2019 10:21 PM

Hi,

My Setup is :-

Internet----Internet_RTR----PIX----L3_Switch

Internet Bandwidth = 3MB

We are hosting Servers and LAN Users browse internet using the same link.

I want to dedicate internet Bandwidth as

Web-Server Hosting = 2MB

Internet_Browsing for Lan Users = 1MB

LAN Users are on VLAN#5

Web-Server on VLAN#10

Microsoft_ISA_Server on VLAN #15 ( Internet Proxy Server to share internet for LAN Users )

Lan_Users : 192.168.100/24

Web_server : 10.10.10.1/24

Microsoft ISA_Server : 192.168.1.0/24

Pix Firewall IP : 172.20.17.1/29

L3_Switch IP : 172.20.17.2/29

Can Someone Help based on the information how could i allocate bandwith for services.

Labels:
0 Helpful
3 Replies 3

branfarm1
Level 4
Level 4

‎06-26-2009 02:58 PM

What PIX OS version are you running?

0 Helpful

victor_87
Level 1
Level 1

‎06-28-2009 04:55 AM

You can do tis on either the L3 switch, PIX (v 7.0 +) and Ur Internet router.

On the L3 switch this can be done on the L3 link connecting to the firewall. On the PIX inside interface if ios version is greater than or equal to 7.0, and on the internet router Inside interface if you are no doing NAT on the PIX and doing it on the router.

For doing this u need to write down access-lits differnetiating the server and proxy etc.

then u need to create class-map and match the access-lists into them, create policy-maps and intergrate the classes into them and finally bind it to the interface using a service policy.

I can provide the detail config which i have to spend some time, but i suggest you to do some reading w.r.t "Policing (QOS)" in order to understand what ur are doing so that u can handle any issues that might occur later.

All the best.

0 Helpful

BrinksArgentina
Level 1
Level 1

‎07-10-2009 04:54 AM

Please note that inbound and outbound traffic need diferent policies.

I wrote this post some weeks ago for inbound traffic:

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cd34c23/3#selected_message

You need one external address for each policy.


Guido.

Please rate all the helpful comments.

0 Helpful
Customers Also Viewed These Support Documents