Is QoS appropriate for this situation

Answered Question
Feb 23rd, 2010

Over the past couple of days I have read numerous articles and threads on QoS for the ASA 5510.  Here is my scenario that I am looking for information about.  My management will not allow me to block certain websites such as facebook, youtube, myspace etc.  Is there a way in the ASA 5510 running Software 8.0(2) to limit the about of bandwidth these users receive while visiting these websites? ie If a set of users visit facebook, can I limit their bandwidth to 512k instead of letting them eat up all 5 of my t1's?

Thanks in Advance

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 7 months ago


I would agree with the QoS configuration on the ASA.

You can use the MPF to configure QoS features such as policing and shaping very similar to an IOS router.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
l8nite4me2 Thu, 02/25/2010 - 08:24


Thank you for your reply.  I will review the link you posted as a solution.

Thank You

l8nite4me2 Fri, 02/26/2010 - 08:48

Federico had the first correct answer to this solution.  I have spent the last couple of days deciphering the instructions and laying out the command structure to implement this solution.  I really apprecaite everyones help and new the community would not let me down.

Thanks for all the great suggestions.

Panos Kampanakis Thu, 02/25/2010 - 14:00

You cannot do it exactly as you would like. You can match on HTTP GET field but those cannot be used for QoS.

In other words you would only be able to do it by matching the traffic to these website according to their ip after resolving their ip.

Here is a link that has examples

I hope it helps


PETER NEGUS Fri, 02/26/2010 - 01:54

Yes, I think it is.

The best way to do this is to look at the QoS guide at

What you need to do is:

Define class-map for the traffic that you wish to limit.

     You can fix YouTube, MySpace etc by doing a class map on the URL

     BitTorrent & SkyPe requires a bit more native cunning, You need to look for the TCP ports. Blocking the TCP ports doesn't work, as they then jump onto port 80 and give you even more headache.

Then define the policy-map.

     In preference to most of the examples, you need to SHAPE the traffic rather than Policing. Shaping allows the application to gracefully throttle the traffic, rather than policing which just kills the session.

Apply the policy to the inside interface of the ASA for traffic going into your network.

Try to keep the class map as simple as possible to avoid potential loading problems. Please tell me how you get on.

Best regards



This Discussion