ASA internet usage rate-limiting?

Unanswered Question
Apr 19th, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

I have a guest wireless subnet located off the inside interface of my ASA and I'm looking for a way to rate-limit them to 1Meg upload and download.  It seems that limiting upload speed is pretty straight forward, how do you achieve limiting downloads?

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 04/19/2010 - 12:36

Rate limiting/policing can be used using the "police input" command on the ASA's outside interface.

Here is a good example page http://supportforums.cisco.com/docs/DOC-1230

Keep in mind that if you police inbound you are not achieving much because your pipe is already full. It would be best to policy as close to the source as possible.

It will help though as TCP will converge to a speed closer to what your policing rate is.

I hope it helps.

PK

Actions

This Discussion