ASA internet usage rate-limiting?

Unanswered Question
Apr 19th, 2010
User Badges:


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

I have a guest wireless subnet located off the inside interface of my ASA and I'm looking for a way to rate-limit them to 1Meg upload and download.  It seems that limiting upload speed is pretty straight forward, how do you achieve limiting downloads?


Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 04/19/2010 - 12:36
User Badges:
  • Cisco Employee,

Rate limiting/policing can be used using the "police input" command on the ASA's outside interface.


Here is a good example page http://supportforums.cisco.com/docs/DOC-1230


Keep in mind that if you police inbound you are not achieving much because your pipe is already full. It would be best to policy as close to the source as possible.

It will help though as TCP will converge to a speed closer to what your policing rate is.


I hope it helps.


PK

Actions

This Discussion