cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
22912
Views
5
Helpful
4
Replies

Limit Bandwidth on VPN tunnel on Cisco ASA

michaelnolan
Level 1
Level 1

Hi there,

I've a site to site VPN tunnel create with customer from local office. I'm concerned that the traffic on the tunnel in impacting the Internet bandwidth for the whole office. Is it possible to rate limit the bandwidth on the VPN tunnel. I've attached a configuration that shows the ASA configuration at the local office.

Any help would be much appreciate. I've looked at QoS mapping but finding it hard to make sense of it.

Many thanks,

Regards,

Michael.

1 Accepted Solution

Accepted Solutions

The QoS features supported on ASA are:
Policing, LLQ and Traffic Shaping

To prevent individual flows from hogging the network bandwidth, you can limit the maximum bandwidth used per flow (using Policing)
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you configure,
thus ensuring that no one traffic flow or class can take over the entire resource.
When traffic exceeds the maximum rate, the ASA drops the excess traffic. Policing also sets the largest single burst of traffic allowed.

Example of Police options:
hostname(config-pmap)# class policing_map_name
hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst]
[conform-action [drop | transmit]] [exceed-action [drop | transmit]]

i.e


hostname(config)# class-map policing-class
hostname(config-cmap)# match any
hostname(config-cmap)# policy-map QoS_policy
hostname(config-pmap)# class police_class
hostname(config-pmap-c)# police output 56000 10500

The configuration depends based on ''what'' do you want to limit the bandwitdh.

Federico.

View solution in original post

4 Replies 4

Michael,

You're looking for QoS.

Hope this link helps:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html

Federico.

Thanks Federico,

I was mainly wondering how it would fit into my configuration. Could you provide me a sample configuration that would work.

The QoS features supported on ASA are:
Policing, LLQ and Traffic Shaping

To prevent individual flows from hogging the network bandwidth, you can limit the maximum bandwidth used per flow (using Policing)
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you configure,
thus ensuring that no one traffic flow or class can take over the entire resource.
When traffic exceeds the maximum rate, the ASA drops the excess traffic. Policing also sets the largest single burst of traffic allowed.

Example of Police options:
hostname(config-pmap)# class policing_map_name
hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst]
[conform-action [drop | transmit]] [exceed-action [drop | transmit]]

i.e


hostname(config)# class-map policing-class
hostname(config-cmap)# match any
hostname(config-cmap)# policy-map QoS_policy
hostname(config-pmap)# class police_class
hostname(config-pmap-c)# police output 56000 10500

The configuration depends based on ''what'' do you want to limit the bandwitdh.

Federico.

Hi Federico, you've been a great help and I thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: