I have a question regarding Throttling Bandwidth on an ASA 5510.
Lets say for simplicities sake I Have two physical interfaces connected.
OUTSIDE - Connects to my ISP.
Inside - with 2 subinterfaces connected.
192.168.1.1/24 VLAN 5
10.10.1.1/24 VLAN 10
Now what I want to do is restrict the bandwidth to and from the 192.168.1.1/24 network to 2mb/s
limit the bandwidth to and from the 10.10.1.1/24 network to 1mb/s.
NOTE: The two internal networks cannot talk to each other.
Now I understand I can do something like this say for the 192.168.1.0/24 network.
access-list 2mbs_throttle extended permit ip host 188.8.131.52 any
access-list 2mbs_throttle extended permit ip any host 184.108.40.206
access-list 2mbs_throttle extended permit ip host 220.127.116.11 any
access-list 2mbs_throttle extended permit ip any host 18.104.22.168
where 22.214.171.124 is the 192.168.1.0's PAT'd address AND 126.96.36.199 is an internal servers NAT'ed (via a STATIC) public address.
match access-list 2mbs_throttle
police output 2000000 2000
police input 2000000 2000
service-policy restrict-bandwidth-policy interface outside
Does this look correct?
Is this restricting the total size of the servers NAT'ed behind 188.8.131.52 and 184.108.40.206 to 2mb/s with a small burst?
Also is there a better way of doing this? Could I somehow apply this policy to the VLANs?
Any help is very much appreciated.
No no, if the links are full duplex you have 2Mbps in each dirrection at the same time, so it is 2Mbps bidirectional.
That is what I meant.
I hope it makes sense.