I have a customer that is a 2 office medical practice that has a VPN setup between the offices with an ASA5505 on each end. They have a T-1 at each office and they do RDP sessions from the remote office to the main office over the VPN. The trouble comes in when they try to transmit claims and I guess the provider on the other end can take the claims as fast as they can send them so it totally swamps the T-1 and kills the RDP sessions from the remote office.
So I have this in my configuration:
match flow ip destination-address
match tunnel-group 126.96.36.199
police output 500000 1500
The main question I have is this limiting the traffic over the VPN to 500K or is it reserving 500K for the VPN traffic? I have kind of seen it described both ways and even a description that indicated maybe the 5505 does it differently from anything else. The ASAs in question here are currently running 8.2(2).