Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Advice on traffic management and prioritisation best practise for the ASA?

We have an ASA (running v7.2 software) at our head office. We have a large number of remote connected sites which connect to head office via IPSEC VPN.

We have the one internet pipe which is shared by everything i.e. head office internet use, FTP transfers, VPN connections to remote sites, remote VPN users, etc.

The problem we have is that whenever the internet pipe is fully utilised which typically happens, for example, if we send software updates out to all our remote sites from a head office server, then this obviously has a knock-on effect on everything else - network speeds slow right down for all the remote offices, sometimes disconnections occur, etc. (We have tried limiting the number of updates sent out at the one time but will still find that the bandwidth is all used up, but just for shorter times)

What would people advise as the best practise for managing the traffic in this kind of set-up? What can be done in terms of prioritisation and bandwidth management of the traffic using the ASA itself?

What I don't want to do is to, for example, restrict the server that sends the software updates to, say, only 80% of the available bandwidth because there are times, when the network might be quieter, that we don't mind it grabbing all the bandwidth it can - I don't know if there is any practical way to allow it to “burst” to 100% at these times?

Any suggestions/advice on best practise for handling this kind of thing would be welcome!

Thanks.

1 REPLY

Re: Advice on traffic management and prioritisation best practis

You can configure QoS on the ASA and allow the updates out with a priority queue and rate limit non-critical traffic (ie web surfing).

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

Hope that helps

143
Views
3
Helpful
1
Replies
CreatePlease to create content