Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 managing traffic.

We have an ASA 5510 running version 7 of the IOS. The firewall is connected to a 3rd Party Cisco Router (not permited to access ) which in turn is connected to a LES. The LES circuit is 10Mb.

As a school most of the traffic is HTTP based, in particular we have 3 key resources staff and students access via the web, a Virtual Learning Environment, a local council based Learning Platform and Mail servers. The problem I have is that the available bandwidth is being eaten up with 'student browsing', streaming video, music as well as 'normal' HTTP traffic and such like.

I know the ASA is capable of 'policing' traffic, but not at all sure how to set this up;

Forgive the incorrect terminology; what I want to do is 'reserve' 6Mb of the bandwidth for the VLE, SLP and Mail which is all HTTP based. As I said nearly all of our traffic is HTTP based so the only way to differentiate traffic would be via IP address'.

So the question is can you set up a way of 'reserving bandwidth', or 'prioritising bandwidth' for 3 specific IP addresses over and above other HTTP traffic?

I'm not asking you to write my config for me but if you could point me in the right direction that would be really appreciated.

Thanks for you time.


Re: ASA 5510 managing traffic.

Re: ASA 5510 managing traffic.

You can achieve this by policing traffic on the ASA box.

But prior to applying the commands, you need to correctly identify and classify the traffic based on the protocol / IP address.

You can refer to the example at this link.

In this example, it is configured as "police output" but in your case you may need to configure "police input", as the traffic for VLE, slp and mail are coming in to your network.



New Member

Re: ASA 5510 managing traffic.

Ok, a new dynamic to this..........thanks for the links by the way.

I used Netflow on the ASA ( the free version ) to get an overview of the traffic usage; key thing I noted was that the majority of bandwidth usage was incoming, which makes sense as it's video and music being streamed into the network.

Reading the docs on the various flavours of QoS, as I understand it  (and please I'm new at this so jump in where necessary) QoS polocies are applied only at the outbound interface on the basis that it's too late to manage traffic on the inbound as the bandwidth has already been used up. I also understand that the best QoS solutions are end to end, unfortunately we don't have that option.

Other aspects to consider, out side of teacher control, is that there are legitimate times when students and teachers need to stream video and music so a blanket ban is not an option.

So in essence I'm looking for a solution that would allow me to effectively segregate our 10Mb connection into 2 logical pipes, 6Mb for VLE, SLP and mail with the other 4Mb for everything else, so that no matter what is inbound it doesn't encroach on the 6Mb set aside unless it's traffic from the VLE, SLP and Mail servers............

Am I asking for something not yet created or have I got this completely ass about face as it were!!!