Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 - QOS for bandwidth limiting by IP address?


Is it possible to limit bandwidth on a certain IP from the inside to the internet with QOS on an asa 5510?

We have a web server in our DMZ that has multiple IP addresses. One for each website hosted on the server. One of the sites running off of a specific IP will be used to send out very large PDF files. I would like to limit the bandwidth of this site/IP to 4mbps without limiting any other site on that server. The traffic will be going out to the internet so it is not just internal.

Can someone let me know if this is possible and if so give a brief run down of what needs to be done? I've found threads with similar issues but i'd like to make sure this is possible with our specific scenario.

Any help is greatly appreciated.

Thank you.

New Member

Re: ASA 5510 - QOS for bandwidth limiting by IP address?

Hi Thomas,

This is possible. It can be done on the internal interface of the ASA or on the outside interface depending on where you want to Bandlimit the traffic. the procedure you would need to follow is as follows:

1. Create an ACL matching the traffic from the server to the destination or vice versa depending on how you wish to configure it.

2. Match this ACL in a class map as follows:

ASA(config)# class-map 
ASA(config-cmap)# match access-list

3. Define a Policy map that will be applied on the interface that you intend on policing the traffic for as follows:
   ASA(config)# policy-map
ASA(config-pmap)# class
ASA(config-pmap-c)# police 4000000

The input or output will depend on which interface you choose to apply the policing of traffic. If the internal interface is chosen,
then the input option would need to be used. Else on the external interface facing the internet, the output option needs to be used.

I have given you a template of this config assuming from your query statement that you want to limit only the traffic from the server tothe client and not vice versa.