ASA 5510 - QOS for bandwidth limiting by IP address?
Is it possible to limit bandwidth on a certain IP from the inside to the internet with QOS on an asa 5510?
We have a web server in our DMZ that has multiple IP addresses. One for each website hosted on the server. One of the sites running off of a specific IP will be used to send out very large PDF files. I would like to limit the bandwidth of this site/IP to 4mbps without limiting any other site on that server. The traffic will be going out to the internet so it is not just internal.
Can someone let me know if this is possible and if so give a brief run down of what needs to be done? I've found threads with similar issues but i'd like to make sure this is possible with our specific scenario.
Re: ASA 5510 - QOS for bandwidth limiting by IP address?
This is possible. It can be done on the internal interface of the ASA or on the outside interface depending on where you want to Bandlimit the traffic. the procedure you would need to follow is as follows:
1. Create an ACL matching the traffic from the server to the destination or vice versa depending on how you wish to configure it.
2. Match this ACL in a class map as follows:
ASA(config)# class-map ASA(config-cmap)# match access-list
3. Define a Policy map that will be applied on the interface that you intend on policing the traffic for as follows: ASA(config)# policy-map ASA(config-pmap)# class ASA(config-pmap-c)# police 4000000
The input or output will depend on which interface you choose to apply the policing of traffic. If the internal interface is chosen, then the input option would need to be used. Else on the external interface facing the internet, the output option needs to be used.
I have given you a template of this config assuming from your query statement that you want to limit only the traffic from the server tothe client and not vice versa.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...