I have an ASA 5510 with the newest OS. The ASA is connected to a broadband internet connection.
Is there a way to limit per user traffic to a proportional subset of the total available bandwidth. As an example suppose a single user is accessing the internet, as the sole user they should be allowed to utilize the entire pipe. Suppose four other users begin accessing the internet resulting in a total of five internet users. At this point each user should be allowed to use a proportional amount of the internet connection, specifically one-fifth.
If that is possible I would prefer an even more intelligent route where all users are allowed as much bandwidth as they require unless another user is limited to less than a proportional amount. Suppose 5 users on a 1mbit connection. If 4 of the users were only utilizing 1/10 of the bandwidth each, the other user would be allowed to use the remaining bandwidth. In effect each user would be guaranteed a proportional bandwidth percent but if they aren't using that bandwidth it divided among the remaining users.
Is this possible with an ASA and if so can someone please offer a detailed config.
From what I can remember, this is not possible on ASA, unless you want to setup a QoS policy with each class matching ACL that matches specific user's source IP address and then police (rate limit) that class. Such configuration would not be flexible and dynamic as you requested. ASA has a per-flow QoS, but it only works for VPN tunnel-groups, where each external user's VPN connection would be rate limited to a specified bandwidth.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...