Re: ASA and outbound IA traffic

Chunkers2 · ‎10-21-2010

With a 5520 and dual ISP. The first ISP is a 100m circuit and all outbound traffic flows thru it. The 2nd ISP is a 4m circuit and all inbound traffic flows thru it. With a default route for the outbound INternet traffic, there is also a secondary default route that goes thru the 2nd ISP (4m). Can I rate limit this traffic so it does not overload the 4m? If so, how does this get accomplished?

Yudong Wu · ‎10-21-2010

here is an example about how to do rate-limit on ASA

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

Panos Kampanakis · ‎10-21-2010

Also, here is aa sample config that explains how to police certain traffic on the ASA https://supportforums.cisco.com/docs/DOC-1230#Traffic_Policing_with_Prioritization

I hope it helps.

PK

Chunkers2 · ‎10-21-2010

OK...this is a good information. I was informed that

the ASA will do "automatic" routing of the traffic in the event the first ISP goes down. Is this true? Basically, if the outbound internet traffic that flows thru ISP1 (100m) goes down, it will route the Internet traffic thru ISP2 (4m). Again, is that true? I'm a little skeptical of this. Also, he mentioned that you do not need to configure the ASA to acomplish this...hence being automatic.

Panos Kampanakis · ‎10-21-2010

It does not do it automatically.

It has a feature that is called SLA monitoring though that can accomplish this. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml You practically set 2 default routes, and the second has lower priority. You keep pinging from the primary and when you lose pings (went down) you fall back to the latter route.

I hope it helps.

PK