Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA Per-User Throttling

Hello,

I am well aware as how to create policies in the ASA for specific hosts or IPs but what I want to do is create a generalized policy that gets applied to all users on an interface but at a per-user level.

For example, I want to have all users on interface "inside" subjected to a 10meg policer per-user. Not 10meg policer applied to the whole inside interface. Same thing for connection limits. I want to limit at the granular level of per user so that each user can have only 100 connections coming from their individual IP.

 

The problem is that I can accomplish this with policy maps if I create one for each IP address but I need to do this for large subsets at a time (/24 blocks) and create a policy for each IP on that /24 is not practical.

 

Any thoughts or recommendations? I'm testing this on my ASA 5505 with 9.2 code.

3 REPLIES
Cisco Employee

Hi,This would not be possible

Hi,

This would not be possible to configure on the ASA device. You would have to create Specific polices for every user separately to apply the user limit for policing the traffic.

Thanks and Regards,

Vibhor Amrodia

Community Member

Aside from the config being

Aside from the config being massive, is there a limitation on the amount of individual user policers allowed?

Cisco Employee

Hi,You have a limit for

Hi,

You have a limit for Number of Class-Maps inside of the policy of 256.

If this is something important as a requirement , you can try it although this is something not recommended.

Thanks and Regards,

Vibhor Amrodia

56
Views
0
Helpful
3
Replies
CreatePlease to create content