Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA5510 v9.1 Allow specific protocols on vlan to outside

Hi there,

I Have an Cisco ASA5510 V9.1 with several VLAN's. One of the VLAN's (VLAN7) is an Guest Network.

I want the Guest network only allow specific protocols to the outside interface. For example only allow http,https,pptp.

Another question is to limit the bandwith on this VLAN7. So for example; i have an 60Mbit internet connection shared over the 7 VLAN's. To prevent VLAN7 to take to much bandwith i want for example a maximum throughput of 2Mbits.

Is this possible and how do i create those rules ?

Thanks

Robbert                  

2 REPLIES

Cisco ASA5510 v9.1 Allow specific protocols on vlan to outside

With ASDM it's very easy to create the ACL's in the Vlan7 IF.

ASA can do a policing for specific ACL's (ASDM - configuration - firewall - service policy rules). Also very easy with ASDM

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
VIP Green

Re: Cisco ASA5510 v9.1 Allow specific protocols on vlan to outsi

To limit the bandwidth used by the Guest network you could implemnt something like 
the following. The subnet 192.168.1.0/24 represents the guest network and Guest_int
represents the Guest network interface on the ASA.

access-list limit-bandwidth permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list limit-bandwidth tcp 192.168.1.0 255.255.255.0 any eq 443
access-list limit-bandwidth permit tcp 192.168.1.0 255.255.255.0 any eq 1723
class-map tcp_traffic match access-list limit-bandwidth

policy-map QoS

class tcp_traffic

police output 60000

 
service-policy QoS interface Guest_int

As for permit only certain protocols to the outside it is just a simple access list that needs to be applied to the Guest interface.

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 443

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 1723

access-group allowed_ports in interface Guest_int

-- Please remember to rate and select a correct answer
147
Views
0
Helpful
2
Replies