I have an ASA5510 with a T1 connection. I have a few users who download large files with a download manager that takes up all of my bandwidth and then everyone complains the internet is slow. Is there a way on the firewall to limit each connection to a maximum bandwidth so that one user cant take all of the bandwidth?
Like the other poster said, packeteer makes some things that will fix this. Also, forcing HTTP and FTP through a proxy server will allow you to limit throughput on a user basis. I have done this with Squid which allowed me to solve similar issues. In addition, a proxy server will lessen the load on the internet link. If most of the T1 is http, it can dramatically reduce the load.
Let me also comment that the root of this issue is a policy or personel issue. Sometimes the best solution to these issues is therefore not to spend a boatload of time and/or money on a technology solution but to implement a policy or procedure that state that download managers are not to be used in such a way as to degrade the T1 performance. Tell those users causing problems NOT TO DO IT AGAIN. Inform their managers they are causing service degredation and it needs to stop.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...