I have an ASA5510 and I want to pass voice and data through, I have configured the asa to do QOS, for voice I have done priority and for ftp I have done traffic policing max 56000 burst 10500.
the problem is that when i monitor the service class on the outside interface and the inside interface i see that info is seen corectly. packets are received and send for both voice and ftp but when i do a ftp session the bandwidth is not at 56000 but much more, almost all the line. for voice i see the pcakets go to the LLQ. ONLY PROBLEM IS THE BANDWIDTH.
I've been trying to find a way of policing FTP downloads but due to the dynamic port nature it makes using match access-list in the class map impossible so I've been trying to work out how to use inspect ftp to allocate to a policy-map so that it can be throttled in the same way all my static port traffic is controlled using police policies.
I have much the same situation as you with LLQ for voice on the outside interface and all the policing done using ACL matching on the inside interface.
Does anyone know how to get the police function to montior passive ftp connections?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...