I'm trying to get a service-policy setup that rate-limits the http traffic our users are creating by surfing the net. In our case, our asa actually sits with our ISP, so I'm trying to cut down on the bandwidth costs the http traffic is taking up from the inside interface of the asa across our wan link to our home office.
We have an internal proxy server that all the users in the company use for accessing the internet. This is perfect, cause it's only the traffic to this proxy server that I want to limit.
Proxy server: 192.168.1.5 (is on the inside interface of the asa)
Our ASA already has the default "service-policy global_policy global" command in there along with the default-inspection and I don't intend on changing that unless I have to.
So, I've created this:
access-list in_http extended permit tcp any host 192.168.1.5
match access-list in_http
police output 500000 50000
service-policy in_http interface inside
My question is, on the service-policy command, should I apply that policy to the inside interface of the asa or the outside interface? I want to police the traffic coming into our firewall destined for 192.168.1.5 (our proxy server) on the inside interface. I'm hoping the ACL I created there matches all the traffic destined for the server..
Here's a clip from a "show connection" on the asa that shows an internet connection from the proxy server:
TCP out xxx.xxx.xxx.xxx:80 in 192.168.1.5:4301 idle 0:00:07 bytes 3763 flags UIO
QoS is a traffic-management strategy that lets you allocate network resources for both mission-critical and normal data, based on the type of network traffic and the priority you assign to that traffic. In short, QoS ensures unimpeded priority traffic and provides the capability of rate-limiting (policing) default traffic.
For example, video and voice over IP (VoIP) are increasingly important for interoffice communication between geographically dispersed sites, using the infrastructure of the Internet as the transport mechanism. Firewalls are key to securing networks by controlling access, which includes inspecting VoIP protocols. QoS is the focal point to provide clear, uninterrupted voice and video communications, while still providing a basic level of service for all other traffic passing through the device.
Refer to Applying QoS Policies for more information
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :