Does the PIX (Version 6.3 or earlier) support policy-based traffic shaping through the firewall and control the amount of bandwidth used on a given interface (outside, inside or DMZs)? For example, limit (or even guarantee) the amount of traffic based on protocol (HTTP, FTP etc) used for outgoing connections to untrusted sites on a per User basis (or source IP basis)?
You cannot use policy NAT to accomplish the items you had in your orginal post. Policy NAT and Policy routing are completely seperate technologies. The idea of policy NAT is to allow the PIX to NAT the IP address on packets based on the destination address. As you can see, this will not help in limiting bandwidth. I believe this is something we are looking at. If this is something you need/require, I would suggest contacting your local account team.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...