Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How can I manage the bandwidth for Anyconnect clients on a asa 5550?

Hi,

How can I manage on a asa 5500 the maximum inbound and outbound traffic for a vpn session?

thx,

Marc

5 REPLIES
Cisco Employee

Re: How can I manage the bandwidth for Anyconnect clients on a a

AFAIK that is not a possibility. You may be able to restrict it to the tunnel-group that the AnyConnect clients are connecting to.

New Member

Re: How can I manage the bandwidth for Anyconnect clients on a a

Hi, that would I see as a huge improvement for the asa 5550 if that would be possible!

The only thing I am searching for now is how to block or lower the bandwidth in use by p2p (bittorrent over the vpn connection).

NBAR does not work on a ASA 5550.

Thx,

Marc

Cisco Employee

Re: How can I manage the bandwidth for Anyconnect clients on a a

Yes, it would be. The only way I can think of doing it per anyconnect client would be to create one acl per IP address that the client is going to get handed out, and then apply policing to it. Too much work though.

Re: How can I manage the bandwidth for Anyconnect clients on a a

Have a look at this link for P2P, but it does not cover torrents specifically

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Regards

Farrukh

New Member

Re: How can I manage the bandwidth for Anyconnect clients on a a

Hi Marc, I would probably use split tunnelling to keep internet traffic off your VPN tunnels, or failing that set up QOS on your network and limit the VPN to a certain portion of your overall bandwidth. With something like the below on the ASA you can limit how much of your bandwidth is allocated to your remote access or site-to-site connections by grouping them into classes and policing the bandwidth:

class PARTNER_CLASS

  police input 2048000 768000

  police output 2048000 768000

class VPN_CLASS

  police input 6144000 48000

  police output 6144000 48000

Obviously you'd also need a service policy applied to your outside interface, plus the ACL's, objects, etc, for the QOS.

2114
Views
0
Helpful
5
Replies