Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISA 550 - Limit Bandwidth for VPN connection

Is there a way to limit the amount of bandwidth a site-to-site VPN  uses on the ISA 550. I know you can set up QoS but QoS seems to be geared more towards guarenteeing or prioritizing rather than simply limiting the amount of bandwidth used by the Site-to-site tunnel. We have a customer that has an application that has attempted to push a large amount of traffic over the VPN and ends up maxing out the customer's provisioned upload speed from the ISP and latency begins to jump up over 2000 ms. We're working with the software vendor to get this issue fixed but it seems like there should be a fairly straightforward way to tell the ISA limit the amount of bandwidth the VPN tunnel can use so this doesn't happen.

  • Small Business Security
1 ACCEPTED SOLUTION

Accepted Solutions

ISA 550 - Limit Bandwidth for VPN connection

Sorry, couple of changes to that config.  See below.

  • •1) From within the ISA500 Config Utility, select Networking on the left
  • •2) Expand QoS and select General Settings
  • •3) Select to Enable WAN QoS and select Save
  • •4) Expand WAN QoS and select Traffic Selector (Classification)
  • •5) Select Add
  • •a. Class Name: VPN (In)
  • •b. Source Address: Remote_VPN_Network
  • •c. Destination Address: Local_VPN_Network
  • •d. Select OK
  • •6) Select Add (again)
  • •a. Class Name: VPN (Out)
  • •b. Source Address: Local_VPN_Network
  • •c. Destination Address: Remote_VPN_Network
  • •d. Select OK
  • •7) Select Save
  • •8) Select QoS Policy Profile under QoS -> WAN QoS in the Networking section on the left
  • •9) Select Add
  • •a. Policy Name: VPN (In)
  • •b. Select the Inbound Traffic radio button
  • •c. Select Add
    • i. Select VPN (In) from the Class drop down menu
    • ii. DSCP Marking: None
    • iii. CoS Marking: 7
    • iv. Rate-limiting: 512
    • v. Select OK
  • •d. Select OK
  • •10) Select Add (again)
  • •a. Policy Name: VPN (Out)
  • •b. Select the Outbound Traffic radio button
  • •c. Select Add
    • i. Select VPN (Out) from the Class drop down menu
    • ii. Queue: Q1
    • iii. DSCP Marking: None
    • iv. Rate-limiting: 128
    • v. Select OK
  • •d. Select OK
  • •e. Select Save

    Shawn Eftink
    CCNA/CCDA

    Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

    Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
    4 REPLIES

    Re: ISA 550 - Limit Bandwidth for VPN connection

    Rate limit, I believe so. I'm doing it with a Guest WiFi network, so I don't see why it wouldn't work for the VPN traffic as well. A fairly straightforward way, not so much. Try this. It should rate limit it to 512K/128K. Obviously you can adjust to whatever bandwidth you want.

    • •1) From within the ISA500 Config Utility, select Networking on the left
    • •2) Expand QoS and select General Settings
    • •3) Select to Enable WAN QoS and select Save
    • •4) Expand WAN QoS and select Traffic Selector (Classification)
    • •5) Select Add
      • •a. Class Name: VPN (In)
      • •b. Source Address: Any
      • •c. Destination Address: VPN_Network
      • •d. Select OK
    • •6) Select Add (again)
      • •a. Class Name: VPN (Out)
      • •b. Source Address: VPN_Network
      • •c. Destination Address: Any
      • •d. Select OK
    • •7) Select Save
    • •8) Select QoS Policy Profile under QoS -> WAN QoS in the Networking section on the left
    • •9) Select Add
      • •a. Policy Name: VPN (In)
      • •b. Select the Inbound Traffic radio button
      • •c. Select Add
        • i. Select VPN (In) from the Class drop down menu
        • ii. DSCP Marking: None
        • iii. CoS Marking: 7
        • iv. Rate-limiting: 512
        • v. Select OK
      • •d. Select OK
    • •10) Select Add (again)
      • •a. Policy Name: VPN (Out)
      • •b. Select the Outbound Traffic radio button
      • •c. Select Add
        • i. Select VPN (Out) from the Class drop down menu
        • ii. Queue: Q1
        • iii. DSCP Marking: None
        • iv. Rate-limiting: 128
        • v. Select OK
      • •d. Select OK
      • •e. Select Save

    Shawn Eftink
    CCNA/CCDA

    Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

    Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

    ISA 550 - Limit Bandwidth for VPN connection

    Sorry, couple of changes to that config.  See below.

    • •1) From within the ISA500 Config Utility, select Networking on the left
    • •2) Expand QoS and select General Settings
    • •3) Select to Enable WAN QoS and select Save
    • •4) Expand WAN QoS and select Traffic Selector (Classification)
    • •5) Select Add
    • •a. Class Name: VPN (In)
    • •b. Source Address: Remote_VPN_Network
    • •c. Destination Address: Local_VPN_Network
    • •d. Select OK
    • •6) Select Add (again)
    • •a. Class Name: VPN (Out)
    • •b. Source Address: Local_VPN_Network
    • •c. Destination Address: Remote_VPN_Network
    • •d. Select OK
    • •7) Select Save
    • •8) Select QoS Policy Profile under QoS -> WAN QoS in the Networking section on the left
    • •9) Select Add
    • •a. Policy Name: VPN (In)
    • •b. Select the Inbound Traffic radio button
    • •c. Select Add
      • i. Select VPN (In) from the Class drop down menu
      • ii. DSCP Marking: None
      • iii. CoS Marking: 7
      • iv. Rate-limiting: 512
      • v. Select OK
    • •d. Select OK
    • •10) Select Add (again)
    • •a. Policy Name: VPN (Out)
    • •b. Select the Outbound Traffic radio button
    • •c. Select Add
      • i. Select VPN (Out) from the Class drop down menu
      • ii. Queue: Q1
      • iii. DSCP Marking: None
      • iv. Rate-limiting: 128
      • v. Select OK
    • •d. Select OK
    • •e. Select Save

      Shawn Eftink
      CCNA/CCDA

      Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

      Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
      New Member

      ISA 550 - Limit Bandwidth for VPN connection

      Thanks Shawn,

      That worked perfectly! We were able to get things running smoothly after putting in the QoS policy and using the rate limiting. Appreciate the help!

      Doug

      Re: ISA 550 - Limit Bandwidth for VPN connection

      Fantastic!! I'm happy to assist.

      Sent from Cisco Technical Support iPhone App

      Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
      724
      Views
      0
      Helpful
      4
      Replies
      This widget could not be displayed.