I need someone to help me understand something. I have read several sources and they appear to state that this command has changed over the ASA versions so now I have no real idea if it works as I think.
I am using QOS over ASA tunnels - code level 8.2.5. I have a class for only tunneled-packets and I want to police (rate limit) the tunneled packets - not individual flows within the tunneled data. From what I gather this command will not do that. Example if I have five users in the tunnel all sending a lot of date to each of their 5 unique destination addresses with a police output of 10Mb, I think I could actually have 50 Mb going through that tunnel at one time. Is this correct?
I think I need to discard this command use a match access-list where the source and destinations are the subnets of the VPN sites that would go through this tunnel. That way I police all the packets in the tunnel to the set limit. Is this reasonnign correct?? Thanks.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...