Help - ASA 5525

ron.pickar — Tue, 12 Mar 2019 07:37:55 GMT

Hello,

I'm setting up rate limiting on an ASA with the police command. I can't seem to find if this is a per host basis or if my entire group will be limited to the set threshold. If I use an ACL to include RFC 1918 and permit the rate limit on the inside interface outbound and set police to 10000000 will that include the entire object group or will that be on a per ip basis within the range?

My goal is to limit on a per user or IP basis to 10Mb.

object-group network RATE_LIMIT_PERMIT

group-object RFC_1918

access-list RATE_LIMIT_INTERNET_TRAFFIC extended permit ip object-group RATE_LIMIT_PERMIT any

class-map RATE_LIMIT_INET

match access-list RATE_LIMIT_INTERNET_TRAFFIC

policy-map RATE_LIMIT_INET_POLICY

class RATE_LIMIT_INET

police output 10000000 1875000

service-policy RATE_LIMIT_INET_POLICY interface inside

Thanks in advance,

Ron

if you want per user

Tagir Temirgaliyev — Tue, 19 Apr 2016 01:32:16 GMT

if you want per user limitation so you must make ACL for each user and class-map for each user

That was my fear. That will

ron.pickar — Tue, 19 Apr 2016 13:13:52 GMT

That was my fear. That will be too much overhead to create. Is there a better option to limit on a per user basis within the ASA?

Thanks,

Ron

topic Help - ASA 5525 in Network Security

Help - ASA 5525

if you want per user

That was my fear. That will