02-07-2013 02:20 PM - edited 03-11-2019 05:57 PM
Hi All,
I have a question, if someone can help me with it, it so appreciated!!
I have Cisco ASA 5505 with OS 8.2(5). I have 3Mbps WAN connection to it. what I need is how to do limit interface itself for 3Mbps. and then shape the traffic and with ability to give a balance for IP address use the bandwidth as fair not used by on IP if it do a massive download or so.
Another question can I do a outbound policy to inside interface to control the download and outbound policy to outside interface to control the upload??
Thanks in advance
Mike
02-07-2013 07:05 PM
Hello,
I have Cisco ASA 5505 with OS 8.2(5). I have 3Mbps WAN connection to it. what I need is how to do limit interface itself for 3Mbps. and then shape the traffic and with ability to give a balance for IP address use the bandwidth as fair not used by on IP if it do a massive download or so.
A/ You got to chooce whether to police the traffic ( Drop the traffic that does not follow the restriction ) or prioritize the traffic ( Hold the traffic that exceeds the limit on a software queue) So you first got to determine witch one to use as both of them would restrict traffic to 3 Mbps if properly setup. Now regarding the balance between ip there is no way to accomplish that, you could configure priority for certain traffic but the ASA will not allow you to get that deep into QoS ( ASA was not build to provide QoS stuff but eventhough that is not it's job it provides a fair QoS infrastructure)
Another question can I do a outbound policy to inside interface to control the download and outbound policy to outside interface to control the upload??
A/Police can be applied on more than one interface whether using a dedicated per interface service policy or one global , and police can be applied on any direction on a router but ASA speaking can be only applied on the outbound direction ... so if you want to do that you will be my guess
Give it a try and let us know the result
Regards,
Julio
Security Trainer
02-08-2013 06:26 AM
Thanks so much for your reply,
Really my main problem is that some users download something and that kills the bandwidth, so maybe we are going to look for another device that can help me with that. So even the new OS like V9 doesn't have any advance QoS?
So guest just for configuration or Lunch too
Mike
02-08-2013 09:26 AM
Hello,
You can do it majeda
The cisco documentation says that only outbound is possible but the input command is there and I have see many of posts with that so why don't you give it a try, I have seen it working so... I would say go for that.
It will be not that efficient because of the following statement:
The user has to bear in mind that traffic policed inbound on an interface cannot provide much as the packets have already hit the interface, which means they have already used the available bandwidth.
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide