Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
2
Replies

Limit http/https user's downloads

epasqualotto
Level 1
Level 1

‎08-04-2017 06:55 AM - edited ‎03-12-2019 02:46 AM

Dear all, I've an ASA 5516 and I'm trying to limit the http based traffic download from users.

192.168.99.0/24 is my local network and I'm using these rules:

access-list global_mpc extended permit tcp any 192.168.99.0 255.255.255.0 eq www

class-map global-class1
 match access-list global_mpc
!

class global-class1
  inspect http
  police input 100000 1500
  police output 100000 1500

But it doesn't work, it works only if I remove "eq www" so limit for the download on every port.

Anyone have suggestions?

Labels:
0 Helpful
2 Replies 2

mvsheik123
Level 7
Level 7

‎08-07-2017 04:07 PM

Hi,

Can you try by changing ACL to...

access-list global_mpc extended permit tcp any eq www 192.168.99.0 255.255.255.0 

Thx

MS

0 Helpful

epasqualotto
Level 1
Level 1
In response to mvsheik123

‎08-07-2017 11:51 PM

I'll make a test on next days by using cli. With ASDM there's no option to set the source port (only destination) when configuring ACL for QoS.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card