cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


534
Views
0
Helpful
2
Replies
Highlighted
Beginner

Rate limit http/https traffic on Cisco ASA5510 firewall

 

 

We've implemented (or tried to) a rate limiting policy to drop http/https packets that exceed 4meg although it doesn't seem to work or have any impact on internet downloads as users are still able to download files and consume the full amount of bandwidth.

The ASA config is attached

The config was roughly based on content from this URL...

 

https://supportforums.cisco.com/discussion/10985866/traffic-rate-limiting-cisco-asa-5510

I must have missed something?

2 REPLIES 2
Frequent Contributor

I am using ASA Version 8.2(5

I am using 

ASA Version 8.2(5)46 

and as I know asa policy map works only in output direction

policy-map qos

 class qos

  police input 4000000

  police output 4000000

now it works only when you upload data to web servers

if you want to limit speed when downloading data from web servers so you need to do

access-list http_traffic extended permit tcp any  eq www any

access-list http_traffic extended permit tcp any  eq https any

service-policy qos interface LAN

Cisco Employee

Hi,if you have policy-map

Hi,

if you have policy-map applied on the ASA Interface , it will be bidirectional.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wp1099596

Also , the ACL should be like this and then it will work:-

access-list http_traffic extended permit tcp any  eq www any

access-list http_traffic extended permit tcp any  eq https any

access-list http_traffic extended permit tcp any any eq www

access-list http_traffic extended permit tcp any any eq https

Thanks and Regards,

Vibhor Amrodia