Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
4
Helpful
4
Replies

How to implement Bandwidth Reservation by Subnet?

terryb0202
Level 1
Level 1

‎10-11-2011 12:19 AM

Hi,

We have a single Internet connection which is shared by 2 DMZs, LAN and VPN to DR (remote site). The web servers in DMZ suffer when traffice utilisation is heavy due to user or remote site activity.

We would like to implement strategy to reserve/dedicate specific bandwidth for each subnet, eg as below:

DMZ1 = 10 Meg

DMZ2 = 5 Meg

DR = 10 MB

LAN = 25 MB

Is it possible and how can this be achieved?

What additional hardware/software is required?

Currently we have following configuration:

10 Meg Internet Bandwidth - will increase to 50 MB.

2 x ASA5510 devices in primary/standby configuration.

3 x Subnets (DMZ1, DMZ2 and LAN) - Each subnet on separate ASA Interface.

VPN to remote site via ASA.

Thank you

Tez

Labels:
0 Helpful
4 Replies 4

terryb0202
Level 1
Level 1

‎10-17-2011 11:35 PM

Any body got any clue on this?

0 Helpful

Majed Saeed
Level 1
Level 1

‎10-20-2011 08:59 AM

hi terry ,

you can do that with policy-map implementation in the router . briefly i will tell you how can this done :

1. put each subnet belong to differennt ip access-list or ip prefix-list ..

2 . configure policy-map with help of class-map for each subnet .. according to this , you can configure each policy-map

you want with how much you want to give this subnet ....

for example ...

DMZ1 = 10 Meg ..... has policy-map name DMZ1

DMZ2 = 5 Meg ..............has policy-map name DMZ2 .......and so on for each policy ..

DR = 10 MB

LAN = 25 MB

actually ,,, i'm not professional on this , because this called QoS in cisco .. hence you can get more help from experts

in this regard ..

rgds.

majed

terryb0202
Level 1
Level 1
In response to Majed Saeed

‎10-20-2011 09:51 AM

Hi Majed,

Thanks for the info, yes each subnet is already in separate access-list and on separate interface, so that bit is ok. I'm not sure if ASA 5510 got this functionality or will need to install a router infront of ASA... I will do some research on that...

Thanks,

Tez

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to terryb0202

‎10-20-2011 10:15 AM

Tez,

Yes the policy map and class maps will need to be on a router (or L3 switch with routing features). There should be one already between the ASA and your Internet provider. Assuming it's under your control, that's where you would put the policy maps Majed described.

You could potentially achieve something similar with use of QoS and shaping directly on the ASA but a router is much better suited for this function than a security device.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents