Please advise me about asa5510 feature,capabilities.
My question/problem :
My ISP provides 2 internet connection (1. 8mbps; 2. 2mbps) and his router change the paths if one goes down.
But if the second with 2 mbps is in use it is not enough for all inside network. And we have an inside host which is very inportant.
I have to allocate x bps minimum bandwidth for traffic between 1 inside host and 1 outside host on the outside interface.
The goal is: provide a minimum bandwith for traffic above when the other hosts use too much or all of the bandwidth.
But the above traffic must able to use more than the minimum if the others not use all of the remaining.
How can i do this with asa 5510, or which feature is what i have to use ? (if asa capable to do)
I tried qos features but dont works, but i hope there is a tricky way to solve this problem.
The important direction of this host is:
from inside to outside.
When i try to solve this with qos, my problem was that in the asa, can't set a subset of the network or some ip.
because the qos must be applied to all outgoing traffic on a physical interface.
and one another problem i think that the asa don't know when the 8mbps or wher the 2mbps internet access is active.?
so i don't know how to guarantee a fix bandwidth for this host which can expand if its possible.
You need to create a policy that calls a class in that class you reference an acl that defines your source and desintation.
What version of code are you running - you can use IP SLA is use a specific QoS policy I beleive.
I use asa823-k8.
i try this in test
access-list shape permit ip host 192.168.4.2 any
match access-list shape
class shape ----->here i think must set an action to take any effect
class class-default --------------->must use this class for shape
shape average 2000000 16000
service-policy qos_class ---------->dont take effect
service-policy qos_shape outside
yeah i know this page but
What do you think which feature will help me?
because with policing, packets are droped when the traffic reach a limit, so it is no good for me.
or priority queuing?
because with policing, packets are droped when the traffic reach a limit,
you have two possible solutions: either set the exceed action to transmit or configure the burst_bytes to a large enough value to meed your needs.
ciscoasa(config-pmap-c)# police output conform_rate burst_bytes conform-action transmit exceed-action transmit
A burst size of 12,000 bytes (eight 1500-byte packets) is configured:
ciscoasa(config-pmap-c)# police output 8000 12000 conform-action transmit exceed-action drop
The issue you have is this - how can the ASA know that the next hop has a bandwidth issue - answer, you can't.
So you need to answer the question - how much traffic MUST the inside host send to the outside host. Then you need to account for that in your policy if you have failed over to your lower speed circuit.