Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1175
Views
0
Helpful
5
Replies

ASA 5516 traffic shaping

Tibor M
Level 1
Level 1

‎04-04-2022 03:42 PM

Hi,

 

could somebody help me and tell me if is possible to configure ASA 5516 (just ASA, not firepower, we have firepower shutdown) traffic shaping in way that each user can use maximum of 80% of uplink speed for downloads (in case of single download) and if more users users downloading so sum of all downloads speeds again max 90% of uplink speed? and if possible put here some example please?

 

We never faced the issue, but now we facing problems that single user can drop whole 200/200mbps uplink, so I want to ensure that even if anybody start download, there will be still some reserve for other users especially on VPN. Not sure why, but it looks when anybody downloads large files, ASA start dropping other users.

 

We currently do not have any QoS configured on our Nexus and Catalyst switches as we are worried it could break much more than help, especially our NFS datastores. That's why I look for traffic shaping. Also as we have Firepower turned off, we do not know if it could help us with shaping, we want rather native ASA OS config.

 

Thank

 

 

0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎04-04-2022 05:47 PM

In General, personally do not use FW to do this task, but if this is your requirement, you need to apply and test (always Monitor outcome) - QoS requirement some monitor and tweaks based on the outcome day today (until it gets stable and working).

 

A good example  as below :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82310-qos-voip-vpn.html

https://community.cisco.com/t5/network-security/traffic-shaping-and-rate-limit-in-asa-firewall/td-p/2933362

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Tibor M
Level 1
Level 1
In response to balaji.bandi

‎04-05-2022 12:32 AM

thanks for links. where will be the best place to do? whole network and implement full qos on each switch? we have 2 nexus core switches in HSRP+VPC and there are connected access switches with 2x1gbps (each link to one nexus PO)

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Tibor M

‎04-05-2022 01:12 AM

may be worth post your network diagram how it look like to suggesdt best. do you have one ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Tibor M
Level 1
Level 1
In response to balaji.bandi

‎04-05-2022 03:01 AM

Sure, here it is - easy high level version. there are no special things, no dynamic routing, nothing more than VPC, HSRP, static routing.

network_topology_high_level_easy_diagram.png

0 Helpful

Tibor M
Level 1
Level 1
In response to Tibor M

‎04-11-2022 02:57 AM

@balaji.bandi Any thoughts?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card