Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2039
Views
0
Helpful
3
Replies

ASA 5520 vs ISA server 2006

Waisudin Farzam
Level 1
Level 1

‎03-28-2011 11:15 PM - edited ‎03-11-2019 01:14 PM

Dear all or any body

currently my firewall is Microsoft ISA Server 2006 and im using it very nicely but based on some security treats im changing my firewall from isa to ASA 5520 but im facing a problem that my i had installed on software name Soft Perfect Bandwdith Manager and i was limiting each users based on their MAC address to prevent using of full bandwidth in my internet so thats why i had a very relialble internet useage in my network.

after many search and searching i didnt find a good software or hardware that should support with Cisco ASA Apliances to support bandwidth management for endpoint users and etc and this is very troubel i dont want all users to use full badnwidth in my company becouse i have only 2MB internet badnwith taken via VSAT connection

so any body can help me or give me any linke of site for a software to get it or buy it to work same like that one or and good bandwidth manager software for ASA firewall.

with regards

Waisudin Farzam
SNE

P E: wfarzam@gmail.com
S E: wais.farzam@gmail.com
S: wais.farzam

Certified Cisco ID: CSCO11404095
CCNA, CCNP, CCNA Sec, and CCIE R&S v4.0 Written Certified
Labels:
0 Helpful
3 Replies 3

Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎03-29-2011 05:37 AM

Hi Waisudin,

The ASA supports traffic policing (bandwidth management), but i am not sure if you can do on the basis of mac-addresses.

However, you can match users based on the ip address and limit the bandwitdth used by them.

For example if you want to limit ip X to 64 kilo bits per second and ip Y to 128 kilo bits per second, then you can do the following config.

access-list list-x permit ip host X any

access-list list-x permit ip any host X

access-list list-y permit ip host Y any

access-list list-y permit ip any host Y

------ access-lists list-x and list-y, match the traffic that needs to be limited. So you need to finetune them for internet traffic-----------

class-map map-x

  match access-list list-x

class-map map-y

   match access-list list-y

policy-map traffic-map

  class map-x

     police input 64000

     police output 64000

  class map-y

     police input 128000

     police output 128000

service-policy traffic-map interface inside

assuming that the ip addresses X and Y are located on the inside interface.

I hope this was what you were looking for.

You can also lookup more on this subject on: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1071334

-Shrikant

PS: Please mark the question resolved, if it is answered; and please rate any helpful posts as well.

0 Helpful

Imran Irshad
Level 1
Level 1

‎03-29-2011 09:18 AM

Hi waisudin,

Regarding ISA server 2006 , If your AD/DNS Server IQ 100% set with your Domain users It will be work as you wanna.

But I would like to prefer you Cisco ASA 5520 with Cisco CSC SSM module.

http://www.cisco.com/en/US/products/ps6823/index.html.

Regards,

IA

0 Helpful

network770
Level 1
Level 1
In response to Imran Irshad

‎03-29-2011 10:23 AM

I actually have this setup in my environment and it works fairly well.  On a different note, I also have a 2800 router behind the firewall, do you recommend doing the rate limitation on the firewall or the router conneted to the inside of the firewall?  Any preference?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card