Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
3
Replies

ASA QoS Delma

majedalanni
Level 1
Level 1

‎02-07-2013 02:20 PM - edited ‎03-11-2019 05:57 PM

Hi All,

I have a question, if someone can help me with it, it so appreciated!!

I have Cisco ASA 5505 with OS 8.2(5). I have 3Mbps WAN connection to it. what I need is how to do limit interface itself for 3Mbps. and then shape the traffic and with ability to give a balance for IP address use the bandwidth as fair not used by on IP if it do a massive download or so.

Another question can I do a outbound policy to inside interface to control the download and outbound policy to outside interface to control the upload??

Thanks in advance

Mike

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎02-07-2013 07:05 PM

Hello,

I have Cisco ASA 5505 with OS 8.2(5). I have 3Mbps WAN connection to it. what I need is how to do limit interface itself for 3Mbps. and then shape the traffic and with ability to give a balance for IP address use the bandwidth as fair not used by on IP if it do a massive download or so.

A/ You got to chooce whether to police the traffic ( Drop the traffic that does not follow the restriction ) or prioritize the traffic ( Hold the traffic that exceeds the limit on a software queue) So you first got to determine witch one to use as both of them would restrict traffic to 3 Mbps if properly setup. Now regarding the balance between ip there is no way to accomplish that, you could configure priority for certain traffic but the ASA will not allow you to get that deep into QoS ( ASA was not build to provide QoS stuff but eventhough that is not it's job it provides a fair QoS infrastructure)

Another question can I do a outbound policy to inside interface to control the download and outbound policy to outside interface to control the upload??

A/Police can be applied on  more than one  interface whether using a dedicated per interface service policy or one global  , and police can be applied on any direction on a router but ASA speaking can be only applied on the outbound direction ... so if you want to do that you will be my guess

Give it a try and let us know the result

Regards,

Julio

Security Trainer

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

majedalanni
Level 1
Level 1
In response to Julio Carvajal

‎02-08-2013 06:26 AM

Thanks so much for your reply,

Really my main problem is that some users download something and that kills the bandwidth, so maybe we are going to look for another device that can help me with that. So even the new OS like V9 doesn't have any advance QoS?

So guest just for configuration or Lunch too

Mike

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to majedalanni

‎02-08-2013 09:26 AM

Hello,

You can do it majeda

The cisco documentation says that only outbound is possible but the input command is there and I have see many of posts with that so why don't you give it a try, I have seen it working so... I would say go for that.

It will be not that efficient because of the following statement:

The user has to bear in mind that traffic policed inbound on an interface cannot provide much as the packets have already hit the interface, which means they have already used the available bandwidth.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card