Solved: Hi,

peteryouhannafawzy · ‎03-17-2016

By ASA5506 can limiting the users to not download any file exceeding the size of 20 MB for example ?

Aditya Ganjoo · ‎03-17-2016

Hi,

This means that if the traffic for the host 192.168.1.110 crosses 1 MB it would drop the traffic as the action has been specified as drop.

Please check the following link for more info:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_qos.html#wp1171926

Regards,

Aditya

Please rate helpful posts.

View solution in original post

Aditya Ganjoo · ‎03-17-2016

Hi,

You can configure traffic policing on the ASA.

Here is an example:

asa(config)# access-list AL-WEB-TRAFFIC permit tcp host 192.168.1.110 eq www any
asa(config-if)# class-map CM-POLICE-WEB
asa(config-cmap)# match access-list AL-WEB-TRAFFIC
asa(config-cmap)# policy-map PM-POLICE-WEB
asa(config-pmap)# class CM-POLICE-WEB
asa(config-pmap-c)# police input 1000000 conform-action transmit exceed-action drop
asa(config-pmap-c)# service-policy PM-POLICE-WEB interface outside

Regards,

Aditya

Please rate helpful posts.

peteryouhannafawzy · ‎03-17-2016

would you please tell me what this line do ,police input 1000000 conform-action transmit exceed-action drop ?

Aditya Ganjoo · ‎03-17-2016

Hi,

This means that if the traffic for the host 192.168.1.110 crosses 1 MB it would drop the traffic as the action has been specified as drop.

Please check the following link for more info:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_qos.html#wp1171926

Regards,

Aditya

Please rate helpful posts.

ASA5506 Download limitation