cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
373
Views
0
Helpful
2
Replies

Cisco ASA5510 v9.1 Allow specific protocols on vlan to outside

Robbert Tol
Level 1
Level 1

Hi there,

I Have an Cisco ASA5510 V9.1 with several VLAN's. One of the VLAN's (VLAN7) is an Guest Network.

I want the Guest network only allow specific protocols to the outside interface. For example only allow http,https,pptp.

Another question is to limit the bandwith on this VLAN7. So for example; i have an 60Mbit internet connection shared over the 7 VLAN's. To prevent VLAN7 to take to much bandwith i want for example a maximum throughput of 2Mbits.

Is this possible and how do i create those rules ?

Thanks

Robbert                  

2 Replies 2

Michael Muenz
Level 5
Level 5

With ASDM it's very easy to create the ACL's in the Vlan7 IF.

ASA can do a policing for specific ACL's (ASDM - configuration - firewall - service policy rules). Also very easy with ASDM

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

To limit the bandwidth used by the Guest network you could implemnt something like 
the following. The subnet 192.168.1.0/24 represents the guest network and Guest_int
represents the Guest network interface on the ASA.

access-list limit-bandwidth permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list limit-bandwidth tcp 192.168.1.0 255.255.255.0 any eq 443
access-list limit-bandwidth permit tcp 192.168.1.0 255.255.255.0 any eq 1723
class-map tcp_traffic match access-list limit-bandwidth

policy-map QoS

class tcp_traffic

police output 60000

 
service-policy QoS interface Guest_int

As for permit only certain protocols to the outside it is just a simple access list that needs to be applied to the Guest interface.

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 443

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 1723

access-group allowed_ports in interface Guest_int

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card