Cisco ASA5510 v9.1 Allow specific protocols on vlan to outside

Robbert Tol · ‎08-21-2013

Hi there,

I Have an Cisco ASA5510 V9.1 with several VLAN's. One of the VLAN's (VLAN7) is an Guest Network.

I want the Guest network only allow specific protocols to the outside interface. For example only allow http,https,pptp.

Another question is to limit the bandwith on this VLAN7. So for example; i have an 60Mbit internet connection shared over the 7 VLAN's. To prevent VLAN7 to take to much bandwith i want for example a maximum throughput of 2Mbits.

Is this possible and how do i create those rules ?

Thanks

Robbert

Michael Muenz · ‎08-23-2013

With ASDM it's very easy to create the ACL's in the Vlan7 IF.

ASA can do a policing for specific ACL's (ASDM - configuration - firewall - service policy rules). Also very easy with ASDM

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

Marius Gunnerud · ‎08-23-2013

To limit the bandwidth used by the Guest network you could implemnt something like 
the following. The subnet 192.168.1.0/24 represents the guest network and Guest_int
represents the Guest network interface on the ASA.

access-list limit-bandwidth permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list limit-bandwidth tcp 192.168.1.0 255.255.255.0 any eq 443
access-list limit-bandwidth permit tcp 192.168.1.0 255.255.255.0 any eq 1723

class-map tcp_traffic match access-list limit-bandwidth


policy-map QoS

class tcp_traffic

police output 60000

service-policy QoS interface Guest_int

As for permit only certain protocols to the outside it is just a simple access list that needs to be applied to the Guest interface.

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 443

access-list allowed_ports extended permit tcp 192.168.1.0 255.255.255.0 any eq 1723

access-group allowed_ports in interface Guest_int

--
Please remember to select a correct answer and rate helpful posts