Cisco QOS on ASA confusion

Random44F · ‎09-23-2013

Hi All,

I am applying qos on my traffic on few different virtual interfaces that I have .

I have applies the shape and police on the internal interfaces as opposed to external on internet .

For example

I have

Internet

Internal 1 192.168.0.1

Internal 2 192.168.0.1

I know shape is for output or upload only and police is for download/upload or input, am I correct ?

Now lets imagine we have my asa called asa1 and another website called yahoo

When someone behind network internal 1 tries to download from yahoo below is the process as I understand it

internal 1 send the traffic out to input of internet on asa then asa internet will forward this from output asa to yahoo . Yahoo then sends the data back which goes to internet in and then out to internal in and then out to internal out which is the host , is that right ?

so here is where I get confused,

I apply police output 3mbps to internal 1 which means all upload should be limited to 3 mb but that restricts the download as opposed to upload which is confusing me

unless my explanation above is incorrect then there is something wrong with my asa

manu thanks

Wantser1981_2 · ‎09-24-2013

Hi there,

What you look to have done is applied a restriction in the wrong direction. Output from the internal interface is the download of the HTTP connection. The traffic out of the internal interface is heading towards your requesting host so that is why you have limited the download speed rather than upload.

If you were to place the output restriction to the interface to your ISP, the upload of the http connection would be restricted and the download left alone.

Hope that helps.

Andy