cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2289
Views
115
Helpful
77
Replies
Highlighted
Participant

Re: Community Ask Me Anything - Secure Remote Workers

Hi,

Please guide how to apply qos  for anyconnec users ?

Is it possible on ssp asa devices? 

The requirement is to give  1 Mb for each users , Remote desktop users complaining about the performance 

and also sql client users ( desktop apps  connected to sql server from remote ) .

how to  troubleshoot the sql server /database  disconnection when users are connected from remote using anyconnect 

Thanks 

 

 

Highlighted
Cisco Employee

Re: Community Ask Me Anything - Secure Remote Workers

Hi,

You would need to check the traffic when it gets decrypted (clear text traffic). Anyconnect would treat the SQL/DB traffic as it is doing for other traffic. You also need to ensure that the device is not overwhelmed with the VPN traffic.

Please check the ASA datasheets for more info on the throughput provided by ASA with VPN services.

Unfortunately, there is no method to throttle or rate-limit traffic per Anyconnect session on the ASA.

You can limit all AnyConnect users or remote access VPN users collectively to a certain bandwidth. Below is the sample configuration:

access-list 101 extended permit ip internal_Resource_IP internal_Resource_Mask anyconnect_IP_Pool anyconnect_Mask

class-map remote-access
match access-list 101

policy-map outside-policy
class remote-access
police output 1000000 <-- this value is 1 Mb in bits

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/firewall/asa-98-firewall-config/conns-qos.html#ID-2133-000002dd


Highlighted
Cisco Employee

Re: Community Ask Me Anything - Secure Remote Workers

Please check this link for the IP config and best practices:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/asdm78/general/asdm-78-general-config/intro-fw.html

 

For more clarity, please post the query on this forum:

 

https://community.cisco.com/t5/network-security/bd-p/discussions-network-security