09-28-2009 11:06 PM - edited 02-21-2020 03:42 AM
Hi,
How can I manage on a asa 5500 the maximum inbound and outbound traffic for a vpn session?
thx,
Marc
10-08-2009 02:44 PM
AFAIK that is not a possibility. You may be able to restrict it to the tunnel-group that the AnyConnect clients are connecting to.
10-08-2009 10:19 PM
Hi, that would I see as a huge improvement for the asa 5550 if that would be possible!
The only thing I am searching for now is how to block or lower the bandwidth in use by p2p (bittorrent over the vpn connection).
NBAR does not work on a ASA 5550.
Thx,
Marc
10-09-2009 01:55 PM
Yes, it would be. The only way I can think of doing it per anyconnect client would be to create one acl per IP address that the client is going to get handed out, and then apply policing to it. Too much work though.
10-11-2009 04:34 AM
Have a look at this link for P2P, but it does not cover torrents specifically
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml
Regards
Farrukh
06-12-2013 07:03 AM
Hi Marc, I would probably use split tunnelling to keep internet traffic off your VPN tunnels, or failing that set up QOS on your network and limit the VPN to a certain portion of your overall bandwidth. With something like the below on the ASA you can limit how much of your bandwidth is allocated to your remote access or site-to-site connections by grouping them into classes and policing the bandwidth:
class PARTNER_CLASS
police input 2048000 768000
police output 2048000 768000
class VPN_CLASS
police input 6144000 48000
police output 6144000 48000
Obviously you'd also need a service policy applied to your outside interface, plus the ACL's, objects, etc, for the QOS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: