How to apply Policing on Cisco ASAs with leased lines?

m.junghage · ‎07-03-2012

Hi,

I'm trying to configure policing and/or shaping on a setup of 2 x ASA 5505 Sec Plus. The units are placed in office A and office B and each have a ISP connection to the internet and a leased line with a capacity of 4/4 Mbit/s for interoffice communication.

On each ASA there's four subnets. VLAN 200 is used to connect the offices through the leased line.

Subnets:

Outside = 2

Data = 10

Voice = 100

Linknet = 200

I've read a lot of articles and posts about shaping and policing on the ASA but still can't get it to work like I wan't to. I'm trying to limit all traffic besides IP-telephony traffic to 3 Mbit/s and thus reserving 900 Kbit/s for voice traffic. I tried setting a service-policy on the linknet interface on each ASA and set Traffic match to Any traffic and QoS settings for both input and output.

I can see traffic passing the policy when I run the "show service-policy police" command but it never seems to be high enough to be policed which is strange since the ASDM monitoring shows that I'm pushing 3900 kbit/s. I file transfers verifies that policing does'nt work.

Any clues where I should start looking?

Best regards

Markus

m.junghage · ‎07-09-2012

I've compiled a simple schematic showing the scenario described in my previous post.

m.junghage · ‎07-12-2012

I finally got shaping to work on the desired interface. I had the commands right the whole time but when I tried to configure a "class class-default" under a new "policy-map" I pressed TAB to call up the command instead of writing it. This actually sent me down a level and I got the "ERROR: % class-default is a well-known class and is not configurable under class-map" error.

A bit irritating error but I'm glad it worked out in the end.