02-23-2010 07:04 AM - edited 03-11-2019 10:13 AM
Over the past couple of days I have read numerous articles and threads on QoS for the ASA 5510. Here is my scenario that I am looking for information about. My management will not allow me to block certain websites such as facebook, youtube, myspace etc. Is there a way in the ASA 5510 running Software 8.0(2) to limit the about of bandwidth these users receive while visiting these websites? ie If a set of users visit facebook, can I limit their bandwidth to 512k instead of letting them eat up all 5 of my t1's?
Thanks in Advance
Solved! Go to Solution.
02-25-2010 08:18 AM
Hi,
I would agree with the QoS configuration on the ASA.
You can use the MPF to configure QoS features such as policing and shaping very similar to an IOS router.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html
Federico.
02-25-2010 08:18 AM
Hi,
I would agree with the QoS configuration on the ASA.
You can use the MPF to configure QoS features such as policing and shaping very similar to an IOS router.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html
Federico.
02-25-2010 08:24 AM
Federico,
Thank you for your reply. I will review the link you posted as a solution.
Thank You
02-26-2010 08:48 AM
Federico had the first correct answer to this solution. I have spent the last couple of days deciphering the instructions and laying out the command structure to implement this solution. I really apprecaite everyones help and new the community would not let me down.
Thanks for all the great suggestions.
02-25-2010 02:00 PM
You cannot do it exactly as you would like. You can match on HTTP GET field but those cannot be used for QoS.
In other words you would only be able to do it by matching the traffic to these website according to their ip after resolving their ip.
Here is a link that has examples http://supportforums.cisco.com/docs/DOC-1230
I hope it helps
PK
02-26-2010 01:54 AM
Yes, I think it is.
The best way to do this is to look at the QoS guide at
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html
What you need to do is:
Define class-map for the traffic that you wish to limit.
You can fix YouTube, MySpace etc by doing a class map on the URL
BitTorrent & SkyPe requires a bit more native cunning, You need to look for the TCP ports. Blocking the TCP ports doesn't work, as they then jump onto port 80 and give you even more headache.
Then define the policy-map.
In preference to most of the examples, you need to SHAPE the traffic rather than Policing. Shaping allows the application to gracefully throttle the traffic, rather than policing which just kills the session.
Apply the policy to the inside interface of the ASA for traffic going into your network.
Try to keep the class map as simple as possible to avoid potential loading problems. Please tell me how you get on.
Best regards
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide