12-24-2010 04:29 PM - edited 03-11-2019 12:27 PM
I have configured the policy-map on the interface inside of my ASA with conform action "transmit" and exceed action "drop". But when I execute the command "sh service-policy interface inside", I obtain the following:
Input police Interface inside:
cir 512000 bps, bc 16000 bytes
conformed 2562 packets, 521365 bytes; actions: drop
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
The ASA is running 8.2(1).
Is it a known issue ?
Solved! Go to Solution.
12-25-2010 07:07 PM
Hi,
Yes the action should be transmit.
I think you are running version 8.2(1). If yes, you are running into a bug. Bug ID is CSCta3309. You can logging using your CCO and read about the bug details.
The bug is resolved in the following releases :
8.2(4)
8.3(0.0)
8.1(2.30)
8.2(2.99)
Hope this answers your question
Cheers,
Manasi!!
12-24-2010 05:40 PM
Hi,
Could you paste the relevant configuration of the concerned class-map and policy-map ?
Cheers,
Manasi
12-25-2010 09:53 AM
Thank you for your response. Following the configuration and the show command output.
sh runn:
!
access-list LAN-SERVER-FLOW extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.2.2 eq exec
access-list LAN-OTHERS-FLOW extended permit ip 192.168.1.0 255.255.255.0 any
access-list SERVER-LAN-FLOW extended permit tcp host 192.168.2.2 eq exec 192.168.1.0 255.255.255.0
access-list OTHERS-LAN-FLOW extended permit ip any 192.168.1.0 255.255.255.0
!
!
class-map LAN-SERVER-CMAP
match access-list LAN-SERVER-FLOW
class-map LAN-OTHERS-CMAP
match access-list LAN-OTHERS-FLOW
class-map SERVER-LAN-CMAP
match access-list SERVER-LAN-FLOW
class-map OTHERS-LAN-CMAP
match access-list OTHERS-LAN-FLOW
!
policy-map INSIDE-PMAP
class LAN-SERVER-CMAP
police input 512000
class LAN-OTHERS-CMAP
police input 512000 1500
class SERVER-LAN-CMAP
police output 512000
class OTHERS-LAN-CMAP
police output 512000 1500
!
service-policy INSIDE-PMAP interface inside
!
sh service-policy interface inside:
Interface inside:
Service-policy: INSIDE-PMAP
Class-map: LAN-SERVER-CMAP
Input police Interface inside:
cir 512000 bps, bc 16000 bytes
conformed 2562 packets, 521365 bytes; actions: drop
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
Class-map: LAN-OTHERS-CMAP
Input police Interface inside:
cir 512000 bps, bc 1500 bytes
conformed 118107 packets, 16854191 bytes; actions: drop
exceeded 16 packets, 21884 bytes; actions: drop
conformed 1128 bps, exceed 0 bps
Class-map: SERVER-LAN-CMAP
Output police Interface inside:
cir 512000 bps, bc 16000 bytes
conformed 1036 packets, 409939 bytes; actions: drop
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
Class-map: OTHERS-LAN-CMAP
Output police Interface inside:
cir 512000 bps, bc 1500 bytes
conformed 127118 packets, 96002426 bytes; actions: drop
exceeded 4966 packets, 7005206 bytes; actions: drop
conformed 1096 bps, exceed 0 bps
12-25-2010 07:07 PM
Hi,
Yes the action should be transmit.
I think you are running version 8.2(1). If yes, you are running into a bug. Bug ID is CSCta3309. You can logging using your CCO and read about the bug details.
The bug is resolved in the following releases :
8.2(4)
8.3(0.0)
8.1(2.30)
8.2(2.99)
Hope this answers your question
Cheers,
Manasi!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: