Please feel free to correct me but as I understand policing on the current version of the pix.
"Policing is applied only in the output direction."
So we can only police traffic which is leaving the pix. So in my secenario I have 150 vlans inside my pix (5 users on each) each of which needs internet access limited to 64Kb.
No I would like to police the traffic entering the inside interface to keep things simple. But I can't.
So the only solution is to police traffic leaving the Pix, which has been natted. So now I need each vlan to be natted to a different external ip address and then apply the QOS to each nat address.
Doesn't this seem a bit of an oversight, does anyone know a way of applying QOS before the nat is applied?
Thanks
Matt