11-07-2014 02:18 AM - edited 03-11-2019 10:02 PM
We've implemented (or tried to) a rate limiting policy to drop http/https packets that exceed 4meg although it doesn't seem to work or have any impact on internet downloads as users are still able to download files and consume the full amount of bandwidth.
The ASA config is attached
The config was roughly based on content from this URL...
https://supportforums.cisco.com/discussion/10985866/traffic-rate-limiting-cisco-asa-5510
I must have missed something?
11-09-2014 08:10 PM
I am using
ASA Version 8.2(5)46
and as I know asa policy map works only in output direction
policy-map qos
class qos
police input 4000000
police output 4000000
now it works only when you upload data to web servers
if you want to limit speed when downloading data from web servers so you need to do
access-list http_traffic extended permit tcp any eq www any
access-list http_traffic extended permit tcp any eq https any
service-policy qos interface LAN
11-12-2014 10:07 PM
Hi,
if you have policy-map applied on the ASA Interface , it will be bidirectional.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wp1099596
Also , the ACL should be like this and then it will work:-
access-list http_traffic extended permit tcp any eq www any
access-list http_traffic extended permit tcp any eq https any
access-list http_traffic extended permit tcp any any eq www
access-list http_traffic extended permit tcp any any eq https
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide