Hi,if you have policy-map

andy_4578 · ‎11-07-2014

We've implemented (or tried to) a rate limiting policy to drop http/https packets that exceed 4meg although it doesn't seem to work or have any impact on internet downloads as users are still able to download files and consume the full amount of bandwidth.

The ASA config is attached

The config was roughly based on content from this URL...

https://supportforums.cisco.com/discussion/10985866/traffic-rate-limiting-cisco-asa-5510

I must have missed something?

Tagir Temirgaliyev · ‎11-09-2014

I am using

ASA Version 8.2(5)46

and as I know asa policy map works only in output direction

policy-map qos

class qos

~~police input 4000000~~

police output 4000000

now it works only when you upload data to web servers

if you want to limit speed when downloading data from web servers so you need to do

access-list http_traffic extended permit tcp any eq www any

access-list http_traffic extended permit tcp any eq https any

service-policy qos interface LAN

Vibhor Amrodia · ‎11-12-2014

Hi,

if you have policy-map applied on the ASA Interface , it will be bidirectional.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wp1099596

Also , the ACL should be like this and then it will work:-

access-list http_traffic extended permit tcp any eq www any

access-list http_traffic extended permit tcp any eq https any

access-list http_traffic extended permit tcp any any eq www

access-list http_traffic extended permit tcp any any eq https

Thanks and Regards,

Vibhor Amrodia

Rate limit http/https traffic on Cisco ASA5510 firewall