Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
4
Replies

Rate-limit seems to not work

Dru Goradia
Level 1
Level 1

‎10-24-2013 10:37 AM - edited ‎03-11-2019 07:56 PM

When we use Aspera, it maxes out our bandwidth and we cannot do anything else while the download is going on.

3220ASA1# sh conn add 192.168.0.105 prot udp

110 in use, 509 most used

UDP outside 153.7.233.153:33001 inside 192.168.0.105:60064, idle 0:00:00, bytes 573048376, flags -

I want to rate-limit the UDP port 33001 that aspera uses, here is that part of my config. I applied the QoS to both the inside and outside interface for port 33001.

ASA Version 8.6(1)

access-list outside_mpc extended permit udp any any eq 33001

access-list inside_mpc_1 extended permit udp any any eq 33001

!

class-map inside-class

match access-list inside_mpc_1

class-map outside-class

match access-list outside_mpc

!

policy-map outside-policy

class outside-class

  police input 100000 1500

  police output 100000 1500

policy-map inside-policy

class httptraffic

  inspect http http_inspection_policy

class inside-class

  police input 100000 1500

  police output 100000 1500

!

service-policy outside-policy interface outside

service-policy inside-policy interface inside

Do I have this wrong? The ASDM is still showing traffic as much higher than the 100kbps I want to limit to.

Labels:
0 Helpful
4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-24-2013 01:41 PM

Hello Dru,

I would actually do it like this

policy-map outside-policy

class outside-class

  police output 100000 1500

policy-map inside-policy

class httptraffic

  inspect http http_inspection_policy

class inside-class

  police input 100000 1500

Then I would apply the service-policy and then do clear local-host

Let me know how it goes

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Dru Goradia
Level 1
Level 1

‎10-24-2013 05:14 PM

After speaking with TAC we were able to police the traffic internally but as it's UDP the source server just kept throwing the packets at us, maxing out the bandwith. I was told that the only workaround is to get the ISP to limit it.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Dru Goradia

‎10-24-2013 06:22 PM

Hello Dru,

What do U mean?

Who is the one that innitiates the connection, the server on the inside of an outside user???

Did u Try what I suggested?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Todd Kelly
Level 1
Level 1

‎04-19-2016 02:09 PM

Having the same issues. Did the recommendation from Julio help you? I would like to know if this has resolved your issue.

Thanks.

Todd

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card