cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

516
Views
0
Helpful
3
Replies
Highlighted
Beginner

traffic limit for internet traffic usig ASA 8.2

hi to everyone, i am checking another posts with the same question and use almost the same configurations

I am testing limit bandwith using my ASA 8.2,

i am trying to limit internet access for certains users , i order to save Bandwith for

the important things

but i can´t get any limitation

My configuration is the following, the acces list is just for my pc in order to test, and the service policy is  applied to

outside interface (called internet in my case)  for incoming traffic

access-list Internet_mpc_1 extended permit ip host 172.16.127.70 any

class-map Internet-class-TEST

match access-list Internet_mpc_1

policy-map Internet-policy-web

class Internet-class-TEST

   police output 1024000 1500

service-policy Internet-policy-web interface Internet

With show service policy i can´t see any activity on the policy , but if i do a similar configuration for inside interface outgoing traffic i can see

packets allowed and dropped

Thanks in advance for any help

Everyone's tags (6)
3 REPLIES 3
Highlighted
Frequent Contributor

traffic limit for internet traffic usig ASA 8.2

Maybe you need to include the NAT-ed public address in the ACL.

Highlighted
Frequent Contributor

traffic limit for internet traffic usig ASA 8.2

and setup the ACL with src any - dst host 172.16.127.70

the direction seems to be wrong

Highlighted
Beginner

traffic limit for internet traffic usig ASA 8.2

Hi, i have tried your suggestions but i have the same result, packets are not being checked and there´s no bandwith limitation, i have tested the same on inside interface and works OK, but if i put that rule it seems to me that the ASA will limit the bandwith just on inside interface, and traffic on outside interface will remain using the whole bandwith on that side

also if i used that policy bandwith limit will be apply in access to all the other interfaces including DMZ and  i dont want that

below is the configuration that i used on my inside interface and works, but how do the same on the outside interface ???

I used input and output police and packets entering and leaving the inside interface and packets in both directions are checked

policy-map LAN-policy

class LAN-trafico

  police input 1024000 1500

  police output 1024000 1500

service-policy LAN-policy interface LAN

class-map LAN-trafico-

match access-list LAN_mpc

access-list LAN_mpc extended permit ip  host 172.16.127.70  any

access-list LAN_mpc extended permit ip any host 172.16.127.70