Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
0
Helpful
3
Replies

traffic limit for internet traffic usig ASA 8.2

Miguel Ortega
Level 1
Level 1

‎11-28-2012 04:57 AM - edited ‎03-11-2019 05:29 PM

hi to everyone, i am checking another posts with the same question and use almost the same configurations

I am testing limit bandwith using my ASA 8.2,

i am trying to limit internet access for certains users , i order to save Bandwith for

the important things

but i can´t get any limitation

My configuration is the following, the acces list is just for my pc in order to test, and the service policy is  applied to

outside interface (called internet in my case)  for incoming traffic

access-list Internet_mpc_1 extended permit ip host 172.16.127.70 any

class-map Internet-class-TEST

match access-list Internet_mpc_1

policy-map Internet-policy-web

class Internet-class-TEST

   police output 1024000 1500

service-policy Internet-policy-web interface Internet

With show service policy i can´t see any activity on the policy , but if i do a similar configuration for inside interface outgoing traffic i can see

packets allowed and dropped

Thanks in advance for any help

Labels:
0 Helpful
3 Replies 3

Peter Koltl
Level 7
Level 7

‎11-28-2012 01:59 PM

Maybe you need to include the NAT-ed public address in the ACL.

0 Helpful

Peter Koltl
Level 7
Level 7
In response to Peter Koltl

‎11-28-2012 02:02 PM

and setup the ACL with src any - dst host 172.16.127.70

the direction seems to be wrong

0 Helpful

Miguel Ortega
Level 1
Level 1
In response to Peter Koltl

‎11-29-2012 07:35 AM

Hi, i have tried your suggestions but i have the same result, packets are not being checked and there´s no bandwith limitation, i have tested the same on inside interface and works OK, but if i put that rule it seems to me that the ASA will limit the bandwith just on inside interface, and traffic on outside interface will remain using the whole bandwith on that side

also if i used that policy bandwith limit will be apply in access to all the other interfaces including DMZ and  i dont want that

below is the configuration that i used on my inside interface and works, but how do the same on the outside interface ???

I used input and output police and packets entering and leaving the inside interface and packets in both directions are checked

policy-map LAN-policy

class LAN-trafico

  police input 1024000 1500

  police output 1024000 1500

service-policy LAN-policy interface LAN

class-map LAN-trafico-

match access-list LAN_mpc

access-list LAN_mpc extended permit ip  host 172.16.127.70  any

access-list LAN_mpc extended permit ip any host 172.16.127.70

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card