My network is allocated a total of 16 Public IP addresses, and my internet interface routes these to an ASA firewall. I would like to limit the traffic entering / exiting the public interface by the IP address it is destined to:
For example:
2.2.2.2 < BGP Interface IP (gi0/0) 1.1.1.1 < Inside Interface IP (gi0/1) 1.1.1.2 < Firewall IP 1.1.1.3 < Service 1 IP 1.1.1.4 < Service 2 IP 1.1.1.5 < Service 3 IP 1.1.1.6 < Service 4 IP
and so on and so fourth.
I would like to limit Service 3 to 3Mbps and Servive 4 to 10Mbps. How would I accomplish that? There are multiple ports opened behind these services, and there are NAT statements routing VLANS back out through these IP Addresses. The ASA is doing the NATing.
Here is a sanitized version of the relevant config portions:
!
interface GigabitEthernet0/0
description INTERNET-LINK
ip address 2.2.2.2 255.255.255.252
duplex full
speed 1000
!
interface GigabitEthernet0/1
description ROUTER-TO-FIREWALL
ip address 1.1.1.1 255.255.255.240
duplex full
speed 1000
!
interface GigabitEthernet0/2
shutdown
!
router bgp #####
bgp log-neighbor-changes
neighbor ############## remote-as ######
neighbor ############## password #################
!
address-family ipv4
no synchronization
redistribute connected
redistribute static
neighbor ############## activate
neighbor ############## soft-reconfiguration inbound
no auto-summary
exit-address-family
!
ip forward-protocol nd
!!
ip route 1.1.1.1 255.255.255.240 1.1.1.2
!
Thanks!