I'm setting up rate limiting on an ASA with the police command. I can't seem to find if this is a per host basis or if my entire group will be limited to the set threshold. If I use an ACL to include RFC 1918 and permit the rate limit on the inside interface outbound and set police to 10000000 will that include the entire object group or will that be on a per ip basis within the range?
My goal is to limit on a per user or IP basis to 10Mb.
object-group network RATE_LIMIT_PERMIT
access-list RATE_LIMIT_INTERNET_TRAFFIC extended permit ip object-group RATE_LIMIT_PERMIT any
match access-list RATE_LIMIT_INTERNET_TRAFFIC
police output 10000000 1875000
service-policy RATE_LIMIT_INET_POLICY interface inside
Thanks in advance,
... View more