04-21-2009 12:13 AM
Can I police bandwidth for my VPN sessions on ASA?
I didn't find that in ASDM
04-21-2009 02:59 AM
You would need to write an ACL with destination/source IP then apply the bw limitations based on the ACL.
HTH>
04-21-2009 03:10 AM
With this I will not police VPN session. I will police all VPN traffic. Am I right?
04-21-2009 03:18 AM
MMMM that all depends on how you have your VPN tunnels configured and where you actually apply the policy.
If the traffic is entering a VPN tunnel over the internet - simple QoS will not fix the issue.....as how can you tell the VPN encrypting device there is congestion 2 hops away in the internet - you can't.
Please explain your issue and topology with as much detail as you have and lets see if we can fix it. All info in a diagram would be best - real IP addresses are not required for this.
HTH>
04-21-2009 03:54 AM
Inside -> ASA <- INTERNET
Users from Internet connects via Cisco VPN Client with ASA. Some users take too much bandwidth. I want to fix that, I want to allocate bandwidth for each VPN sessions and police or shape them with threshold 1Mbps
04-21-2009 04:46 AM
OK - not sure if you can do it per users/session, but I suppose if each user gets a specific IP every time then it's possible.
In the past I have performed QoS Policing on a specific group of users = the tunnel remtoe VPN group.
HTH>
04-23-2009 09:43 AM
Maybe this will be helpful.
04-23-2009 08:09 PM
This link doesn't open
Forbidden File or Application
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide