Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
1
Replies

Limit bandwidth by protocol with CAR over VPN

jmfernandez
Level 1
Level 1

‎02-14-2002 09:32 AM - edited ‎02-21-2020 11:36 AM

I have a VPN over internet with two Cisco 1710 routers, with NAT. It works fine. But I want to limit traffic over VPN with:

interface Ethernet0

rate-limit inpur access-group 103 8000 8000 8000 conform-action transmit exceed-action drop

access-list 103 permit tcp any any range ftp-data ftp

And with "sh access-list" ftp traffic never matches access-list 103. If I use "access-list 103 permit ip any any" then it matches access-list.

I think the problem is with access-lists based in protocol.

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

MATT HILL
Level 1
Level 1

‎02-19-2002 03:44 PM

What happens if you put two lines in the access-list, explicitly permitting 21 & 20 rather than specifying the range? Do you get hits then?

How do you know the hits on the second access-list (permit ip any any) are ftp hits? Could they be hits from other IP protocols, after all, "permit ip any any" is quite generic.

0 Helpful
Customers Also Viewed These Support Documents