05-05-2010 08:57 AM
Hi there,
I've a site to site VPN tunnel create with customer from local office. I'm concerned that the traffic on the tunnel in impacting the Internet bandwidth for the whole office. Is it possible to rate limit the bandwidth on the VPN tunnel. I've attached a configuration that shows the ASA configuration at the local office.
Any help would be much appreciate. I've looked at QoS mapping but finding it hard to make sense of it.
Many thanks,
Regards,
Michael.
Solved! Go to Solution.
05-05-2010 09:39 AM
The QoS features supported on ASA are:
Policing, LLQ and Traffic Shaping
To prevent individual flows from hogging the network bandwidth, you can limit the maximum bandwidth used per flow (using Policing)
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you configure,
thus ensuring that no one traffic flow or class can take over the entire resource.
When traffic exceeds the maximum rate, the ASA drops the excess traffic. Policing also sets the largest single burst of traffic allowed.
Example of Police options:
hostname(config-pmap)# class policing_map_name
hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst]
[conform-action [drop | transmit]] [exceed-action [drop | transmit]]
i.e
hostname(config)# class-map policing-class
hostname(config-cmap)# match any
hostname(config-cmap)# policy-map QoS_policy
hostname(config-pmap)# class police_class
hostname(config-pmap-c)# police output 56000 10500
The configuration depends based on ''what'' do you want to limit the bandwitdh.
Federico.
05-05-2010 09:01 AM
Michael,
You're looking for QoS.
Hope this link helps:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html
Federico.
05-05-2010 09:07 AM
Thanks Federico,
I was mainly wondering how it would fit into my configuration. Could you provide me a sample configuration that would work.
05-05-2010 09:39 AM
The QoS features supported on ASA are:
Policing, LLQ and Traffic Shaping
To prevent individual flows from hogging the network bandwidth, you can limit the maximum bandwidth used per flow (using Policing)
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you configure,
thus ensuring that no one traffic flow or class can take over the entire resource.
When traffic exceeds the maximum rate, the ASA drops the excess traffic. Policing also sets the largest single burst of traffic allowed.
Example of Police options:
hostname(config-pmap)# class policing_map_name
hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst]
[conform-action [drop | transmit]] [exceed-action [drop | transmit]]
i.e
hostname(config)# class-map policing-class
hostname(config-cmap)# match any
hostname(config-cmap)# policy-map QoS_policy
hostname(config-pmap)# class police_class
hostname(config-pmap-c)# police output 56000 10500
The configuration depends based on ''what'' do you want to limit the bandwitdh.
Federico.
05-05-2010 11:51 AM
Hi Federico, you've been a great help and I thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide