Solved

Limit bandwidth on a single PC with Cisco ASA

Posted on 2008-06-09
6
1,574 Views
Last Modified: 2012-05-05
I try to test the QOS possibilities of the ASA5520 so i've throttle my IP but i didn't seem to slow down

And in the config i've put this

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config)# class-map myPC
hostname(config-cmap)# match access-list PC
hostname(config)# policy-map restrict_PC
hostname(config-pmap)# class myPC
hostname(config-pmap-c)# police output 256000 20000

service-policy restrict_PC interface outside

Is there anything wrong in my syntax ?
0
Comment
Question by:cegepdematane
  • 3
  • 2
6 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 21745037
How are you test throughput? you have defined 256K bps with max burst of 20K Bps.

Do the following;

show service-policy myPC, what do youo see? also look for ACL hits

-harbor235 ;}
0
 

Author Comment

by:cegepdematane
ID: 21745971
sh service-policy interface outside

Interface outside:
  Service-policy: restrict_PC
    Class-map: myPC
      Output police Interface outside:
        cir 256000 bps, bc 20000 bytes
        conformed 0 packets, 0 bytes; actions:  transmit
        exceeded 0 packets, 0 bytes; actions:  drop
        conformed 0 bps, exceed 0 bps

0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21746528
At the very least you seem to have a typo - myPC vs PC:

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config-cmap)# match access-list PC
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21746587
It's likely also an issue that you match again a 10 address on the outside interface.
0
 

Author Comment

by:cegepdematane
ID: 21750373
Sorry it was a mistake there were no typo error in my config ..only here

you've right it should be applied on the inside interface ?
0
 
LVL 15

Accepted Solution

by:
Voltz-dk earned 500 total points
ID: 21750578
Ya, unless you have alot of public IPs or don't need the granularity.  For what I understand you want to do, it should be on the inside interface.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 62
Cisco ASA 5506 4 59
VLAN Question 13 45
TZ400 2 7
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question