?
Solved

Limit bandwidth on a single PC with Cisco ASA

Posted on 2008-06-09
6
Medium Priority
?
1,582 Views
Last Modified: 2012-05-05
I try to test the QOS possibilities of the ASA5520 so i've throttle my IP but i didn't seem to slow down

And in the config i've put this

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config)# class-map myPC
hostname(config-cmap)# match access-list PC
hostname(config)# policy-map restrict_PC
hostname(config-pmap)# class myPC
hostname(config-pmap-c)# police output 256000 20000

service-policy restrict_PC interface outside

Is there anything wrong in my syntax ?
0
Comment
Question by:cegepdematane
  • 3
  • 2
6 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 21745037
How are you test throughput? you have defined 256K bps with max burst of 20K Bps.

Do the following;

show service-policy myPC, what do youo see? also look for ACL hits

-harbor235 ;}
0
 

Author Comment

by:cegepdematane
ID: 21745971
sh service-policy interface outside

Interface outside:
  Service-policy: restrict_PC
    Class-map: myPC
      Output police Interface outside:
        cir 256000 bps, bc 20000 bytes
        conformed 0 packets, 0 bytes; actions:  transmit
        exceeded 0 packets, 0 bytes; actions:  drop
        conformed 0 bps, exceed 0 bps

0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21746528
At the very least you seem to have a typo - myPC vs PC:

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config-cmap)# match access-list PC
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21746587
It's likely also an issue that you match again a 10 address on the outside interface.
0
 

Author Comment

by:cegepdematane
ID: 21750373
Sorry it was a mistake there were no typo error in my config ..only here

you've right it should be applied on the inside interface ?
0
 
LVL 15

Accepted Solution

by:
Voltz-dk earned 2000 total points
ID: 21750578
Ya, unless you have alot of public IPs or don't need the granularity.  For what I understand you want to do, it should be on the inside interface.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
The video provides a quick and easy steps to migrate MBOX file to well known Outlook PST and Office 365. Besides this, it also supports and migrates more than 20 email clients of MBOX which include AppleMail, Opera, Thunderbird and SeaMonkey effortl…
Suggested Courses
Course of the Month5 days, 20 hours left to enroll

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question