Bandwidth restriction for FTP traffic on an ASA 5505

Hi,

We are looking to restrict the amount of Bandwidth a protocol can use through our ASA 5505.  We want the FTP protocol not to hog the full amount of bandwidth when somebody is downloading from an FTP site.
LVL 1
wannabecraigAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
montezzConnect With a Mentor Commented:
I found some instructions at http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/qos.html#wp1052885 but I have never used the ASDM for QoS.. You might want to test this before you use it in production. Heres the relevent part:

Step 1 Go to Configuration > Device Management > Advanced > Priority Queue, and click Add.

The Add Priority Queue dialog box displays.

Step 2 From the Interface drop-down list, choose the physical interface name on which you want to enable the priority queue, or for the ASA 5505, the VLAN interface name.

Step 3 To change the size of the priority queues, in the Queue Limit field, enter the number of average, 256-byte packets that the specified interface can transmit in a 500-ms interval.

A packet that stays more than 500 ms in a network node might trigger a timeout in the end-to-end application. Such a packet can be discarded in each network node.

Because queues are not of infinite size, they can fill and overflow. When a queue is full, any additional packets cannot get into the queue and are dropped (called tail drop). To avoid having the queue fill up, you can use this option to increase the queue buffer size.

The upper limit of the range of values for this option is determined dynamically at run time. The key determinants are the memory needed to support the queues and the memory available on the device.

The Queue Limit that you specify affects both the higher priority low-latency queue and the best effort queue.

Step 4 To specify the depth of the priority queues, in the Transmission Ring Limit field, enter the number of maximum 1550-byte packets that the specified interface can transmit in a 10-ms interval.

This setting guarantees that the hardware-based transmit ring imposes no more than 10-ms of extra latency for a high-priority packet.

This option sets the maximum number of low-latency or normal priority packets allowed into the Ethernet transmit driver before the driver pushes back to the queues on the interface to let them buffer packets until the congestion clears.

The upper limit of the range of values is determined dynamically at run time. The key determinants are the memory needed to support the queues and the memory available on the device.

The Transmission Ring Limit that you specify affects both the higher priority low-latency queue and the best-effort queue.

0
 
montezzCommented:
You want to implement QoS. How to configure QoS on the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/qos.html
0
 
montezzCommented:
Also I found a good example on another ExEx post:

(copied from http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_22998690.html )

hostname(config)# policy-map http_traffic_policy
hostname(config-pmap)# class http_traffic
hostname(config-pmap-c)# inspect http
hostname(config-pmap-c)# police output 250000
hostname(config)# service-policy http_traffic_policy interface outside

0
 
wannabecraigAuthor Commented:
Is there any way of doing this trough the ASDM?
0
All Courses

From novice to tech pro — start learning today.