ASA Rate Limt Help

I have a ASA 5510 that I now have to manage. It has four interfaces, lets say outside, inside1, inside2, and inside3. There are two different polices applied to two different interfaces.

The problem is people behind interface inside1 and inside2 have issues with downloading files from the internet. It starts off good but dies after a few seconds. Users on the third interface inside3 have no issues at all.

These are the policies applied to interface1 and 2. I just typed these by hand so there might be some errors for an actual ASA. I just want to point the input and output rate for each number.

Class-map Bandwidth-class
match access-list Bandwidth-acl

policy-map bandwidth-poicy1
class Bandwidth-class
policy output 2048000 1500
policy input 204800 1500

service-policy bandwidth-policy1 interface eth0/2

############################################################################

Class-map Bandwidth-class
match access-list Bandwidth-acl

policy-map bandwidth-poicy2
class Bandwidth-class
policy output 4096000 2048000
policy input  4096000 2048000

service-policy bandwidth-policy2 interface eth0/2
service-policy bandwidth-policy1 interface eth0/1


Can someone tell me what is going on and how to correct it? Is the burst rate what is causing the issue?




LVL 1
bml104Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
If you want to rate limit the traffic, you might consider using police instead of policy commands
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate

I'm not sure what you are trying to accomplish here. Are you trying to fix the issues with slow traffic on 2 out of 3 interfaces by implementing a QoS policy, or is there an existing policy that you think may be causing the problem?
0
bml104Author Commented:
The existing policy is causing the issue. As soon as I remove the policy from the interface then I no longer have issues. Anything I download with the policy in place dies after a few seconds.
0
bml104Author Commented:
I also had typos in the first post.


policy-map bandwidth-poicy2
class Bandwidth-class
police output 4096000 2048000
police input  4096000 2048000
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

lrmooreCommented:
The numbers come out to 4Mb bandwidth with 2M burst
Try to police just one direction, not both input and output. Police output first.
0
bml104Author Commented:
Since the policy is applied to the inside interface do I need to apply "police input"?  Since the traffic will actually be going in interface1 and then out the outside interface>?
0
lrmooreCommented:
Downloads are the opposite direction "in" on the outside and "out" on the inside interfaces
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.