bml104
asked on
ASA Rate Limt Help
I have a ASA 5510 that I now have to manage. It has four interfaces, lets say outside, inside1, inside2, and inside3. There are two different polices applied to two different interfaces.
The problem is people behind interface inside1 and inside2 have issues with downloading files from the internet. It starts off good but dies after a few seconds. Users on the third interface inside3 have no issues at all.
These are the policies applied to interface1 and 2. I just typed these by hand so there might be some errors for an actual ASA. I just want to point the input and output rate for each number.
Class-map Bandwidth-class
match access-list Bandwidth-acl
policy-map bandwidth-poicy1
class Bandwidth-class
policy output 2048000 1500
policy input 204800 1500
service-policy bandwidth-policy1 interface eth0/2
##########################
Class-map Bandwidth-class
match access-list Bandwidth-acl
policy-map bandwidth-poicy2
class Bandwidth-class
policy output 4096000 2048000
policy input 4096000 2048000
service-policy bandwidth-policy2 interface eth0/2
service-policy bandwidth-policy1 interface eth0/1
Can someone tell me what is going on and how to correct it? Is the burst rate what is causing the issue?
The problem is people behind interface inside1 and inside2 have issues with downloading files from the internet. It starts off good but dies after a few seconds. Users on the third interface inside3 have no issues at all.
These are the policies applied to interface1 and 2. I just typed these by hand so there might be some errors for an actual ASA. I just want to point the input and output rate for each number.
Class-map Bandwidth-class
match access-list Bandwidth-acl
policy-map bandwidth-poicy1
class Bandwidth-class
policy output 2048000 1500
policy input 204800 1500
service-policy bandwidth-policy1 interface eth0/2
##########################
Class-map Bandwidth-class
match access-list Bandwidth-acl
policy-map bandwidth-poicy2
class Bandwidth-class
policy output 4096000 2048000
policy input 4096000 2048000
service-policy bandwidth-policy2 interface eth0/2
service-policy bandwidth-policy1 interface eth0/1
Can someone tell me what is going on and how to correct it? Is the burst rate what is causing the issue?
ASKER
The existing policy is causing the issue. As soon as I remove the policy from the interface then I no longer have issues. Anything I download with the policy in place dies after a few seconds.
ASKER
I also had typos in the first post.
policy-map bandwidth-poicy2
class Bandwidth-class
police output 4096000 2048000
police input 4096000 2048000
policy-map bandwidth-poicy2
class Bandwidth-class
police output 4096000 2048000
police input 4096000 2048000
The numbers come out to 4Mb bandwidth with 2M burst
Try to police just one direction, not both input and output. Police output first.
Try to police just one direction, not both input and output. Police output first.
ASKER
Since the policy is applied to the inside interface do I need to apply "police input"? Since the traffic will actually be going in interface1 and then out the outside interface>?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate
I'm not sure what you are trying to accomplish here. Are you trying to fix the issues with slow traffic on 2 out of 3 interfaces by implementing a QoS policy, or is there an existing policy that you think may be causing the problem?