ASA Rate Limt Help

I have a ASA 5510 that I now have to manage. It has four interfaces, lets say outside, inside1, inside2, and inside3. There are two different polices applied to two different interfaces.

The problem is people behind interface inside1 and inside2 have issues with downloading files from the internet. It starts off good but dies after a few seconds. Users on the third interface inside3 have no issues at all.

These are the policies applied to interface1 and 2. I just typed these by hand so there might be some errors for an actual ASA. I just want to point the input and output rate for each number.

Class-map Bandwidth-class
match access-list Bandwidth-acl

policy-map bandwidth-poicy1
class Bandwidth-class
policy output 2048000 1500
policy input 204800 1500

service-policy bandwidth-policy1 interface eth0/2

############################################################################

Class-map Bandwidth-class
match access-list Bandwidth-acl

policy-map bandwidth-poicy2
class Bandwidth-class
policy output 4096000 2048000
policy input  4096000 2048000

service-policy bandwidth-policy2 interface eth0/2
service-policy bandwidth-policy1 interface eth0/1


Can someone tell me what is going on and how to correct it? Is the burst rate what is causing the issue?




LVL 1
bml104Asked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Downloads are the opposite direction "in" on the outside and "out" on the inside interfaces
0
 
lrmooreCommented:
If you want to rate limit the traffic, you might consider using police instead of policy commands
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate

I'm not sure what you are trying to accomplish here. Are you trying to fix the issues with slow traffic on 2 out of 3 interfaces by implementing a QoS policy, or is there an existing policy that you think may be causing the problem?
0
 
bml104Author Commented:
The existing policy is causing the issue. As soon as I remove the policy from the interface then I no longer have issues. Anything I download with the policy in place dies after a few seconds.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
bml104Author Commented:
I also had typos in the first post.


policy-map bandwidth-poicy2
class Bandwidth-class
police output 4096000 2048000
police input  4096000 2048000
0
 
lrmooreCommented:
The numbers come out to 4Mb bandwidth with 2M burst
Try to police just one direction, not both input and output. Police output first.
0
 
bml104Author Commented:
Since the policy is applied to the inside interface do I need to apply "police input"?  Since the traffic will actually be going in interface1 and then out the outside interface>?
0
All Courses

From novice to tech pro — start learning today.