[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Limit bandwidth usage across site to site VPN

Posted on 2011-10-01
4
Medium Priority
?
1,831 Views
Last Modified: 2012-05-12
I have a VPN set up between a cisco 2901 router and a Cisco ASA 5510. The VPN traffic bandwidth usage is a problem and I need to limit the bandwidth used across the vpn.

I applied the following configuration to my asa5510 inside and outside interface but it does not work. Can someone tell me what I am doing wrong? i am trying to limit the bandwidth usage by the VPN to 18 Mbps.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police output 18000000 20000


service-policy limit_to_18mbs interface inside
0
Comment
Question by:jimmylew52
  • 3
4 Comments
 
LVL 6

Accepted Solution

by:
djcapone earned 1500 total points
ID: 36898465
A couple things...

1.  A policer is only going to limit the bandwidth of outgoing traffic.  As such, you need to ensure that you limit both ends of the connection to allow 18Mbps Up and 18 Mbps Down only across the VPN.

2.  I can't tell for certain from the access-list command you posted, but I believe you are using the external interface IPs in the access-list.  You would want to use the internal subnets for the traffic you are looking to police.  You can actually use the same access-list that is used to describe the "interesting" traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36900411
I am using the Lan IP for the ASA side and the RTR side. This is the same as the interesting traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36903618
Figured it out.A minor change to the entries below was successful.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police input 18000000 20000


service-policy limit_to_18mbs interface inside

The policy, using the internal networks, has to to be applied to the input of the inside interface. The internal network is not recognized on the outside interface.
0
 
LVL 1

Author Closing Comment

by:jimmylew52
ID: 36903630
Thanks for the comment. It let me know I was close to the solution.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question