Limit bandwidth usage across site to site VPN

I have a VPN set up between a cisco 2901 router and a Cisco ASA 5510. The VPN traffic bandwidth usage is a problem and I need to limit the bandwidth used across the vpn.

I applied the following configuration to my asa5510 inside and outside interface but it does not work. Can someone tell me what I am doing wrong? i am trying to limit the bandwidth usage by the VPN to 18 Mbps.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police output 18000000 20000


service-policy limit_to_18mbs interface inside
LVL 1
jimmylew52Asked:
Who is Participating?
 
djcaponeConnect With a Mentor Commented:
A couple things...

1.  A policer is only going to limit the bandwidth of outgoing traffic.  As such, you need to ensure that you limit both ends of the connection to allow 18Mbps Up and 18 Mbps Down only across the VPN.

2.  I can't tell for certain from the access-list command you posted, but I believe you are using the external interface IPs in the access-list.  You would want to use the internal subnets for the traffic you are looking to police.  You can actually use the same access-list that is used to describe the "interesting" traffic for the VPN tunnel.
0
 
jimmylew52Author Commented:
I am using the Lan IP for the ASA side and the RTR side. This is the same as the interesting traffic for the VPN tunnel.
0
 
jimmylew52Author Commented:
Figured it out.A minor change to the entries below was successful.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police input 18000000 20000


service-policy limit_to_18mbs interface inside

The policy, using the internal networks, has to to be applied to the input of the inside interface. The internal network is not recognized on the outside interface.
0
 
jimmylew52Author Commented:
Thanks for the comment. It let me know I was close to the solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.