Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Limit bandwidth usage across site to site VPN

Posted on 2011-10-01
4
Medium Priority
?
1,789 Views
Last Modified: 2012-05-12
I have a VPN set up between a cisco 2901 router and a Cisco ASA 5510. The VPN traffic bandwidth usage is a problem and I need to limit the bandwidth used across the vpn.

I applied the following configuration to my asa5510 inside and outside interface but it does not work. Can someone tell me what I am doing wrong? i am trying to limit the bandwidth usage by the VPN to 18 Mbps.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police output 18000000 20000


service-policy limit_to_18mbs interface inside
0
Comment
Question by:jimmylew52
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 6

Accepted Solution

by:
djcapone earned 1500 total points
ID: 36898465
A couple things...

1.  A policer is only going to limit the bandwidth of outgoing traffic.  As such, you need to ensure that you limit both ends of the connection to allow 18Mbps Up and 18 Mbps Down only across the VPN.

2.  I can't tell for certain from the access-list command you posted, but I believe you are using the external interface IPs in the access-list.  You would want to use the internal subnets for the traffic you are looking to police.  You can actually use the same access-list that is used to describe the "interesting" traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36900411
I am using the Lan IP for the ASA side and the RTR side. This is the same as the interesting traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36903618
Figured it out.A minor change to the entries below was successful.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police input 18000000 20000


service-policy limit_to_18mbs interface inside

The policy, using the internal networks, has to to be applied to the input of the inside interface. The internal network is not recognized on the outside interface.
0
 
LVL 1

Author Closing Comment

by:jimmylew52
ID: 36903630
Thanks for the comment. It let me know I was close to the solution.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question