?
Solved

Limit bandwidth usage across site to site VPN

Posted on 2011-10-01
4
Medium Priority
?
1,720 Views
Last Modified: 2012-05-12
I have a VPN set up between a cisco 2901 router and a Cisco ASA 5510. The VPN traffic bandwidth usage is a problem and I need to limit the bandwidth used across the vpn.

I applied the following configuration to my asa5510 inside and outside interface but it does not work. Can someone tell me what I am doing wrong? i am trying to limit the bandwidth usage by the VPN to 18 Mbps.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police output 18000000 20000


service-policy limit_to_18mbs interface inside
0
Comment
Question by:jimmylew52
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 6

Accepted Solution

by:
djcapone earned 1500 total points
ID: 36898465
A couple things...

1.  A policer is only going to limit the bandwidth of outgoing traffic.  As such, you need to ensure that you limit both ends of the connection to allow 18Mbps Up and 18 Mbps Down only across the VPN.

2.  I can't tell for certain from the access-list command you posted, but I believe you are using the external interface IPs in the access-list.  You would want to use the internal subnets for the traffic you are looking to police.  You can actually use the same access-list that is used to describe the "interesting" traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36900411
I am using the Lan IP for the ASA side and the RTR side. This is the same as the interesting traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36903618
Figured it out.A minor change to the entries below was successful.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police input 18000000 20000


service-policy limit_to_18mbs interface inside

The policy, using the internal networks, has to to be applied to the input of the inside interface. The internal network is not recognized on the outside interface.
0
 
LVL 1

Author Closing Comment

by:jimmylew52
ID: 36903630
Thanks for the comment. It let me know I was close to the solution.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question