Solved

Limit bandwidth usage across site to site VPN

Posted on 2011-10-01
4
1,681 Views
Last Modified: 2012-05-12
I have a VPN set up between a cisco 2901 router and a Cisco ASA 5510. The VPN traffic bandwidth usage is a problem and I need to limit the bandwidth used across the vpn.

I applied the following configuration to my asa5510 inside and outside interface but it does not work. Can someone tell me what I am doing wrong? i am trying to limit the bandwidth usage by the VPN to 18 Mbps.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police output 18000000 20000


service-policy limit_to_18mbs interface inside
0
Comment
Question by:jimmylew52
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 6

Accepted Solution

by:
djcapone earned 500 total points
ID: 36898465
A couple things...

1.  A policer is only going to limit the bandwidth of outgoing traffic.  As such, you need to ensure that you limit both ends of the connection to allow 18Mbps Up and 18 Mbps Down only across the VPN.

2.  I can't tell for certain from the access-list command you posted, but I believe you are using the external interface IPs in the access-list.  You would want to use the internal subnets for the traffic you are looking to police.  You can actually use the same access-list that is used to describe the "interesting" traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36900411
I am using the Lan IP for the ASA side and the RTR side. This is the same as the interesting traffic for the VPN tunnel.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 36903618
Figured it out.A minor change to the entries below was successful.

access-list limit_18mbs extended permit ip asa.x0.1.0 255.255.255.0 RTR.168.1.10 255.255.255.0


class-map limit_18mbs
match access-list limit_18mbs

policy-map limit_to_18mbs
class limit_18mbs
police input 18000000 20000


service-policy limit_to_18mbs interface inside

The policy, using the internal networks, has to to be applied to the input of the inside interface. The internal network is not recognized on the outside interface.
0
 
LVL 1

Author Closing Comment

by:jimmylew52
ID: 36903630
Thanks for the comment. It let me know I was close to the solution.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question