Cisco ASA Bandwidth Control
Posted on 2014-02-11
At my current job we are having issues with making the most out of limited bandwidth. We were trying Untangle, but this is out of our price range.
So in the absence of something like untangle, I was thinking that we make the most out of our ASA, which is paid for already.
I have a CCNA, which I just got recently, but don't have that much actual experience and ASA's are not really within the scope of that cert anyways.
Based on some googlefoo, I know there is traffic policing and shaping policies that can be configured on this device. The former being applied to inside and outside, dropping packets if they exceed whatever, the latter being only appliable to the outside interface and dependent on RAM for buffering (which I am worried will be overloaded).
This ASA has a lot of pre-existing configurations and provides not only internet access, but VPN access.
I would love to be able create some kind of rule, policing or shaping to throttle internal users connection to the internet (IE not affecting LAN access) to only have 300 kbits a second bandwidth each regardless of what protocol they are using. IE the idea being that no one user can saturate the entire connection...which they currently can if the source has more bandwidth than us.
I am looking for a simple command and explanation to do this or an explanation as to why this is not possible and maybe the next best alternative command. Also, just to confirm which interface would such a rule be applied to? Internal? I don't want this to throttle internal LAN communications, just communications to the internet.
Thanks for your help and feedback.