Link to home
Start Free TrialLog in
Avatar of dms_it
dms_it

asked on

Cisco ASA 9.1 - Possible to police individual flows within a set bandwidth cap?

In this scenario, there is a 10Mb pipe out of the ASA to ISP1. The goal is to police inbound/outbound traffic to inside subnet X.X.X.X/24 to use a max of 8Mb of that pipe. This I've accomplished with a service policy on the ISP1 interface, with the observed behaviour being that download 1 will take up all 8Mb, then when a second download starts, they will begin to share the 8Mb, then a third starts and again they will all share the pipe evenly, so the aggregate of the flows continues to use a max of 8Mb. But I'm trying to determine if there's a way to police the individual flows in the subnet. Meaning "hey you subnet X, flows to/from IPs in your range can only use up to 5Mb each, with your aggregate total being 8Mb".
SOLUTION
Avatar of dms_it
dms_it

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavener
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dms_it
dms_it

ASKER

Thanks. The idea is to be able to limit individual users or groups of users to lower bandwidths than is available on a given circuit.