Solved

Bandwidth Throttling over Site-to-Site VPN

Posted on 2014-12-23
7
197 Views
Last Modified: 2015-01-12
I have two office's, and both offices have a 100M internet circuit.  The topology of both networks are identical, and I attached a network diagram.  I want to use 50M of each circuit for transferring some SQL backups from office 1 to office 2. These two offices do have a site to site VPN configured between them on the ASA5520's.  How would I limit the VPN traffic between these two sites to ensure I never went over 50M when transferring these SQL backups ?  Would these be done on the ASA or my Cisco Router that connects to the ISP?  Thanks.

Network Diagram
0
Comment
Question by:denver218
7 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40514907
The ASAs support traffic shaping/LLQ/policing, so you can do it there.
I believe policing will be the option you want (to ensure that the VPN pipe never exceeds a certain amount of BW).


Check this out:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_qos.html
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40515602
Yes its pretty simple, heres me doing the same for public traffic, you would just specify the source and destination IP in the ACL you use in your class-map
Cisco ASA 5500 - Throttling (Rate Limiting) Traffic



Pete
0
 
LVL 4

Author Comment

by:denver218
ID: 40533696
Thanks.  Sorry I didn't reply sooner, I've been pulled away working on other things.  So I would configure rate-limiting on both sides on the ASA firewalls correct?  What I wasn't sure about, was if I should configure rate limiting on the 3750-12G, which is my core switch and has all VLANs configure on.   In my diagram above, where you see the three 3560G-48 LAN switches, one of those is on VLAN 30.  VLAN 30 traffic is where the SQL dumps are, that will be transferred over the VPN to the other location.  Do I need to configure rate-limiting here as well, or just the ASA?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 57

Expert Comment

by:Pete Long
ID: 40533716
Just the ASA on both sides :)
0
 
LVL 1

Expert Comment

by:skipskip
ID: 40543830
Completely off topic, but there is absolutely no redundancy with single point of failures on every link in your network!

Have a read of this
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/campover.html
0
 
LVL 4

Author Comment

by:denver218
ID: 40544533
skipskip - Yes your comment was completely off topic.  Thanks for pointing out the obvious:)  It was designed like this on purpose, and there are procedures in place for link failure.   If zero downtime was absolute critical at these locations, well a different design approach would of been taken.  Please stay on topic next time.
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40544534
Thanks.  This  was the solution I used.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now