Solved

Bandwidth Throttling over Site-to-Site VPN

Posted on 2014-12-23
7
216 Views
Last Modified: 2015-01-12
I have two office's, and both offices have a 100M internet circuit.  The topology of both networks are identical, and I attached a network diagram.  I want to use 50M of each circuit for transferring some SQL backups from office 1 to office 2. These two offices do have a site to site VPN configured between them on the ASA5520's.  How would I limit the VPN traffic between these two sites to ensure I never went over 50M when transferring these SQL backups ?  Would these be done on the ASA or my Cisco Router that connects to the ISP?  Thanks.

Network Diagram
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40514907
The ASAs support traffic shaping/LLQ/policing, so you can do it there.
I believe policing will be the option you want (to ensure that the VPN pipe never exceeds a certain amount of BW).


Check this out:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_qos.html
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40515602
Yes its pretty simple, heres me doing the same for public traffic, you would just specify the source and destination IP in the ACL you use in your class-map
Cisco ASA 5500 - Throttling (Rate Limiting) Traffic



Pete
0
 
LVL 4

Author Comment

by:denver218
ID: 40533696
Thanks.  Sorry I didn't reply sooner, I've been pulled away working on other things.  So I would configure rate-limiting on both sides on the ASA firewalls correct?  What I wasn't sure about, was if I should configure rate limiting on the 3750-12G, which is my core switch and has all VLANs configure on.   In my diagram above, where you see the three 3560G-48 LAN switches, one of those is on VLAN 30.  VLAN 30 traffic is where the SQL dumps are, that will be transferred over the VPN to the other location.  Do I need to configure rate-limiting here as well, or just the ASA?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:Pete Long
ID: 40533716
Just the ASA on both sides :)
0
 
LVL 1

Expert Comment

by:skipskip
ID: 40543830
Completely off topic, but there is absolutely no redundancy with single point of failures on every link in your network!

Have a read of this
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/campover.html
0
 
LVL 4

Author Comment

by:denver218
ID: 40544533
skipskip - Yes your comment was completely off topic.  Thanks for pointing out the obvious:)  It was designed like this on purpose, and there are procedures in place for link failure.   If zero downtime was absolute critical at these locations, well a different design approach would of been taken.  Please stay on topic next time.
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40544534
Thanks.  This  was the solution I used.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question