?
Solved

Bandwidth Throttling over Site-to-Site VPN

Posted on 2014-12-23
7
Medium Priority
?
236 Views
Last Modified: 2015-01-12
I have two office's, and both offices have a 100M internet circuit.  The topology of both networks are identical, and I attached a network diagram.  I want to use 50M of each circuit for transferring some SQL backups from office 1 to office 2. These two offices do have a site to site VPN configured between them on the ASA5520's.  How would I limit the VPN traffic between these two sites to ensure I never went over 50M when transferring these SQL backups ?  Would these be done on the ASA or my Cisco Router that connects to the ISP?  Thanks.

Network Diagram
0
Comment
Question by:denver218
7 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40514907
The ASAs support traffic shaping/LLQ/policing, so you can do it there.
I believe policing will be the option you want (to ensure that the VPN pipe never exceeds a certain amount of BW).


Check this out:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_qos.html
0
 
LVL 58

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 40515602
Yes its pretty simple, heres me doing the same for public traffic, you would just specify the source and destination IP in the ACL you use in your class-map
Cisco ASA 5500 - Throttling (Rate Limiting) Traffic



Pete
0
 
LVL 4

Author Comment

by:denver218
ID: 40533696
Thanks.  Sorry I didn't reply sooner, I've been pulled away working on other things.  So I would configure rate-limiting on both sides on the ASA firewalls correct?  What I wasn't sure about, was if I should configure rate limiting on the 3750-12G, which is my core switch and has all VLANs configure on.   In my diagram above, where you see the three 3560G-48 LAN switches, one of those is on VLAN 30.  VLAN 30 traffic is where the SQL dumps are, that will be transferred over the VPN to the other location.  Do I need to configure rate-limiting here as well, or just the ASA?
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
LVL 58

Expert Comment

by:Pete Long
ID: 40533716
Just the ASA on both sides :)
0
 
LVL 1

Expert Comment

by:skipskip
ID: 40543830
Completely off topic, but there is absolutely no redundancy with single point of failures on every link in your network!

Have a read of this
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/campover.html
0
 
LVL 4

Author Comment

by:denver218
ID: 40544533
skipskip - Yes your comment was completely off topic.  Thanks for pointing out the obvious:)  It was designed like this on purpose, and there are procedures in place for link failure.   If zero downtime was absolute critical at these locations, well a different design approach would of been taken.  Please stay on topic next time.
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40544534
Thanks.  This  was the solution I used.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Considering cloud tradeoffs and determining the right mix for your organization.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question