Source
This configuration will not work as the rate limiting is not bidirectional and the other thing it should be configured on your inside interface but in your case you have rate limiting configured it on your outside interface. If you want this to enable on your all the interface then apply service policy onto global . So that this way the policy map will be applied to all the interfaces.
To activate the policy map on one or more interfaces, enter the following command:
hostname(config)# service-policy policymap_name {global | interface interface_name}
Where global applies the policy map to all interfaces, and interface applies the policy to one interface. Only one global policy is allowed. Interface service policies take precedence over the global service policy for a given feature.
For example, if you have a global policy with inspections, and an interface policy with TCP normalization, then both inspections and TCP normalization are applied to the interface. However, if you have a global policy with inspections, and an interface policy with inspections, then only the interface policy inspections are applied to that interface.
With the new modular policy framework (MPF) introduced in ASA versions 7.x and 8.x, the firewall administrator is now able to apply policing and rate limiting to traffic passing through the ASA appliance. I got a few questions from people how this functionality works and decided to throw in a quick example below which you can easily modify accordingly to match your needs.
Scenario:
We want to rate limit a local internal host when accessing a specific external public server. The local host is 192.168.1.10 and the external public server is 100.100.100.1. We need to limit the traffic to 100kbps and burst size 8000.
Configuration Snippet:
ASA(config)#access-list rate-limit-acl extended permit ip host 192.168.1.10 host 100.100.100.1
ASA(config)#class-map rate-limit
ASA(config-cmap)#match access-list rate-limit-acl
ASA(config)#policy-map limit-policy
ASA(config-pmap)#class rate-limit
ASA(config-pmap-c)#police output 100000 8000
ASA(config)#service-policy limit-policy interface outside
For detail in this regard Kindly go through the following referencce page for all the configuration related information for Bandwidth Management(Rate Limit) Using QoS Policies
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate
For configuring the rate limits through ASDM kindly go through the following link:
http://flylib.com/books.php?ln=en&n=2&p=464&c=186&p1=1&c1=1&c2=231&view=1
On Cisco ASA 8.x find th following:
http://www1.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html
http://www1.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1075478
This configuration will not work as the rate limiting is not bidirectional and the other thing it should be configured on your inside interface but in your case you have rate limiting configured it on your outside interface. If you want this to enable on your all the interface then apply service policy onto global . So that this way the policy map will be applied to all the interfaces.
To activate the policy map on one or more interfaces, enter the following command:
hostname(config)# service-policy policymap_name {global | interface interface_name}
Where global applies the policy map to all interfaces, and interface applies the policy to one interface. Only one global policy is allowed. Interface service policies take precedence over the global service policy for a given feature.
For example, if you have a global policy with inspections, and an interface policy with TCP normalization, then both inspections and TCP normalization are applied to the interface. However, if you have a global policy with inspections, and an interface policy with inspections, then only the interface policy inspections are applied to that interface.
With the new modular policy framework (MPF) introduced in ASA versions 7.x and 8.x, the firewall administrator is now able to apply policing and rate limiting to traffic passing through the ASA appliance. I got a few questions from people how this functionality works and decided to throw in a quick example below which you can easily modify accordingly to match your needs.
Scenario:
We want to rate limit a local internal host when accessing a specific external public server. The local host is 192.168.1.10 and the external public server is 100.100.100.1. We need to limit the traffic to 100kbps and burst size 8000.
Configuration Snippet:
ASA(config)#access-list rate-limit-acl extended permit ip host 192.168.1.10 host 100.100.100.1
ASA(config)#class-map rate-limit
ASA(config-cmap)#match access-list rate-limit-acl
ASA(config)#policy-map limit-policy
ASA(config-pmap)#class rate-limit
ASA(config-pmap-c)#police output 100000 8000
ASA(config)#service-policy limit-policy interface outside
For detail in this regard Kindly go through the following referencce page for all the configuration related information for Bandwidth Management(Rate Limit) Using QoS Policies
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate
For configuring the rate limits through ASDM kindly go through the following link:
http://flylib.com/books.php?ln=en&n=2&p=464&c=186&p1=1&c1=1&c2=231&view=1
On Cisco ASA 8.x find th following:
http://www1.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html
http://www1.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1075478
Комментариев нет:
Отправить комментарий
Примечание. Отправлять комментарии могут только участники этого блога.