I have a 20/20 MB circuit and an ASA 5510 and I am able to setup policing were the interace gets 512k down and 128k up so when I conduct a speed test with one user I get 512k and 128k and when I conduct a speed test with two users each gets 256k and 64k. [code] What I want to happen is that each user gets 512k and 128k until a saturation point is hit and then I want the ASA to slow all users down equally.
View 1 Replies
We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
I have a cisco ASA firewall 5510.Just i have configurd for 1st port as nameif ouside witch public ip, 2nd port as a nameif inside with local ip, and done the nating, dhcp and dns. now i am able to get internet from inside port, which is getting dhcp.up to that it is ok.
And I want to restrict bandwidh 1Mbps for local port (2nd port) how to config 1Mbps banwidth allocation for port no 2, I mean nameif inside should have 1Mbps limet.
I'm working in my lab trying to do proof of concept for traffic policing on the ASA 5510 running 8.0(4). I have two laptops running Ubuntu one on the outside and one on the inside. Both laptops have 100Mbps interfaces. My tests consists of downloading a file from one laptop using HTTP. Without any QoS I can see speeds close to 100Mbps which I would expect. On a side note, try using XP and you won't come close to those speeds. Anyhow, I implement policing using the config below and expect to see the max rate on the laptops during the transfer max out close to the CIR. However, I see speeds much higher on the laptops.
When I set the CIR to 10000 bps with bc at 1500 bytes I get speeds that range from 300Kbps to 700Kbps. I would expect to see speeds max out at the CIR which would be 10Kbps.I'm having a hard time understanding why my numbers don't match.
We are using ASA 5510 Version 7.2(4) at our organisation. The requirement is we need to give an access to a user with limited access so that he can run only specific commands on configuration mode. We don't have Cisco TACACS server instead of that we are using a microsoft radius server.
View 6 Replies View RelatedI have some clarifications regarding ASA firewall, it can be support bandwidth management and content security at the same time. we are looking for below features in ASA5510.
IP/Policy based bandwidth management.Controll the bandwidth and allocate the bandwidth to specified users or servers.Content Security. If not, which device I need to set for Internet Bandwidth Management and content security.
We currently have one Cisco ASA 5510 firewall at our mailn office. Our firewall does not let users access the internet. We currently have a web proxy that lets users access this. I need to let users access one website through the firewall without going through the firewall. I believe this is possible if I use dynamic NAT.
View 1 Replies View RelatedWe have an ASA 5510 version 8.3 (2) that we accept VPN users via a radius server. Is there a way to lock down a specific user that connects to the ASA as a SSL client or IPSEC VPN user? If the specific user were to connect to the ASA, we would want the user to have minimal to not access to our system.
View 1 Replies View RelatedI am using ASA 5510 Firewall and i have established VPN tunnels too , now i want to Monitor the bandwidth utilization , i have installed PRTG Monitor application and want to add the firewall , how to enable the SNMP in ASA .
View 1 Replies View RelatedIn ASA 5510. How I can limit the users in (VLAN 20) to use the internet with a limited Bandwidth/speed with 3 mbps upload and 5 mbps download?
In case the outside interface (Native vlan) which is connected to the ISP and have a bandwidth/speed of 30 mbps upload and 50 mbps download.
ASA 5510 ASA 8.0 ASDM 6.1 I want some remote users to have split-tunnel connection, others not. I used Cisco Document ID 100936 "Allow Split Tunneling for AnyConnect VPN Client on the ASA Configuration...". I created a new Group Policy with split-tunnel enabled. I created a new Connection Profile and assigned to it the new Group Policy. When I authenticate at the AnyConnect client I get a dropdown of the 2 connecton profiles, to choose the one I want. Each of them works, enabling or disabling split-tunnel. But I want to assign a connection profile to the particular user, not give the user a choice. The problem is I'm using LDAP authentication. The Local Users I set up before LDAP are obsolete, assigning them a Group Policy does nothing. I really don't want to give up LDAP and force people back to another local password. But the LDAP authentication to Active Directory just says yes or no, it won't assign a connection profile. At the AnyConnect Connection Profiles page I have set a switch "Allow user to select connection profile, identified by its alias, on the login page. Otherwise, DefaultWebVPNGroup will be the connection profile". If I clear that switch every user will be assigned the same default profile, which does not work.
View 2 Replies View RelatedI have a Cisco 2610XM (256MB DRAM / 48MB FLASH) set up as a WAN router, routing from FA 1/0 to FA 0/0 FA 1/0 is a dhcp client and FA 0/0 is a dhcp pool server.Everything works fine except my router is capping out at about 8MB/s download speed.This would be fine except i have a 16Mb/s internet connectionIs this just the router hardware bottlenecking? or a configuration issue?Either way could you let me know how to solve this?
View 3 Replies View Relateddoes the cisco wlc 2504 (software release 7.4) support QoS per-user bandwidth contracts ? I only can see the default QoS profiles (gold, platinum...) i can't see the per-user bandwidth contract to modify it. shoud it be activated ?
View 3 Replies View RelatedOne of our customers have one Cisco WLC 2100 (firmware 5.2) with 4 AP Mesh 1522, in a city deployment. In order to achieve local regulatory, has to implement bandwidth limitations per user.
I got screen captures of WLC QoS Profiles options, with Average Data Rate in Per-User Bandwidth Contracts. So my question is, do I need any other equipment to achieve per user bandwidth limitation? Can it be done with WLC QoS options?
how to limit bandwidth only for user account in window 7...My PC has 2 account ..one is admin and other is user ..i need to limit the bandwidth only for user account ,do I need a software for this.
View 3 Replies View RelatedThe rest of us use wifi for our internet services but this isn't good enough for are newest member so they have now connected a cable directly into the modem, so now whenever he is online ALL wifi suffers dramatically! What can i do to limit his bandwidth and allow the wifi to gain more access is there a way to limit via his MAC address or IP address?
View 3 Replies View RelatedI need to find a free software to find who is the heaviest bandwidth user on my LAN.The problem is that some of the users on LAN keep downloading/uploading all the time & i couldn't get to view any web-pages?
View 2 Replies View Relatedhow can I configure a Catalyst 3750, which interface is patched on the ISP router (internet uplink bandwidth = 20Mbps with) to allow all active users are sharing the bandwidth (either 5, 50, 100, user simultaneously..in internet surfing. right now it's like when a user starts a larger download that it uses the bulk of the bandwidth, and other users can reach all remaining extremely slow access times.
View 3 Replies View RelatedI want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies View Relatedcapping all of the computers on my router to a certain speed. I like to play games and the others like to buffer movies, is there a way I can cap all of ours so we can each get smooth internet use? Be it by program or through the router it would be great to get it setup and working. Router is Actiontec GT704WG and has 4 computers hooked up to it, will post other spec's if needed.
View 2 Replies View RelatedI have a cisco 2950 switch, connected with 4Mbps of internet and number of users will access the internet. There is no restraction on bandwidth limit for users, if any body use high download the remaining users are facing the slow browsing problems.
So, if i can put a bandwidth limitation for every users the problem will be solved. how to restract the bandwidth on user bases.
configuring a switch or a router to limit the bandwidth for a specific user/IP when need it. Most of my remote offices are configured like this:
Users ------ 3560 switch ------- 2801 router -------- T1 to NOC -------- 7204 router with channelized DS3
I use Netflow Analyzer for high bandwidth usage alerts and can see the user's IP right away when someone is clogging our T1s. My goal is to be able to temporarily limit the bandwidth of the user taking over the T1. Whatever is best switch config or on the router.
We have an ISP connection that is connected via an ethernet interface on a 5510 ASA. We are allotted 10Mbps. I have currently have the interface set to 10Mbps Full. However we want to upgrade the connection to 25Mbps. I know I can set the port speed to 100Mbps and then set a shape/police statement and shape down to 25Mbps.
Management wants to be able to call the ISP and arbitrarily adjust that speed up temporarily at any time without any user/admin intervention on our side. I can simply leave the port at 100Mbps i.e. no shape statement on my side however I will run into problems with large amounts drops, overruns, retransmissions, etc due to the ISP shaping the connection speed during normal operations. However they then could then adjust the speed at any time without needing me.
I do not know the best way to make this work. Is there some sort of dynamic/smart shaper in the ASA or another cisco device?
We have a Service Policy rule setup on our 5510 for SMTP traffic.
Problem is, this week someone sent a larger email 20+mb to dozens of recipeints and the outside interface was hitting 10mb, which is not what I would have expected with this rule in place, so I'm questioning the configuration. We know it was email because I disabled the server that receices our outbound mail to apply a signature and the traffic dropped immediately.
We are changing our old Pix 515e this weekend and for brand new ASA 5510.With this new installation, I would like to implement the Radius authentication for remote vpn user. Changing the firewall of the company has many impact and for the first phase the user will keep authenticating locally but I need that in phase 2, they will be authenticated via a radius server.Is there a way to configure both authentication for remote vpn user?
All user will be authenticated locally except the member of the IT Department who will be authenticated by the radius server for testing.I have remote vpn users around the world so I do not want these users to be blocked by the testing of the radius authentication. What I want is that users in group1 will be authenticated locally on the ASA and users in group2 will be authenticated by the radius. When testing will be done, all users will be transfer to the radius authentication gradually.
Is there a way that i can associate one user with two VPN profiles. Now here is the scenario.Our company has bought a win 7 64 bit pc for some of the employees , so i had to create anyconnect. But the same users are also connecting via normal cisco vpn client. they will give away these old pc but for the time being my need is that both users shall connect to anyconnect profile and ipsec profile.
I tried ti to assign same profile with both ipsec and svc so that they could use single profile but anyconnect didn't work. I am having cisco ASA 5510 as VPN gateway.And How many licenses does cisco asa have by default for anyconnect users. Here is the configuration for anyconnect
group-policy Broad_Anyconnet internalgroup-policy Broad_Anyconnet attributes dns-server value 4.2.2.2 vpn-tunnel-protocol svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value Nit_Broadcast_Network_Tunn_ACL address-pools value Broadcast_AnyPool webvpn svc ask none default svc
[Code]...
I matched the traffic statistics on one of my Cisco ASA site-site tunnels with the OID:1.3.6.1.4.1.9.9.171.1.4.3.1.1.25.4142 (cipSecTunHistInOctets). I was real proud of myself for a few days until I checked the history and found the OID wasnt working.After some troubleshooting I found that the last four digits (4142 in this case) change whenever the tunnel drops and re-establishes itself. Any way to collect tunnel utilization history on an ASA with SNMP? Is there a different OID I can use thats based on the endpoint IP?
View 2 Replies View RelatedRecently i had a requirement for implementing a Qos on one of my Mpls link which is of 2Mbps, the requirement was to allocate a bandwidth of 512kbps for each connect that comes in and 512 kbps for out going, and it is in ASA 5510 firewall.
So i have done the configuration successfully, now the issue is, the bandwidth is limited to 512kbps only for all the connection,how many may be the connections, it working below 512kbps,
But my requriemt was for the first connection, it should allocate 512kbps , and for the second another 512kbps so on.its not happening, the bandwith got struckup at 512kbps , all the connection are sharing this bandwidth only.
I have a client that wants to segment their wireless network behind their ASA. We currently have a normal setup, 5510, 2 interfaces, outside, inside. On the inside network there are Cisco Wireless APs that allow for internal access to the network. We want to move the APs to a new interface on the ASA and only allow traffic bettwen this new "Wireless" network and the internal network by using remote user VPN. So my question is, can you use remote user VPN from the new Wireless network to the inside network??
View 1 Replies View RelatedI have a an issue with one particular VPN user. They are using the built in Windows Vista client to connect to my ASA 5510.
All other users do not have an issue and i receive the following error at roughly the same time of day when the drop happens. Authentication is done by my AD Server which handles all logins.
[code]...
I have two tunnel groups using WEBVPN , I have local users at ASA 5510 version 7.2.
How can I authenticate one user in only one group?Now with local users I can loggin in both tunnel groups
Can any VPN user change their user account password through tunnel which configured on local database of ASA 5510?
View 3 Replies View Relatedip local pool VPNPOOL 192.168.200.1-192.168.200.100.
i can access servers with remote vpn which they located at dmz zone at asa(write nonat access-lsit) but i can not 192.168.193.0 subnet at asa.i configurated proxy server. my proxy server inside interface get ip address my dmz zone(172.16.10.254) and outside is ip adddress asa outside interface (10.0.0.254).the users (192.168.193.0/24) go internet from proxy server.
[code]....
