Cisco Firewall :: ASA5500-x Bandwidth Control Based On Different Users And Applications
Sep 20, 2012
I would like to know about asa 5500-x. Does it supports application visibility and granular control for different applications. Moreover bandwidth control based on different users and different applications
I have set up a zone-based policy firewall with HA on two 2911 routers as per the Cisco security configuration guide, for an active/passive LAN-LAN cluster. All works as expected, but there is one problem I find: when the control link between the two devices fails, they go into an active/active state as each member assumes it's the last surviving member. The ARP entries for the Virtual IPs on the neighboring devices point to the device that last claimed the active role (usually the standby device). This works in a way, just sessions don't get synched anymore (control link is the same as data link). Now when the link comes back up, the preemtion works and the active, former standby device goes back to standby. But the ARP entries on the neighboring devices still point to the standby device and nothing goes (also sessions established during the active/active state are lost due to resync with the now active member).
This is a single point of failure and what I need is a way to mitigate that. Under:
redundancy application redundancy group 1 control <interface> protocol 1
only one control interface is allowed. Other manufacturers with similar functionality provide for the possibilty of a backup control link, for example the internal LAN interface or a dedicated backup link.
How would I go about that? Maybe use a port-channel for the control/data link (but I'm out of interfaces)?
I have a question regarding the number of computers connecting to a single wireless router. I want my internet connection at home to be used only by my laptop. I have my connection secured by password and etc, but I was wondering if there is a setting I can use to control the number of computers connected to a wireless router?
i have a 3550 catalyst and i configured it for bandwidth controlling i have used POLICE command its work fine and i saw it limit the bandwidth but there is a little problem when i limit the bandwidth at 1024000 and i useing all the bandwidth and monitor the bandwidth i see it shows the network uses half bandwidth.
I want to control bandwidth of our computers in network. We are using TPLINK routers. I already done ipqos setting in the main router but it doesn't really effective. I also tried ipqos in the routers(which is used as WAP) but it also not effective.
I have a router with 2 service providers connectivity with different ASN and running with BGP.I've announce few IP-prefix by ISP-A and Few Prefix by ISP-B.Both are working well with redundancy.But,Problem is here, that the all uplink bandwidth goes through ISP-A link.I want to make it that, ISP-A routed ip-Prefix's upload data will go through ISP-A & ISP-B IP-Prefix's Upload data will go through ISP-B Link.
I am using a win server 2008 in my company, recently my staff have being using internet a lot for downloading and many other unnecessary software therby redusing overall bandwidth.Is there any software solution i can use for controlling bandwidth of my client computer from server2008 computer.
This has finally become a BIG problem. Any time I have iTunes running and downloading podcasts, it hogs all the bandwidth for the Internet (but not the local network). This is not only slowing down access from the machine running iTunes and the downloads but for every other device trying to web browse.I'm running two Macs and one Windows/Dell PC on the network. All are hard-wired (Ethernet) to the DIR-655. How to throttle iTunes? I did some research and found that I am apparently not the only one having this issue.I'm about to bail on iTunes entirely and try to get used to Miro, which does allow bandwidth control.
I have Cisco 2851 router & need to allocate bandwith based on IP's. eg. 192.168.1.1 should use 7 Mbps & 192.168.1.2 should use 2 Mbps & 192.168.1.3 should use 1 Mbps. Let me know the configuration on how to execute it on a router.
On Nexus 7000s I want to limit bandwidth of particular IP. I can do this using proper configuratio of IP ACL, policy map and class map. But what if I dont have information on interface? Can I apply bandwidth control for particular IP without knowing the interface?
I`m searching about bandwidth control down and upstream with vlans, i found many options but no one works good, follow some examples i have found on the internet
We have 3 sets of applications. The first does not require much bandwidth but is very critical, the other two is more bandwidth consuming but less critical. I would like to know if it's possible to reflect this priorities on the router configuration. Is it possible to set the ports 10000, 10001 and 10002 of the external IP have higher priority to be handled, for example? Also, is it possible to limit the bandwidth that goes through a set of ports?
I must prevent the 2 sets of less critical applications to strugle the critical ones. What router can provide this capabilities? Is the 1921 able to do this job?
Region : Spain Model : TD-W8968 Hardware Version : V1 Firmware Version :
I have a TD-W8970. In settings "Bandwidth Manager" there is an option to put a value between 1 and 8, but does not specify which is better (1 or 8). What the value to give more priority to a computer to another?
ASA-5510, inside, outside, and some DMZ.Some services published with Static NAT - no problem.Now we need to add a second outside connection, with a second provider.Internet navigation only through the first provider (default gateway to the provider router "A").I need to publish some services ALSO through the second provider, ensuring the accessibility of both public IP addresses.I can set up the second NAT on the second interface, but the answer is ONLY to the first IP (the ISP "A", where I have the default gateway).By Cisco manual, it seems that there is a "lookup route" automatic with the return route of NAT, but it does not work.
Should we active IPS feature in ASA 5500-x by useing license?in the 5500-x ordering guide:IPS is only sold as ASA-IPS combo SKUs i.e., one cannot add IPS service as an option on top of ASA SKU. For example, if IPS service is desired on ASA 5515-X appliance, the relevant SKU is ASA5515-IPS-K8 or ASA5515-IPS-K9.But my customer has actived it by using the ASA5525-IPS-SSP on ASA5525-K9.
Region : India Model : TD-W8968 Hardware Version : V1 Firmware Version : 0.6.0 1.1 v0005.0 Build 120926 Rel.27100n ISP : MTNL
After lot of troubleshooting and efforts I figured out there seems to be BUG with routers firmware 0.6.0 1.1 v0005.0 Build 120926 Rel.27100n.When you enable Bandwidth control, FTP stops working from Internet. However, it does work from local network. When you disable Bandwidth control, FTP starts working from internet as well as local network.
when I connect to VPN with ASA 5510, can not connect to web applications in HTTP instead https in other applications are working properly. how can I fix this?
Recently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.
I would like to schedule automatic backups of our ASA5500's OoO-hours:
1. SSH from secure server and create _FULL_ backup - what would be the CLI command(s) ? 2. SCP from secure server and retreive file(s) - what is the location of the file(s) ?
It's a problem about access ASA5500 Firewall mangement port. The customer request access ASA5500 by entering the default IP address https://192.168.1.1 to monitor data tracffic in Windows 7. But after entering the default IP in IE, no any page appear.
But that way can access ASA5500 magement port successfully in Windows XP. What the different between Windows 7 and Windows XP? Is there any way or any patch can access ASA5500 manemeng port in Windows 7?
I have a cisco 2950 switch, connected with 4Mbps of internet and number of users will access the internet. There is no restraction on bandwidth limit for users, if any body use high download the remaining users are facing the slow browsing problems.
So, if i can put a bandwidth limitation for every users the problem will be solved. how to restract the bandwidth on user bases.
I have two routers at our core data center, a 3845 and a 3640. These are configured with GLBP. There are 4 remote sites:
Site #1: One T1 link to the 3825 Site #2: One T1 link to the 3825, and One T1 link to the 3640 Site #3: One T1 link to the 3825, and One T1 link to the 3640 Site #4: One fractional T1 link to the 3825, and One T1 link to the 3640.
My question regards site #4. If i understand correctly, GLBP works on the premise of "host" balancing, and not true "load" balancing. The reason I ask is that the large majority of our WAN traffic is from our Exchange server to our remote sites. In the case of site #4, our exchange server is sending traffic on the fractional T1. Is there any way with GLBP to either split this traffic from a particular host across two links in a round-robin fashion, but leave other hosts to travel wherever the router sends them, or, to force at least our exchange server to use the full T1, rather than the fractional?
I've read up on the weighting mechanism, and it appears that tracking an interface has nothing to do with bandwidth use. If I understand correctly, if I were to track the Site #4 PPP to the 3640, and give a weight of 10 to glbp on there, it would really only take affect if the interface is down. It will have nothing to do with host AVF election.For the record, exchange traffic is constant to this site, so there is no chance for the host connection to reset and potentially elect to use the larger pipe. I would like to "tweak" this to make better use of available bandwidth.
I was wondering if it is needed to license the IPsec VPN clients in the ASA5500 firewalls...I know that you have license the SSL VPN peers (AnyConnect). I am almost sure that for the IPsec you don't have to.
I am attempting to port-forward on an ASA 5500 to internal host .100. The outside interface recieves its IP via DHCP. Packets are being denied so I ran packet-tracer and get the following error from outside to ssh port on internal host.
Region : UnitedKingdom Model : TL-MR3220 Hardware Version : V2 Firmware Version : ISP :
Looking at the manual for this router in regards to bandwidth restrictions.When you set up the Rules under Bandwidth Control does this setting shared by the IP range or does each IP in the range get that amount of bandwidth?