Cisco WAN :: 5510 Dynamic Bandwidth With Shaping
Mar 29, 2011
We have an ISP connection that is connected via an ethernet interface on a 5510 ASA. We are allotted 10Mbps. I have currently have the interface set to 10Mbps Full. However we want to upgrade the connection to 25Mbps. I know I can set the port speed to 100Mbps and then set a shape/police statement and shape down to 25Mbps.
Management wants to be able to call the ISP and arbitrarily adjust that speed up temporarily at any time without any user/admin intervention on our side. I can simply leave the port at 100Mbps i.e. no shape statement on my side however I will run into problems with large amounts drops, overruns, retransmissions, etc due to the ISP shaping the connection speed during normal operations. However they then could then adjust the speed at any time without needing me.
I do not know the best way to make this work. Is there some sort of dynamic/smart shaper in the ASA or another cisco device?
View 2 Replies
ADVERTISEMENT
Jun 1, 2011
I am trying to get ride of an old traffic management appliance and would like to replace it by a simple Cisco 3845.
The configuration is really simple:
Customers -- Router 3845 -- Internet
I want to be able to provide bundles to customer such 64kps garanteed/ 2mbps MIR (retail) and 2mbps garanteed no MIR (business).
I need also to specify to the router the total internet bandwitdh available (example: 20mbps symetrical).
This configuration will work ? Should I worry about any performance issue if I start to have a lot of customers ?
ip access-list extended Cust1
permit ip any sub_Cust1
permit ip subCust1 any
View 2 Replies
View Related
Jul 14, 2011
We are a new medical school located in PA. Just have just completed a new building and are now working on getting our network finished. Here is the situation we have a 50MB Internet Connection that comes into our network that then hits the ISPs Cisco 3750 which sends it to two of our Cisco 3750s for redundancy. From the 3750 goes into our Cisco 6509 with a FWSM module, then out from there to our distribution switches which are all Cisco 2960s.
What we would like to do is to control how much WAN connectivity each of our VRFs get. Right now we have a Faculty, Student, and Research VRF formed, and are trying to figure out the best spot where we can say Faculty gets 30MB of Bandwidth, Students gets 10, and Research gets 10. If possible would like burst capabilities.
View 3 Replies
View Related
Dec 12, 2012
I have 2 links to 2 different departments switch with an up link of 10mb. I want to guarantee that both departments get at least 5mb, but can use part of the other 5mb that not in use. Is this possible?
View 3 Replies
View Related
Sep 18, 2012
How do I setup this on the SRP527W? I already block most of the video stuff on the internet. But I want to make this one more step.
View 1 Replies
View Related
May 28, 2013
We are looking to implement a bandwidth policy for our Internet link. What i would like to know is if we use a policing policy, will the exceeded dropped packets be resubmitted from the source? Will the dropped packets be resubmitted? Are there any differences besides this when using either policing or shaping policies? Is one better than the other?
CISCO ASA 5510 IOS 8.2
View 3 Replies
View Related
Oct 19, 2011
Is there any difference with traffic shaping capability on the 5510 as opposed to the 5505? is there anything the 5510 can do that the 5505 cant? with regards to TShaping?
View 4 Replies
View Related
Sep 8, 2011
I would like to know if there is a way to apply in the Cisco asa 5510 traffic shaping not for a interface but a single IP address.For example i would like to limit the bandwith for the IP address of my FTP server.
View 4 Replies
View Related
Dec 20, 2012
They have a /28 wan adress coming from ISP, that gives out 100Mbps, going to a Cisco 2960S switch (ver. 12.2) the switch is only holding 1 vlan. Connected to the 2960 are 3 firewalls/routers from other manifactors, each creating their own network. The customer wishes for a solution where each final FW/router gets minimum 33% and maximum 100% of the bandwidth, depending on how much each final Fw/router are in use.
View 1 Replies
View Related
Jul 4, 2011
We just purchased a company with multiple sites using Sonicwall's and Dynamic assigned external IP's. I am running a ASA 5510 with a outside Static.
I have done lots of S2S with both ends static but never a Dynamic to static.
what the commands are to set the ASA to accept dynamic VPN tunnels.
View 8 Replies
View Related
Mar 17, 2013
My dynamic ASA is trying to use a Cradle point 4G connection to a head end ASA-5510. The remote end with the Cradle point 4G is not even initiating the tunnel! I need another set of eyes. it was initiating the tunnel last week but not completing the connection. Now its not doing anything. i am going backwards. Below is my remote ASA config.
ASA5510(config)# sh run
: Saved
ASA Version 8.2(2)
host name ASA5510
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
[code]...
I have a laptop directly attached to the inside interface. The PC and ASA can ping each other. The test interface is the one I am trying to use. Does my default route need to point to 192.168.0.1? Or is the remote peer correct? I thought the remote peer was correct? The 4G modem is like a pass-thru device. If I connect my laptop to it I can get out to the internet.
View 3 Replies
View Related
Sep 25, 2011
am in the progess of replacing a Zyxel USG 300 to a Cisoa ASA 5510.In the Zyxel I have some Site to Site, where the peer is a dyndns.org adresse, becourse the peer is a dynamic ip-adress.
I have maybe 10 site to site´s where the peer is a dynamic with a dyndns.org adress, and the presharedkey is diffrent at each tunnel.How can i make this configuration at the ASA 5510?
View 1 Replies
View Related
May 26, 2011
I'm trying to figure out how to get two 5510 ASA's to establish a Site-to-Site VPN.The version with two static IP's is working perfectly and stable but I haven't figured out how to get a VPN running between a static and a dynamic IP
View 12 Replies
View Related
Apr 16, 2011
There are three different sites, two are composed of Multilayer switches cisco 3560 and 3570 as core switches (a 3560 in one site and a 3570 in another site), the last site doesn't have any routers just a 2950 switch. Each site has two asa 5505 as firewalls. Two Internet connexions are connected to every site, one on every firewall. One Internet line is used to connect the different sites together using VPN crypted with IPsec and the other line is just for Internet access. The line that is used to interconnect sites contains voice and data traffic.At the moment all the routes are static routes, the network isn't too big for now and counts not more than 20 subnets.But it is evolving, and I want to use dynamic routing, EIGRP to be more accurate. I've looked into it and I'm not sure how to make it work. The VPNs active on the ASAs don't support dynamic routing, so I thought about GRE tunnels but the ASAs don't seem to allow it either.
View 11 Replies
View Related
Jun 1, 2011
I have ASA 5510 and public FTP server from my local network to external IP address, with static nat translation. All works, but I need request to ftp come from internal ASA interface (need use gateway different ASA). How configured ASA for forwarding request?
View 4 Replies
View Related
Dec 14, 2011
I have one ASA 5510, a primary ISP (cable, the single public IP lives on the ASA), and a backup ISP (ADSL, separate router that hosts its single public IP). I use IP tracking to detect link down on the primary. When I pull the plug on the cable modem and go to "Route monitoring", I can see the ASA's default route is now the backup ISP default route.That conforms with [URL] Pings to 8.8.8.8 fail however, and when I do a packet trace the ASA complains about the dynamic nat rule that still points to the primary ISP's interface.Only when I change the existing dynamic NAT rule (on my inside interface) to use the backup ISP's pool (which is a single 192.168.x.y address) , does 8.8.8.8 reply to my pings. So it kinda works but it's not full auto . I can't add a second dynamic nat rule on the same inside interface, nor can I select 2 IP pools in a single dynamic nat rule.
View 4 Replies
View Related
Nov 8, 2012
I have a cisco ASA firewall 5510.Just i have configurd for 1st port as nameif ouside witch public ip, 2nd port as a nameif inside with local ip, and done the nating, dhcp and dns. now i am able to get internet from inside port, which is getting dhcp.up to that it is ok.
And I want to restrict bandwidh 1Mbps for local port (2nd port) how to config 1Mbps banwidth allocation for port no 2, I mean nameif inside should have 1Mbps limet.
View 1 Replies
View Related
Jul 27, 2011
We have a Service Policy rule setup on our 5510 for SMTP traffic.
Problem is, this week someone sent a larger email 20+mb to dozens of recipeints and the outside interface was hitting 10mb, which is not what I would have expected with this rule in place, so I'm questioning the configuration. We know it was email because I disabled the server that receices our outbound mail to apply a signature and the traffic dropped immediately.
View 2 Replies
View Related
Oct 31, 2011
I have a 20/20 MB circuit and an ASA 5510 and I am able to setup policing were the interace gets 512k down and 128k up so when I conduct a speed test with one user I get 512k and 128k and when I conduct a speed test with two users each gets 256k and 64k. [code] What I want to happen is that each user gets 512k and 128k until a saturation point is hit and then I want the ASA to slow all users down equally.
View 1 Replies
View Related
May 5, 2011
I'm working in my lab trying to do proof of concept for traffic policing on the ASA 5510 running 8.0(4). I have two laptops running Ubuntu one on the outside and one on the inside. Both laptops have 100Mbps interfaces. My tests consists of downloading a file from one laptop using HTTP. Without any QoS I can see speeds close to 100Mbps which I would expect. On a side note, try using XP and you won't come close to those speeds. Anyhow, I implement policing using the config below and expect to see the max rate on the laptops during the transfer max out close to the CIR. However, I see speeds much higher on the laptops.
When I set the CIR to 10000 bps with bc at 1500 bytes I get speeds that range from 300Kbps to 700Kbps. I would expect to see speeds max out at the CIR which would be 10Kbps.I'm having a hard time understanding why my numbers don't match.
View 6 Replies
View Related
Dec 22, 2008
I matched the traffic statistics on one of my Cisco ASA site-site tunnels with the OID:1.3.6.1.4.1.9.9.171.1.4.3.1.1.25.4142 (cipSecTunHistInOctets). I was real proud of myself for a few days until I checked the history and found the OID wasnt working.After some troubleshooting I found that the last four digits (4142 in this case) change whenever the tunnel drops and re-establishes itself. Any way to collect tunnel utilization history on an ASA with SNMP? Is there a different OID I can use thats based on the endpoint IP?
View 2 Replies
View Related
Jul 29, 2011
Recently i had a requirement for implementing a Qos on one of my Mpls link which is of 2Mbps, the requirement was to allocate a bandwidth of 512kbps for each connect that comes in and 512 kbps for out going, and it is in ASA 5510 firewall.
So i have done the configuration successfully, now the issue is, the bandwidth is limited to 512kbps only for all the connection,how many may be the connections, it working below 512kbps,
But my requriemt was for the first connection, it should allocate 512kbps , and for the second another 512kbps so on.its not happening, the bandwith got struckup at 512kbps , all the connection are sharing this bandwidth only.
View 1 Replies
View Related
Sep 13, 2012
I have some clarifications regarding ASA firewall, it can be support bandwidth management and content security at the same time. we are looking for below features in ASA5510.
IP/Policy based bandwidth management.Controll the bandwidth and allocate the bandwidth to specified users or servers.Content Security. If not, which device I need to set for Internet Bandwidth Management and content security.
View 3 Replies
View Related
May 1, 2012
I am using ASA 5510 Firewall and i have established VPN tunnels too , now i want to Monitor the bandwidth utilization , i have installed PRTG Monitor application and want to add the firewall , how to enable the SNMP in ASA .
View 1 Replies
View Related
Jul 29, 2012
In ASA 5510. How I can limit the users in (VLAN 20) to use the internet with a limited Bandwidth/speed with 3 mbps upload and 5 mbps download?
In case the outside interface (Native vlan) which is connected to the ISP and have a bandwidth/speed of 30 mbps upload and 50 mbps download.
View 4 Replies
View Related
Nov 5, 2012
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
View 1 Replies
View Related
Mar 15, 2011
I am a traffic shaping newcomer and need some guidance as how to BEGIN to approach a problem with traffic. We have been rolling out Windows 7 at sites and the additional traffic it causes on installation is considerable as it has to request information from our central site to populate My Documents and Outlook mailboxes.This has caused some problems on sites as there traffic rates increase to the point that QoS is not sufficient to protect voice traffic and delays and one-way audio are being experienced.One question is this - is GTS a solution or is CBWFQ within GTS the solution or is something else preferable? The sites involved are data/voice with a variety of routers.Second question is this - if we have a remote site with a 3725 router as the WAN aggregator with one 4506/Sup IV and one Cat 3550-24-PWR the shaping should be best placed on the 3725, correct? Also, are there issues with shaping incoming/outgoing traffic as I seem to have read?FYI, the 3725 router has 12.4(8d) with IP VOICE/NO CRYPTO IOS version. The 4506 has 12.1(23)E4 with basic L3 feature set.
View 1 Replies
View Related
May 29, 2013
I try to setup a basic GTS shaping on a cisco ISR G2 2900
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
Cisco CISCO2901/K9 (revision 1.0) with 1957856K/40960K bytes of memory.
ipbase ipbasek9 Permanent ipbasek9
the policy-map was applied to a svi interface (vlan interface)
And my problem is the shape isn't effective, in my attempt the max bw is 20Mb and I have gigabit interface
I know this kind of setup is classic and I see it working on older ios version 12.x
config:
interface VlanX
ip address X X
no ip redirects
[code].....
View 6 Replies
View Related
May 22, 2012
I recently upgraded my AT&T dsl connection from 3.0Mbps to 18Mbps and I'm ready to fully optimize my network. Some bandwidth intensive programs, such as netflix and youtube, can hog all that bandwidth relatively quickly, so what I want to do is limit/reserve bandwidth to each individual computer on my network so online games and latency-oriented programs still function at an acceptable level. I have my connection running as follows: modem (controls dhcp) --> bridged connection server pc (2 nics) --> router --> every other device on the network. It all works beautifully except my router doesn't have QoS software on it therefore, I can't do the limiting there. Is there any way to use the server pc as a network shaping device, controlling downstream traffic? I've googled and come up with nothing definitive as people don't seem to do this very often.
View 4 Replies
View Related
Feb 6, 2011
I have a 3825 with a 1Gb fiber card at one of my sites. Our ISP and MPLS provider hand off a single gigabit fiber to us that contains 2 50MB EVC's.I need to apply QoS to one of the EVC's and shape them both to 50Mb to avoid upstream rate mismatch bottlenecks. Both of the EVC's generally only push 10Mb during business hours.When I run UDP stream tests (various rates from 500k-6m that are marked as AF41) to one of my other sites I am consistently getting about 2% packet loss, despite the fact the circuit isn't even close to 50% saturation. When I remove Shaping and QoS all together, the issue nearly clears itself up, except during peak hours and I get small bursts of packet loss, which is still unacceptable.When the pipe is at near zero utilization (after hours) there also is no packet loss with or with out the shaping/qos applied.
View 1 Replies
View Related
May 5, 2011
There is a remote server that downloads info from a server here at HQ. When the dowloads start the rxload on the S0/0/0 interface jumps to 98 percent or so; rxload 250/255. I needed to limit the bandwidth utilization between the servers, so I added the below line to the LAN interface on the remote router.By adding the command, it reduced the download utilization -which is what I wanted.
access-list 185 permit ip host 10.6.27.1 any
!
int f0/0
traffic-shape group 185 10000 8000 8000 1000
Question:How would applying this to the LAN interface cause the download utilization (Coming from s0/0/0) to decrease?
View 4 Replies
View Related
Feb 25, 2012
I want to take 100Mb incoming from a service provider and police it off into several VRFs for customers.One of these VRFs will be 30M.I further need to traffic shape this (30Mb) out to 40 x 0.75Mbps (burstable to 30M) customers.
I am using an ASR1001.
View 2 Replies
View Related
May 4, 2012
I have a 3800 running 12.4 with a outbound shaped nest Qos tied to a subinterface G0/0.12 which is trunk downstream to a 3500. I am getting drops on the "sh policy-manager inter g0/0.12 so know that shaping which is 1.5mbps is dropping my packets. The 3500 looks clean
3800:
policy-map A
class-map A
bandwidth 30% etc..
[Code]....
the routing is that host goes up to the 3800 and out a wan link but if wan is down, it hairpins back down from 3800 to 3500 which has a backup link on one of the ports. when we test wan down, or even when it is up, I see shape dropping packets
View 4 Replies
View Related
