Traffic Rate Limiting on Cisco ASA
With the new modular policy framework (MPF) introduced in ASA versions 7.x and 8.x, the firewall administrator is now able to apply policing and rate limiting to traffic passing through the ASA appliance. I got a few questions from people how this functionality works and decided to throw in a quick example below which you can easily modify accordingly to match your needs.
We want to rate limit a local internal host when accessing a specific external public server. The local host is 192.168.1.10 and the external public server is 100.100.100.1. We need to limit the traffic to 100kbps and burst size 8000.
ASA(config)#access-list rate-limit-acl extended permit ip host 192.168.1.10 host 100.100.100.1
ASA(config-cmap)#match access-list rate-limit-acl
ASA(config-pmap-c)#police output 100000 8000
ASA(config)#service-policy limit-policy interface outside
Like this post? Subscribe to my RSS feed and get loads more!