It doesn't work for me Manire.

With regards
Kings

On Wed, Nov 9, 2011 at 9:08 PM, Manire, Matt <[email protected]> wrote:

> Kings,****
>
> ** **
>
> I thought you could only police traffic outbound.  Does it work if you
> change the police action from an input to an output as such:****
>
> ** **
>
> class-map vpn
>  match tunnel-group 10.20.30.40
>
> policy-map vpn
>  class vpn
>   police output 9000
>
> service-policy vpn interface outside****
>
> ** **
>
> *Matt Manire*
> *CCSP, CCNP, CCDP, MCSE* *2003 & MCSE 2000*
> *Information Systems Security Manager*
> [email protected]
> *t*: 817.525.1863
> *f*: 817.525.1903
> *m*: 817.271.9165 ****
>
> *First Rate* | 1903 Ascension Boulevard | Arlington, TX 76006|
> www.FirstRate.com <http://www.firstrate.com/> ****
>
> ** **
>
> ** **
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *Kingsley Charles
> *Sent:* Wednesday, November 09, 2011 12:08 AM
> *To:* [email protected]
> *Subject:* [OSL | CCIE_Security] Policing traffic coming out from tunnel
> afterdecryption****
>
> ** **
>
> Hi all
>
> I am trying to police packets coming out of the tunnel after decryption
> using the following config but doesn't work. Has anyone tried?
>
> class-map vpn
>  match tunnel-group 10.20.30.40
>
> policy-map vpn
>  class vpn
>   police input 9000
>
> service-policy vpn interface outside
>
>
> asa1# sh service-policy interface outside
>
> Interface outside:
>   Service-policy: vpn
>     Class-map: vpn
>       Input police Interface outside:
>         cir 9000 bps, bc 1500 bytes
>         conformed 0 packets, 0 bytes; actions:  transmit
>         exceeded 0 packets, 0 bytes; actions:  drop
>         conformed 0 bps, exceed 0 bps
>
>
>
> Policing packets going into the tunnel for encryption works.
>
> class-map vpn
>  match tunnel-group 10.20.30.40
>  match flow ip destination-address
>
> policy-map vpn
>  class vpn
>   police output 9000
>
> service-policy vpn interface outside
>
>
> With regards
> Kings****
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to