It doesn't work for me Manire. With regards Kings
On Wed, Nov 9, 2011 at 9:08 PM, Manire, Matt <[email protected]> wrote: > Kings,**** > > ** ** > > I thought you could only police traffic outbound. Does it work if you > change the police action from an input to an output as such:**** > > ** ** > > class-map vpn > match tunnel-group 10.20.30.40 > > policy-map vpn > class vpn > police output 9000 > > service-policy vpn interface outside**** > > ** ** > > *Matt Manire* > *CCSP, CCNP, CCDP, MCSE* *2003 & MCSE 2000* > *Information Systems Security Manager* > [email protected] > *t*: 817.525.1863 > *f*: 817.525.1903 > *m*: 817.271.9165 **** > > *First Rate* | 1903 Ascension Boulevard | Arlington, TX 76006| > www.FirstRate.com <http://www.firstrate.com/> **** > > ** ** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Wednesday, November 09, 2011 12:08 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Policing traffic coming out from tunnel > afterdecryption**** > > ** ** > > Hi all > > I am trying to police packets coming out of the tunnel after decryption > using the following config but doesn't work. Has anyone tried? > > class-map vpn > match tunnel-group 10.20.30.40 > > policy-map vpn > class vpn > police input 9000 > > service-policy vpn interface outside > > > asa1# sh service-policy interface outside > > Interface outside: > Service-policy: vpn > Class-map: vpn > Input police Interface outside: > cir 9000 bps, bc 1500 bytes > conformed 0 packets, 0 bytes; actions: transmit > exceeded 0 packets, 0 bytes; actions: drop > conformed 0 bps, exceed 0 bps > > > > Policing packets going into the tunnel for encryption works. > > class-map vpn > match tunnel-group 10.20.30.40 > match flow ip destination-address > > policy-map vpn > class vpn > police output 9000 > > service-policy vpn interface outside > > > With regards > Kings**** >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
