Announcement

Collapse
No announcement yet.

ASA Service Policy SMTP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA Service Policy SMTP

    We have a Service Policy rule setup (not by ourselves) but we don't think it's working. Basically we want to restrict how much bandwidth the Server that is used to send external emails utilises. Whenever someone sends a large email (e.g. 700k) to an external list (200 recipients) it's impacting on Browsing, general network access and Remote users. We see the outside interface hitting peaks at 8/9mb for extended periods of time and we really need to get this sorted.

    Here's a crude copy/paste of the Policy in question.

    outside-class1 1 True Match EmailServerOut any tcp/smtp class outside-class1
    police input 1024000 1500 conform-action transmit exceed-action drop
    police output 1024000 1500 conform-action transmit exceed-action drop
    [[ class-map outside-class1 description match acl=outside_mpc match port=null ]]

    It looks ok but just doesn't seem to do anything. One observation is there are no settings in the Protocol inspection area (is that right) and unlike the FTP inspect I configured, but since my knowledge of Cisco OS configurations in limited i'm somewhat stuck.

    ...and a result of the command: "show service-policy"

    Global policy:
    Service-policy: asa_global_fw_policy
    Class-map: inspection_default
    Inspect: ftp, packet 309763, drop 0, reset-drop 0

    Interface outside:
    Service-policy: outside-policy1
    Class-map: outside-class1
    Input police Interface outside:
    cir 1024000 bps, bc 1500 bytes
    conformed 0 packets, 0 bytes; actions: transmit
    exceeded 0 packets, 0 bytes; actions: drop
    conformed 0 bps, exceed 0 bps
    Output police Interface outside:
    cir 1024000 bps, bc 1500 bytes
    conformed 0 packets, 0 bytes; actions: transmit
    exceeded 0 packets, 0 bytes; actions: drop
    conformed 0 bps, exceed 0 bps
    Class-map: outside-class2
    Input police Interface outside:
    cir 2048000 bps, bc 1500 bytes
    conformed 0 packets, 0 bytes; actions: transmit
    exceeded 0 packets, 0 bytes; actions: drop
    conformed 0 bps, exceed 0 bps
    Output police Interface outside:
    cir 2048000 bps, bc 1500 bytes
    conformed 55176 packets, 42347975 bytes; actions: transmit
    exceeded 0 packets, 0 bytes; actions: drop
    conformed 0 bps, exceed 0 bps

    I'd appreciate any guideane or ideas.

  • #2
    Re: ASA Service Policy SMTP

    I'm also starting to think that 'Policing' is not the route we should be taking as this drops packets, moreso we require 'shaping'.

    Comment

    Working...
    X