Service Policy Rule - SMTP

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Post Reply
sparky
Hello I'm new here
Posts: 4
Joined: Wed Jul 20, 2011 12:42 am
Location: UK

Service Policy Rule - SMTP

Post by sparky » Fri Sep 09, 2011 1:33 am

We have a service policy rule on our ASA5510 for SMTP so we can restrict how much bandwidth our outbound email server can use. On closer inspection it seems this is not working so whenever anyone sends out a large email to multiple external addresses, various services are reduced. It's impacting on Web Browsing, Remote TS connections and general Network usage. Here's a crude copy of the config via ASDM

outside-class1 1 True Match EmailServerOut any tcp/smtp class outside-class1
police input 1024000 1500 conform-action transmit exceed-action drop
police output 1024000 1500 conform-action transmit exceed-action drop
[[ class-map outside-class1 description match acl=outside_mpc match port=null ]]

Also a result of the command: "show service-policy", which suggest nothing is being policed for SMTP

Global policy:
Service-policy: asa_global_fw_policy
Class-map: inspection_default
Inspect: ftp, packet 309763, drop 0, reset-drop 0

Interface outside:
Service-policy: outside-policy1
Class-map: outside-class1
Input police Interface outside:
cir 1024000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
Output police Interface outside:
cir 1024000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
Class-map: outside-class2
Input police Interface outside:
cir 2048000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
Output police Interface outside:
cir 2048000 bps, bc 1500 bytes
conformed 55176 packets, 42347975 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps

I've posted this on the Cisco support forums with no response to date so any assistance would be appreciated.

Post Reply