Hi,

Our customer has a 50/50 internet connection, but they reach only 50 down / 12 up.

The ISP told me that we need to configure bandwidth throttling on the outside interface to 48/48 to prevent this from happening.

I added the following in the ASA5506 config (for testing purposes, I want to limit the internet connection to 5mbit):

class-map outside-class
match any
!
!
policy-map outside-policy
class outside-class
police input 50331500 9437184
police output 50331500 9437184
!
service-policy outside-policy interface outside

However, this is not working! speedtest.net still shows me 48 down / 13 up instead of 5/5.

Please help me out, why isn't this working?

The command "show service-policy"shows the following:

Result of the command: "show service-policy"

Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 703652, lock fail 0, drop 141, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: ftp, packet 55, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: h323 h225 _default_h323_map, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: h323 ras _default_h323_map, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: rsh, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: rtsp, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: esmtp _default_esmtp_map, packet 82287, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: sqlnet, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: skinny , packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: sunrpc, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: xdmcp, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: netbios, packet 18, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: tftp, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: ip-options _default_ip_options_map, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Class-map: class-default

Default Queueing Packet recieved 0, sent 0, attack 0

Interface outside:
Service-policy: outside-policy
Class-map: outside-class
Input police Interface outside:
cir 50331500 bps, bc 9437184 bytes
conformed 74017 packets, 98017630 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 11632 bps, exceed 0 bps
Output police Interface outside:
cir 50331500 bps, bc 9437184 bytes
conformed 60403 packets, 7772432 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 6896 bps, exceed 0 bps