From: Tim (ccie2be@nyc.rr.com)
Date: Fri Jun 20 2008 - 07:45:54 ART
Hi guys,
I need some clarification.
This example is from the ASA command line guide:
hostname(config)# class-map cmap
hostname(config-cmap)# match tunnel-group
hostname(config-cmap)# match flow ip destination-address
hostname(config-cmap)# exit
hostname(config)# policy-map pmap
hostname(config-pmap)# class cmap
hostname(config-pmap)# police 56000
hostname(config-pmap)# exit
hostname(config)# service-policy pmap global
hostname(config)#
I'm not clear exactly what affect the match flow ip command has. Does the
match flow
command HAVE to be entered when using the match tunnel-group command? If it
doesn't what would happen
differently if not entered?
Also, notice the police command. Does that limit apply to ALL the combined
traffic flows thru the tunnel or
is 56000 the limit for each flow to a different destination address?
I read the command line guide at this link but I'm still confused:
<http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/m_72.h
tml#wp1749376>
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/m_72.ht
ml#wp1749376
Can someone clear the fog off this command?
Thanks, Tim
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART