https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432690#M667898 <HTML><HEAD></HEAD><BODY><P>You can do "show resource usage".</P><P>Or "sh access-list | i element".</P><P></P><P>You are probably close to the 3.2 ACL limit (75K).</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Tue, 13 Jul 2010 13:26:40 GMT Panos Kampanakis 2010-07-13T13:26:40Z https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432689#M667885 <P>Hi All,</P><P>&nbsp;&nbsp;&nbsp; i have FWSM with s/w 3.2(2). while i creating access list an error message appeared to me :</P><P>error message: "ERROR: Unable to add, access-list config limit reached"</P><P></P><P>this fwsm is single not multiple , i can't find the "<STRONG>resource acl-partition " command although it is found in the guide.</STRONG></P><P><STRONG>i want to know if this command applied only for multiple context? if yes , what the method that can i solve this problem in single fw.</STRONG></P><P></P><P><STRONG>Thanks</STRONG></P> Mon, 11 Mar 2019 18:10:48 GMT https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432689#M667885 ibrahim_hassan 2019-03-11T18:10:48Z https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432690#M667898 <HTML><HEAD></HEAD><BODY><P>You can do "show resource usage".</P><P>Or "sh access-list | i element".</P><P></P><P>You are probably close to the 3.2 ACL limit (75K).</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Tue, 13 Jul 2010 13:26:40 GMT https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432690#M667898 Panos Kampanakis 2010-07-13T13:26:40Z https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432691#M667906 <HTML><HEAD></HEAD><BODY><P>Ibrahim,</P><P></P><P>Yes - the 'resource acl-partition' is supported only in multi-context mode. When you look at the Command Reference Guide, you will see that there is a dot only under the 'System' context in the Multiple Context mode.&nbsp; This implies that the command is only available via the System context:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/qr.html#wp1622931">http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/qr.html#wp1622931</A></P><P></P><P>If you are seeing this issue on a single context FWSM, your only means of recourse are to reduce the number ACL entries that you have.&nbsp; This may be best accomplished by combining host access-lists entries into subnet entries.&nbsp; Any approach that you can use to make your access-lists "less specific" will oftentimes reduce the amount of resources that the ACL takes up.</P><P></P><P>Let us know if you have any further questions.&nbsp; If you have no further questions, please be sure to mark this topic as 'answered'.</P><P></P><P>Best Regards,</P><P>Kevin</P></BODY></HTML> Tue, 13 Jul 2010 13:47:14 GMT https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432691#M667906 Kevin Redmon 2010-07-13T13:47:14Z https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432692#M667915 <HTML><HEAD></HEAD><BODY><P>is there any way to increase the number of ACE's after reaching the limit of 75k on FWSM version 3.1(8) ?</P><P></P><P></P><P>Thanks,<BR />Vikram</P></BODY></HTML> Mon, 17 Jan 2011 07:37:37 GMT https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432692#M667915 vikran_anumukonda 2011-01-17T07:37:37Z https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432693#M667919 <HTML><HEAD></HEAD><BODY><P>ACE limit for version 3.1.x is just 72,806:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/specs_f.html#wp1057500">http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/specs_f.html#wp1057500</A></P><P></P><P>and ACE limit for version 3.2.x is 74,188:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1063812">http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1063812</A></P><P></P><P>So if you are currently running version 3.1, you can upgrade to version 3.2.x to increase the ACE limit from 72,806 to 74,188.</P><P></P><P>Or to further increase the limit, you can upgrade to version 4.0.x:<SPAN class="content"> 100,567:</SPAN></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/specs_f.html#wp1067843">http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/specs_f.html#wp1067843</A></P><P></P><P>Please check out the release notes on hardware/software compatibility prior to upgrade.</P><P></P><P>Hope that helps.</P></BODY></HTML> Mon, 17 Jan 2011 08:03:14 GMT https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432693#M667919 Jennifer Halim 2011-01-17T08:03:14Z https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432694#M667929 <HTML><HEAD></HEAD><BODY><P>Thanks jennifer</P></BODY></HTML> Mon, 17 Jan 2011 08:06:17 GMT https://community.cisco.com/t5/network-security/fwsm-3-2-2/m-p/1432694#M667929 vikran_anumukonda 2011-01-17T08:06:17Z