Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
0
Helpful
2
Replies

Tool for Converting Cisco ACI Contract Filter into ASA Access List

fajar.alhafidh
Level 1
Level 1

‎05-06-2021 08:51 PM

Dear Cisco,

 

We have ACI with Application Centric Deployment that use Contract for communication between EPGs, Since this policy cause TCAM exhaustion we want to move the security part to the ASA Firewall using an Service Graph PBR. 

 

Is there any tools that we can use to convert the Contract filter on ACI to move into an access list on ASA devices ? 

Labels:
0 Helpful
2 Replies 2

julian.bendix
Level 3
Level 3

‎05-09-2021 09:52 AM

Hello!

Not to my knowledge - no.

 

Sorry and best regards

Julian

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee

‎05-10-2021 05:44 AM

This doesn't exist. There's vast differences between an ACL on ACI and legacy security devices.   Namely, ACI doesn't align policy with networking constructs (VLANs/MAC/IPs/Subnets) alone.  The EPG (source classID) is what's used to apply security ACLs (Protocols/Ethertypes etc) on a source/destination so an ACL (filter/contract) on ACI != ACL on ASA

Robert

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License