Cisco asa 5510 ERROR: Cannot add policy to rule engine

DavidReisner · ‎03-06-2013

Hello,

I am trying to add 89,462+ access list rules to an ASA 5510 running 8.2(5). I have added all the rules to an object group and when I try to apply the access list to an interface it gives me the foolowing error:

ERROR: Cannot add policy to rule engine

ERROR: Unable to assign access-list wan-out to interface wan

I have not tried not using an object group and just putting the rules in the access list. I want to be able to add to these rules if needed easily.

I think it's clear that i have exceeded the rule limit for the ASA. So my question is, what is the rule limit for an ASA 5510 and which ASA could I purchase that would handle this amount of rules?

Any help would be appreaciated.

Thanks

jocamare · ‎03-06-2013

The problem might be that the unit is running out of memory, an upgrade will let you add more rules.

Cisco asa 5510 ERROR: Cannot add policy to rule engine

Access Policy Rules API is now available!

Cisco Identity Services Engine (ISE) Trainings

ASA: Policy Based Routing (PBR) について

Changing Cisco ASA IKEv2 policies priorities

Cisco ASA Policy-Based Routing