Solved: Cisco ASA 5525 Maximum ACL Lines

Abhinav-Network · ‎02-06-2025

Hello All,

Could you please help me in finding out the maximum number of ACL's accepted in a Cisco ASA 5525? I am trying to add an access list which is worth more than 45K lines to block certain IP's based on geolocation. Would this effect the performance of the ASA?
Total Flash: 8192 MB

Flavio Miranda · ‎02-06-2025

@Abhinav-Network

More ACL you have, more resources would be used. But, 45k is less than 25% of the firewall capacity. Considering you only have 45k.

https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-appliance-asa-software/qa_c67-731962.html

View solution in original post

Rob Ingram · ‎02-06-2025

@Abhinav-Network here is the offical limits per hardware model.

You can improve performance using the object-group-search command which optimizes all ACLs in the inbound direction. You can reduce the memory required to search access rules by enabling object group search, but this is at the expense rule of lookup performance and increased CPU utilization. https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/o-commands.html#wp1852298285

I would recommend replacing the 5525-X, the ASA hardware is EOL and you can get much better performance on the newer Firepower hardware, and Cisco are releasing software updates for vulnerabilities.

Flavio Miranda · ‎02-06-2025

@Abhinav-Network

More ACL you have, more resources would be used. But, 45k is less than 25% of the firewall capacity. Considering you only have 45k.

https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-appliance-asa-software/qa_c67-731962.html