11-19-2010 03:19 AM - edited 03-11-2019 12:11 PM
Hello,
Sorry for the basic question, but does anyone know how many ACL's is supported on a ASA5550?
I have a client that is looking to move 7.200 ACL's from a Cisco 2800 router to a Cisco ASA5550 and would like to understand the below:-
Just a quick quesion as the client is not looking to rationalise the rules, just move them and deal with once migrated.
Any questions please let me know.
Cheers
Steven
11-19-2010 08:04 AM
Hi,
I don't think there's a hard number... but it's well over thousands (lot more than 10,000)
Also the object-group feature on the ASA can reduce the size of the ACL.
Federico.
11-19-2010 08:16 AM
sadcock123 wrote:
Hello,
Sorry for the basic question, but does anyone know how many ACL's is supported on a ASA5550?
I have a client that is looking to move 7.200 ACL's from a Cisco 2800 router to a Cisco ASA5550 and would like to understand the below:-
Just a quick quesion as the client is not looking to rationalise the rules, just move them and deal with once migrated.
Any questions please let me know.
Cheers
Steven
Steven
Do you mean ACL ie. 7200 access-lists or ACE's ie. individual entries within an access-list ?
As Federico says, there is no hard limit, it is entirely dependant on memory. I have found reference on these forums to an ACE using 20KB of memory so with a quick bit of maths and assuming you mean ACE -
7200 * 20Kb = 144000Kb / 1024 = approx 140Mb
the ASA5550 comes with 4Gbps of memory so i would think you would be fine but that does depend on an ACE using 20Kb of memory. Even so i would still think you should be fine.
Edit - of course it also depends on what else you are running on your firewall which uses memory.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide