cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
533
Views
0
Helpful
2
Replies

Cisco ASA5550 ACL migration

sadcock123
Level 1
Level 1

Hello,

Sorry for the basic question, but does anyone know how many ACL's is supported on a ASA5550?

I have a client that is looking to move 7.200 ACL's from a Cisco 2800 router to a Cisco ASA5550 and would like to understand the below:-

  • How many ACL's is supported on a ASA5550
  • I understand the management overhead will be great, but need to understand load of processing the ACL's on the ASA5550

Just a quick quesion as the client is not looking to rationalise the rules, just move them and deal with once migrated.

Any questions please let me know.

Cheers

Steven

2 Replies 2

Hi,

I don't think there's a hard number... but it's well over thousands (lot more than 10,000)

Also the object-group feature on the ASA can reduce the size of the ACL.

Federico.

Jon Marshall
Hall of Fame
Hall of Fame

sadcock123 wrote:

Hello,

Sorry for the basic question, but does anyone know how many ACL's is supported on a ASA5550?

I have a client that is looking to move 7.200 ACL's from a Cisco 2800 router to a Cisco ASA5550 and would like to understand the below:-

  • How many ACL's is supported on a ASA5550
  • I understand the management overhead will be great, but need to understand load of processing the ACL's on the ASA5550

Just a quick quesion as the client is not looking to rationalise the rules, just move them and deal with once migrated.

Any questions please let me know.

Cheers

Steven

Steven

Do you mean ACL ie. 7200 access-lists or ACE's ie. individual entries within an access-list ?

As Federico says, there is no hard limit, it is entirely dependant on memory. I have found reference on these forums to an ACE using 20KB of memory so with a quick bit of maths and assuming you mean ACE -

7200 * 20Kb = 144000Kb / 1024 = approx 140Mb

the ASA5550 comes with 4Gbps of memory so i would think you would be fine but that does depend on an ACE using 20Kb of memory. Even so i would still think you should be fine.

Edit - of course it also depends on what else you are running on your firewall which uses memory.

Jon

Review Cisco Networking for a $25 gift card