01-06-2013 12:51 AM - edited 03-11-2019 05:43 PM
Dear Folks,
Kindly advise, what is the max number of policies can ASA 5525X supports ? I dont find it in the datasheet.
Thanks
SID
Solved! Go to Solution.
01-06-2013 03:52 AM
Hi,
Do you mean the number of ACLs rules the ASA can support?
To my understanding one of the limiting factor for this is the amount of memory on the ASA. But as the ASA 5525-X is one of the newer series it has more memory than almost any of the older pre X-models (Think 5580 models had equal or more)
Do you have some Cisco ASA or PIX that you are planning to replace with the ASA 5525-X model and are wondering if its enough? To my understanding almost any ASA X-models beats the old models (and PIX firewalls) in performance easily.
- Jouni
01-06-2013 04:39 AM
Hi,
I guess this is a question only a Cisco employee can answer or any person that is willing to go into length checking/lab this on the devices themselves.
I've only run into a problem with ACLs on an FWSM and that mostly because a single context was trying to use more rules than was allocated to it (and not really hitting any memory limitation to my understanding even then) so its rules need to cleaned a bit.
I checked briefly on my ASA5505 8.4(3) on difference in memory consumption before and after adding a new ACL/ACE and after adding addiotional ACEs to my existing ACLs
And it seemed to be around 480 - 700 bytes. But this is hardly specific information.
Lets just say that I have yet to run into an environment where ASAs resources wouldnt have been more than enough.
- Jouni
01-06-2013 03:52 AM
Hi,
Do you mean the number of ACLs rules the ASA can support?
To my understanding one of the limiting factor for this is the amount of memory on the ASA. But as the ASA 5525-X is one of the newer series it has more memory than almost any of the older pre X-models (Think 5580 models had equal or more)
Do you have some Cisco ASA or PIX that you are planning to replace with the ASA 5525-X model and are wondering if its enough? To my understanding almost any ASA X-models beats the old models (and PIX firewalls) in performance easily.
- Jouni
01-06-2013 03:59 AM
Hi,
Thanks for the reply. In fact it was one of the questions mentioned in the compliance sheet , so i was searching for it in the datasheet.
If it depends on RAM , how much ACL's does the older models support ?
SID
01-06-2013 04:39 AM
Hi,
I guess this is a question only a Cisco employee can answer or any person that is willing to go into length checking/lab this on the devices themselves.
I've only run into a problem with ACLs on an FWSM and that mostly because a single context was trying to use more rules than was allocated to it (and not really hitting any memory limitation to my understanding even then) so its rules need to cleaned a bit.
I checked briefly on my ASA5505 8.4(3) on difference in memory consumption before and after adding a new ACL/ACE and after adding addiotional ACEs to my existing ACLs
And it seemed to be around 480 - 700 bytes. But this is hardly specific information.
Lets just say that I have yet to run into an environment where ASAs resources wouldnt have been more than enough.
- Jouni
01-06-2013 05:14 AM
Hi,
Just ran into this thead from the end of last year that had the same question
https://supportforums.cisco.com/message/3787231#3787231
And link to a document in the thread above
http://www.scribd.com/doc/73309742/14/Maximum-ACL-Limits
- Jouni
01-06-2013 06:05 AM
Hi,
Thanks for the Update.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide