Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1295
Views
0
Helpful
1
Replies

access-list has port selectors may have performance impact

sstrohmayer
Level 1
Level 1

‎11-01-2004 06:50 PM - edited ‎02-20-2020 09:25 PM

Can someone quantify this, I added a very large access-list (130 entries) to a tunnel a few days ago on an old pix and customer traffic was heavily impacted the pix setup:

"Version 5.1(2), Finesse Bios V3.3, Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz"

What kind of impact would this have, anyone any ideas?

Labels:
0 Helpful
1 Reply 1

nkhawaja
Cisco Employee
Cisco Employee

‎11-01-2004 09:47 PM

With older codes we didn't have the feature called "compile", without it, for a long access-list firewall has to match an incoming packet against all the entries in sequential manner unless it hits a match or unless a default action is applied.

0 Helpful
Customers Also Viewed These Support Documents