Well Hi Kyle,cisco acl's are packet-filter's.packet filter's got big security limitation by checking only source,destination and port address.they are open to spoofing, source routing, and are applicationless guard.firewall-1 is statefull inspection ...