Solved: Dynamic Access Policies - limit in ASA 9.4 ?

Patrick Tran · ‎10-08-2015

Hi,

Is there a maximum number of DAP supported by ASA 55XX 9.4 ?

Cisco recommanded a maximum of 100 in 9.1. Is this still true in 9.4?

Thanks,

Patrick

rvarelac · ‎10-08-2015

Hi Patrick ,

There is not virtual limit for the DAP policies you can create on the ASA, this will depend more of the hardware you're using rather than the code the ASA is running. However there is a limit for the attributes inside each DAP.

Currently a maximum of 5000 values/instances can be processed per attribute in each DAP.
A syslog is generated when this limit is passed:
%ASA-3-109035: Exceeded maximum number (5000) of DAP attribute instances for
user = <username>

Hope it helps

-Randy-

View solution in original post

rvarelac · ‎10-08-2015

Hi Patrick ,

There is not virtual limit for the DAP policies you can create on the ASA, this will depend more of the hardware you're using rather than the code the ASA is running. However there is a limit for the attributes inside each DAP.

Currently a maximum of 5000 values/instances can be processed per attribute in each DAP.
A syslog is generated when this limit is passed:
%ASA-3-109035: Exceeded maximum number (5000) of DAP attribute instances for
user = <username>

Hope it helps

-Randy-

Patrick Tran · ‎10-09-2015

Thanks for your quick answer, Randy !!