ACL optimization

Unanswered Question
Mar 17th, 2010

I have 14000 ACEs under one ACL. Actually I want to  block whole of the world except North America and Mexico. Any idea how to optimize this list . Any tool

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 03/17/2010 - 09:21


If you just want to permit some ranges and deny everything else, the recommendation is to specify what you want to permit and by default everything else will be denied.

If this is an ASA, you can use Object-Groups to group networks and in this way reduce dramatically the list.


KARUPPUCHAMY MA... Wed, 03/17/2010 - 09:27


If you are using FWSM then you can use ACL optimization future. It will analyse and will give the report of zero hit count ACLs.

You can remove those ACLs.

Else, you have to enable logging and you have to find the zero hit-count and remove those zero hit count ACLs




This Discussion