Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
5
Helpful
5
Replies

FWSM 3.2(2)

Go to solution
ibrahim_hassan
Level 1
Level 1

‎07-13-2010 01:00 AM - edited ‎03-11-2019 11:10 AM

Hi All,

    i have FWSM with s/w 3.2(2). while i creating access list an error message appeared to me :

error message: "ERROR: Unable to add, access-list config limit reached"

this fwsm is single not multiple , i can't find the "resource acl-partition " command although it is found in the guide.

i want to know if this command applied only for multiple context? if yes , what the method that can i solve this problem in single fw.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kevin Redmon
Cisco Employee
Cisco Employee

‎07-13-2010 06:47 AM

Ibrahim,

Yes - the 'resource acl-partition' is supported only in multi-context mode. When you look at the Command Reference Guide, you will see that there is a dot only under the 'System' context in the Multiple Context mode.  This implies that the command is only available via the System context:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/qr.html#wp1622931

If you are seeing this issue on a single context FWSM, your only means of recourse are to reduce the number ACL entries that you have.  This may be best accomplished by combining host access-lists entries into subnet entries.  Any approach that you can use to make your access-lists "less specific" will oftentimes reduce the amount of resources that the ACL takes up.

Let us know if you have any further questions.  If you have no further questions, please be sure to mark this topic as 'answered'.

Best Regards,

Kevin

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee

‎07-13-2010 06:26 AM

You can do "show resource usage".

Or "sh access-list | i element".

You are probably close to the 3.2 ACL limit (75K).

I hope it helps.

PK

0 Helpful

Go to solution
Kevin Redmon
Cisco Employee
Cisco Employee

‎07-13-2010 06:47 AM

Ibrahim,

Yes - the 'resource acl-partition' is supported only in multi-context mode. When you look at the Command Reference Guide, you will see that there is a dot only under the 'System' context in the Multiple Context mode.  This implies that the command is only available via the System context:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/qr.html#wp1622931

If you are seeing this issue on a single context FWSM, your only means of recourse are to reduce the number ACL entries that you have.  This may be best accomplished by combining host access-lists entries into subnet entries.  Any approach that you can use to make your access-lists "less specific" will oftentimes reduce the amount of resources that the ACL takes up.

Let us know if you have any further questions.  If you have no further questions, please be sure to mark this topic as 'answered'.

Best Regards,

Kevin

0 Helpful

Go to solution
vikran_anumukonda
Level 1
Level 1
In response to Kevin Redmon

‎01-16-2011 11:37 PM

is there any way to increase the number of ACE's after reaching the limit of 75k on FWSM version 3.1(8) ?

Thanks,
Vikram

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to vikran_anumukonda

‎01-17-2011 12:03 AM

ACE limit for version 3.1.x is just 72,806:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/specs_f.html#wp1057500

and ACE limit for version 3.2.x is 74,188:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1063812

So if you are currently running version 3.1, you can upgrade to version 3.2.x to increase the ACE limit from 72,806 to 74,188.

Or to further increase the limit, you can upgrade to version 4.0.x: 100,567:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/specs_f.html#wp1067843

Please check out the release notes on hardware/software compatibility prior to upgrade.

Hope that helps.

Go to solution
vikran_anumukonda
Level 1
Level 1
In response to Jennifer Halim

‎01-17-2011 12:06 AM

Thanks jennifer

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card