cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1922
Views
0
Helpful
5
Replies

Max Number of Policies that ASA 5525X supports ?

ciscokid7181
Level 1
Level 1

Dear Folks,

Kindly advise, what is the max number of policies can ASA 5525X supports ? I dont find it in the datasheet.

Thanks

SID                   

2 Accepted Solutions

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Do you mean the number of ACLs rules the ASA can support?

To my understanding one of the limiting factor for this is the amount of memory on the ASA. But as the ASA 5525-X is one of the newer series it has more memory than almost any of the older pre X-models (Think 5580 models had equal or more)

Do you have some Cisco ASA or PIX that you are planning to replace with the ASA 5525-X model and are wondering if its enough? To my understanding almost any ASA X-models beats the old models (and PIX firewalls) in performance easily.

- Jouni

View solution in original post

Hi,

I guess this is a question only a Cisco employee can answer or any person that is willing to go into length checking/lab this on the devices themselves.

I've only run into a problem with ACLs on an FWSM and that mostly because a single context was trying to use more rules than was allocated to it (and not really hitting any memory limitation to my understanding even then) so its rules need to cleaned a bit.

I checked briefly on my ASA5505 8.4(3) on difference in memory consumption before and after adding a new ACL/ACE and after adding addiotional ACEs to my existing ACLs

And it seemed to be around 480 - 700 bytes. But this is hardly specific information.

Lets just say that I have yet to run into an environment where ASAs resources wouldnt have been more than enough.

- Jouni

View solution in original post

5 Replies 5

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Do you mean the number of ACLs rules the ASA can support?

To my understanding one of the limiting factor for this is the amount of memory on the ASA. But as the ASA 5525-X is one of the newer series it has more memory than almost any of the older pre X-models (Think 5580 models had equal or more)

Do you have some Cisco ASA or PIX that you are planning to replace with the ASA 5525-X model and are wondering if its enough? To my understanding almost any ASA X-models beats the old models (and PIX firewalls) in performance easily.

- Jouni

Hi,

Thanks for the reply. In fact it was one of the questions mentioned in the compliance sheet , so i was searching for it in the datasheet.

If it depends on RAM , how much ACL's does the older models support ?

SID

Hi,

I guess this is a question only a Cisco employee can answer or any person that is willing to go into length checking/lab this on the devices themselves.

I've only run into a problem with ACLs on an FWSM and that mostly because a single context was trying to use more rules than was allocated to it (and not really hitting any memory limitation to my understanding even then) so its rules need to cleaned a bit.

I checked briefly on my ASA5505 8.4(3) on difference in memory consumption before and after adding a new ACL/ACE and after adding addiotional ACEs to my existing ACLs

And it seemed to be around 480 - 700 bytes. But this is hardly specific information.

Lets just say that I have yet to run into an environment where ASAs resources wouldnt have been more than enough.

- Jouni

Hi,

Just ran into this thead from the end of last year that had the same question

https://supportforums.cisco.com/message/3787231#3787231

And link to a document in the thread above

http://www.scribd.com/doc/73309742/14/Maximum-ACL-Limits

- Jouni

Hi,
Thanks for the Update.

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: