Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Performance of ASA

Hi Team,

We have upgraded the ASA code from 8.X to 9.X, Post this i have cleared the nonat & policy ACL which was enabled in old code, nearly 6000 unwanted lines from the ASA has been cleared, what would be benefit of this. Will there be any command where i can see the benefit of removing this stale entries.

VIP Green

Re: Performance of ASA

You could check the CPU and memory usage if you remember what they were previously.  Basically interface ACLs are checked top to bottom until a match is found. Even remarks which you enter to describe an ACL is checked.  The more ACL entries (ACE) the ASA needs to check for a match, the more CPU and memory needs to be allocated to this action.  Also if you have logging enabled for the ACEs then that will also require a small amout of CPU, but multiply that by 6000, the small amount becomes a big amount.

The same applies to policy NAT.  The ACEs are checked top to bottom for a match.  So you should see some improvement in the ASA performance.

show cpu

show cpu detail

show memory

show memory detail

Please remember to rate and select a correct answer


Please remember to rate and select a correct answer
CreatePlease login to create content