Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Performance of ASA

Hi Team,

We have upgraded the ASA code from 8.X to 9.X, Post this i have cleared the nonat & policy ACL which was enabled in old code, nearly 6000 unwanted lines from the ASA has been cleared, what would be benefit of this. Will there be any command where i can see the benefit of removing this stale entries.

1 REPLY
VIP Green

Re: Performance of ASA

You could check the CPU and memory usage if you remember what they were previously.  Basically interface ACLs are checked top to bottom until a match is found. Even remarks which you enter to describe an ACL is checked.  The more ACL entries (ACE) the ASA needs to check for a match, the more CPU and memory needs to be allocated to this action.  Also if you have logging enabled for the ACEs then that will also require a small amout of CPU, but multiply that by 6000, the small amount becomes a big amount.

The same applies to policy NAT.  The ACEs are checked top to bottom for a match.  So you should see some improvement in the ASA performance.

show cpu

show cpu detail

show memory

show memory detail

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
115
Views
0
Helpful
1
Replies
CreatePlease login to create content