Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

3750 Access-lists vs. ASA


We are managing an environment where currently we have 8 pairs of redundant 3750 switches in a distribution layer.

Access layer switches (2960's) about 200.

The 3750's are acting as L3 routers for traffic (connecting to a core, which we do not control) as well as providing Access-lists for security and traffic filtering between the pairs.

The ACL lines on some 3750's are reaching close to 4000 lines!! (as far as I can tell best practise is 2000max)

While we are in the process of optimizing and reducing ACL lines I am looking at an alternative of using an ASA to provide the filtering and security instead of the additional load we are currently putting on the switches.

Can anyone provide some advise on which model to use for this type of environment. Uptime is critical, the network cannot go down.

Comparisons show that the ASA 5515-X has better features and throughput in all aspects than the ASA5520. As well as being cheaper.

Can this ASA handle the ACL capacity in terms of rules and capacity for load?

And do the SSM modules provide more capacity to the ASA5520 or is it a functionality module?

Any assistance, advise or  feedback will be appreciated.

Thank You

Everyone's tags (4)
CreatePlease to create content