07-10-2006 01:12 AM - edited 03-03-2019 01:17 PM
Hi!
I've searched the Net and Cisco forums for any kind of specifications for reflexive access list hardware requirements but I can't find any. Is Cisco 2801 "standard" (64Mb flash, 128 Mb DRAM) suitable to be used as a "firewall" with reflexive access lists. Behind firewall is DMZ with Microsoft ISA proxy, mail and DNS server. We have 1Mb frame relay internet link and around 400 users (and management which doesn't want to invest in PIX firewall :(.
07-10-2006 05:26 AM
Dear Kuzack,
Thanks for this question.
Reflexive ACL's are a 'Software Feature' as you know so it's not necessarily tied down to a hardware requirement or 'Minimum Hardware Platform' to run this type of access control method.
To find out if your SW will work on a specific HW platform - there is no better tool to use than Cisco's Feature Navigator. You can access this tool by visiting the following url:
<http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp>
click on this and select search by feature to see if your software provides this functionality. So just to be clear, it's a question of whether your IOS will support R-ACL or doesn't it.
hth, all the best.
Ajaz Nawaz
please rate useful posts.
07-10-2006 11:47 PM
Hi Ajaz,
Thanks for fast response. Maybe I wasn't specific enough - I know that my router supports reflexive access lists (12.3T IP base, checked in Cisco Feature Navigator). Problem is that I read in some Cisco document that reflexive access lists are memory and cpu intensive but I can't find anywhere anything more... So I am wondering if 2801 is suitable (memory and cpu) to "play" firewall with reflexive access lists (for 1Mb internet link and arround 400 users behind it).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide