Cisco ASA Max ACL Limit

| Comments

The Cisco ASA firewall doesn’t have any hard limits for the number of Access Control Entries (ACEs). However, this is bound by the memory of the model. Each ACE uses at least 212 bytes of RAM.

Once you reach or get close to the maximum number of ACEs, the performance of the ASA decreases by 10-15%.

Use this table below to stay within the maximum number of allowed Access List Entries.

An easy trick to find out how many ACEs an ACL has is to use this command: show access-list | include elements.

Model Max Recommended ACEs Tested ACEs
5505 25k
5510 80k 80k
5512-X 100k
5515-X 100k
5520 200k 300k
5525-X 200k
5540 500k 700k
5545-X 300k
5550 700k 700k
5555-X 500k
5580 750k 1 mil+
5585 10/20/40/60 500k/750k/1 mil/2 mil 500k/750k/1 mil/2 mil
ASA SM 2 mil 2 mil

Source: Cisco Live! 2014 presentation.

acl, asa, cisco, scripts