router acl v asa acl

There are two major differences between a router ACL and a security appliance
ACL. The fundamental difference is that only the first packet of a flow is subject to an
ACL in the security appliance. After that the connection is built, all subsequent packets
matching that connection are not checked against any ACL. In a Cisco IOS router, all
packets are subject to ACL rules. The second difference is that the router ACLs represent
a subnet mask as wildcard bits while the security appliance ACLs represent a subnet mask
in the proper subnet mask format.