Live security level change on PIX

Unanswered Question
Nov 30th, 2007

Hi,

I need to change an interface security level from 100 to 85 while it is live. What are the implications for doing so?

Will each new packet be treated with the new level? And most importantly will there be any downtime or other side affects which will be noticable to users?

I have read on a previous post that a reboot is preferable - is this definitely the case and why so?

I'm running 7.0(1)on a PIX 535.

Any thoughts much appreciated.

Many thanks,

J

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Fri, 11/30/2007 - 10:12

I've never heard about this requiring a reboot. The only thing to be concerned about are the normal things when you change security levels, mainly how that affects communication with other interfaces. Also, if you're using the 'same-security-traffic..' command, how that affects it.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/intparam.html

Actions

This Discussion