What is the default behavior of Cisco PIX/ASA before putting into the Production? & DMZ behavior also?

Answered Question
Jul 9th, 2010
User Badges:

Hi All,

  

What is the default behavior of Cisco PIX/ASA before putting into the Production? & DMZ behavior also?

Regards,

Srinadh.





Correct Answer by Jennifer Halim about 7 years 2 weeks ago

Same rule applies to DMZ. If you configure security level 50 for DMZ, 100 for inside and 0 for outside:

- Traffic from DMZ towards inside will not be allowed by default

- Traffic from DMZ towards outside will be allowed by default

and again, that assumes NAT and routing is configured.

Correct Answer by Jennifer Halim about 7 years 2 weeks ago

Default behaviour would be if it's in routed mode:

1) Traffic from high security level to low security level will be allowed by default if you don't have any ACL configured on the high security level interface.

2) Traffic from low security level to high security level would need the following configured:

     - static NAT configuration

     - ACL applied on the low security level interface to allow inbound traffic.


The above assumes that you have configured the necessary interface ip address, nameif, security level, routes and NAT.


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jennifer Halim Fri, 07/09/2010 - 05:21
User Badges:
  • Cisco Employee,

Default behaviour would be if it's in routed mode:

1) Traffic from high security level to low security level will be allowed by default if you don't have any ACL configured on the high security level interface.

2) Traffic from low security level to high security level would need the following configured:

     - static NAT configuration

     - ACL applied on the low security level interface to allow inbound traffic.


The above assumes that you have configured the necessary interface ip address, nameif, security level, routes and NAT.


Hope that helps.

k_srinadh Fri, 07/09/2010 - 05:36
User Badges:

Thank you so much..


What about DMZ any specific behavior ?

Correct Answer
Jennifer Halim Fri, 07/09/2010 - 06:02
User Badges:
  • Cisco Employee,

Same rule applies to DMZ. If you configure security level 50 for DMZ, 100 for inside and 0 for outside:

- Traffic from DMZ towards inside will not be allowed by default

- Traffic from DMZ towards outside will be allowed by default

and again, that assumes NAT and routing is configured.

k_srinadh Fri, 07/09/2010 - 23:48
User Badges:

Thanks A lot..Halijenn...thats verrry much helpful...

Actions

This Discussion