Does the implicit deny any at the end of an access list (applied either outbound or inbound) take precendce over the standard behaviour of Security levels ? i.e. allow higher to lower
Also how does enabling the same security level option effect this ?
The default behaviour is to allow traffic from higher to lower if no ACL (but having NAT solved). If you add an ACL, the traffic ORIGINATING (entering, but not part of a return traffic) in that interface will be hadled based on the ACL, the interface security level will not matter anymore.
The return traffic is hadled by the ASA engine.
Same security level will allow traffic between interfaces that have the same security level. By default this will not be permitted even with ACLs permitting any any.
It is good business practice not to have multiple interfaces with the same security number. If you have more DMZs, just put successive number as security levels: 50,51,52. Then create ACLs as required.
Please rate if this helped.