Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

basic configuration on ASA 5520

i am runnig ASA in GNS3

am confused a little default ip traffic is allowed from higher to lower security level....i had just configured interfaces with security level, name and ip address and no shutdown....the traffic will pass throught the asa or NAT , ACL or  Routes are configured....

  • Firewalling
VIP Green

basic configuration on ASA 5520

I am not sure I understand your question correctly.  Do you mean that you have configured the interfaces and traffic is not passing?

If you configure one interface with security level 100 and another with a security level lower than 100 (lets say 0 for simplicity) then, as of version 8.3, traffic will pass through the ASA from the higher security level to the lower security level without the need of further configuration.  That is assuming that on the lower security level interface is not connected to the internet where private IP address range is not routable.  In this case traffic will pass through the ASA, you will just not get any return traffic.

Prior to 8.2 you had to configure a NAT statement or issue the no nat-control command in order for traffic to be allowed through the ASA but as of 8.2 that feature was disabled by default and in 8.3 (or perhaps 8.4) it was removed completely.

If you add an ACL to the ASA interface then the security levels have nothing to say in the way traffic flows.  The security levels only come into play if there are no ACLs configured on the interface.

Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer
This widget could not be displayed.