Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Security Level

What is the importance of assigning security levels to the interface(s) in Cisco ASA?

VIP Green

What is important to first

What is important to first understand is that security levels are only effective if you do not have an ACL configured on the interface.  Once an ACL is configured on the interface the security level is no longer considered.

Having said that, the importance of security levels is to define how important or how secure the traffic connected to that interface is.  This way, the ASA knows how to treat that traffic in the event that there is no ACL configured for that interface.

The "outside" (or however you want to name it) interface, normally facing the internet, is of course considered to be connected to the most unsecure network and will almost always have a security level of 0.  The "inside" network is considered to be connected to a secure network, or most secure network, since you have direct control over what is allowed in and out and can control to some degree what is installed on the PCs, and will most often have a security level of 100 (most secure).  DMZs are normally accessed from the unsecure network as well as the secure network, but should not be able to initiate traffic to the more secure network, which lands it somewhere in the middle between 0 and 100.  So in this example lets say the DMZ security level is 50.  So now, without adding any ACLs, the inside network can access the DMZ and outside network, the DMZ network can access the outside network but not the inside network, and the outside network can not access anything behind the firewall.


Please remember to select a correct answer and rate


Please remember to rate and select a correct answer
CreatePlease to create content