Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1622
Views
0
Helpful
4
Replies

What is the default behavior of Cisco PIX/ASA before putting into the Production? & DMZ behavior also?

Go to solution
k_srinadh
Level 1
Level 1

‎07-09-2010 05:17 AM - edited ‎03-11-2019 11:09 AM

Hi All,

  

What is the default behavior of Cisco PIX/ASA before putting into the Production? & DMZ behavior also?

Regards,

Srinadh.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎07-09-2010 05:21 AM

Default behaviour would be if it's in routed mode:

1) Traffic from high security level to low security level will be allowed by default if you don't have any ACL configured on the high security level interface.

2) Traffic from low security level to high security level would need the following configured:

     - static NAT configuration

     - ACL applied on the low security level interface to allow inbound traffic.

The above assumes that you have configured the necessary interface ip address, nameif, security level, routes and NAT.

Hope that helps.

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to k_srinadh

‎07-09-2010 06:02 AM

Same rule applies to DMZ. If you configure security level 50 for DMZ, 100 for inside and 0 for outside:

- Traffic from DMZ towards inside will not be allowed by default

- Traffic from DMZ towards outside will be allowed by default

and again, that assumes NAT and routing is configured.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎07-09-2010 05:21 AM

Default behaviour would be if it's in routed mode:

1) Traffic from high security level to low security level will be allowed by default if you don't have any ACL configured on the high security level interface.

2) Traffic from low security level to high security level would need the following configured:

     - static NAT configuration

     - ACL applied on the low security level interface to allow inbound traffic.

The above assumes that you have configured the necessary interface ip address, nameif, security level, routes and NAT.

Hope that helps.

0 Helpful

Go to solution
k_srinadh
Level 1
Level 1
In response to Jennifer Halim

‎07-09-2010 05:36 AM

Thank you so much..

What about DMZ any specific behavior ?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to k_srinadh

‎07-09-2010 06:02 AM

Same rule applies to DMZ. If you configure security level 50 for DMZ, 100 for inside and 0 for outside:

- Traffic from DMZ towards inside will not be allowed by default

- Traffic from DMZ towards outside will be allowed by default

and again, that assumes NAT and routing is configured.

0 Helpful

Go to solution
k_srinadh
Level 1
Level 1
In response to Jennifer Halim

‎07-09-2010 11:48 PM

Thanks A lot..Halijenn...thats verrry much helpful...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card