Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX: How many different security levels can there be?

I started using 802.1q and VLAN, and need 12 different levels, but,

The command reference for 6.3 says only 6 are available:

Enter 0 for the outside network or 100 for the inside network. Perimeter interfaces can use any number between 1 and 99. By default, PIX Firewall sets the security level for the inside interface to security100 and the outside interface to security0. The first perimeter interface is initially set to security10, the second to security15, the third to security20, and the fourth perimeter interface to security25 (a total of 6 interfaces are permitted, with a total of 4 perimeter interfaces permitted). The word security in this command can also be abbreviated as sec, for example sec10.

For access from a higher security to a lower security level, nat and global commands or static commands must be present. For access from a lower security level to a higher security level, static and access-list commands must be present.

Interfaces with the same security level cannot communicate with each other. We recommend that every interface have a unique security level.

2 REPLIES
Cisco Employee

Re: PIX: How many different security levels can there be?

Hi,

I think what they talked about is for 6 physical interfaces/security levels. for 12 different levels/VLAN you should be good to use 12 different security levels.

Thanks

Nadeem

New Member

Re: PIX: How many different security levels can there be?

Security levels are useless the second you apply an access-list to any interface on the pix. This is not "pointed out" anywhere in the docs.

The security level protection is there so if a pix is just tossed out on the net with no acl's, it will protect the network. But after ACL's are applied to it, the Sec Level "security" doesn't take place. The ACL's over-ride the Sec Level

99
Views
0
Helpful
2
Replies