PIX: How many different security levels can there be?
I started using 802.1q and VLAN, and need 12 different levels, but,
The command reference for 6.3 says only 6 are available:
Enter 0 for the outside network or 100 for the inside network. Perimeter interfaces can use any number between 1 and 99. By default, PIX Firewall sets the security level for the inside interface to security100 and the outside interface to security0. The first perimeter interface is initially set to security10, the second to security15, the third to security20, and the fourth perimeter interface to security25 (a total of 6 interfaces are permitted, with a total of 4 perimeter interfaces permitted). The word security in this command can also be abbreviated as sec, for example sec10.
For access from a higher security to a lower security level, nat and global commands or static commands must be present. For access from a lower security level to a higher security level, static and access-list commands must be present.
Interfaces with the same security level cannot communicate with each other. We recommend that every interface have a unique security level.
Re: PIX: How many different security levels can there be?
Security levels are useless the second you apply an access-list to any interface on the pix. This is not "pointed out" anywhere in the docs.
The security level protection is there so if a pix is just tossed out on the net with no acl's, it will protect the network. But after ACL's are applied to it, the Sec Level "security" doesn't take place. The ACL's over-ride the Sec Level
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...