Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security level 0 - 100

If the Pix inside interface is configured for security, value of 100, while for the outside interface, a security value of 0:

1) What does this 0 and 100 mean? Any number in between such as 30, 50, 70, 90?

2) In terms of inbounding and outbounding, what does this 0 and 100 mean? My understanding, all the outbounding is allowed; But the inbounding from the external network, is only allowed to pass through the outside interface, but none is allowed to through the inside interface--Is this understanding correct?

Thanks to help.

Scott

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Security level 0 - 100

the number means the security level, the highest is 100 and the lowest is 0.

pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.

with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.

alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).

that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).

2 REPLIES
Gold

Re: Security level 0 - 100

the number means the security level, the highest is 100 and the lowest is 0.

pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.

with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.

alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).

that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).

New Member

Hi Jakko,

Hi Jakko,

Give me some initial steps to configure cisco ASA 5501

5330
Views
1
Helpful
2
Replies
CreatePlease login to create content