Pretty new with the ASA 5510 and I cannot seem to find any info on security levels.
I have an outside interface set at security level 0, the inside interface at 100, and the E:2 which will be the DMZ, I am not sure what to set the security level to. Is there some resource that shows the effects or permsisions of lets say a security level 50?
The higher the interface security level the more trusted.
Any interface with a lower security CANNOT talk to an interface with a higher security level without an access list that permits the traffic.
Any interface with a higher security level can talk to any interface with a lower security level.
So if you have a DMZ - choose a number between 1 and 99. This will mean that any traffic from the DMZ to the outside will be OK. Any traffic from the Inside to the DMZ and Outside will be OK. Any traffic from the outside to the DMZ and or the Inside will not work - without a specific permit access-list.
As Andrew explains the basic principle is that a higher security level interface can initiate traffic to a lower security interface but a lower security level interface can only initiate traffic that is explicitly allowed to a higher security level interface.
Probably most of us split the difference and assign 50 as the security level when we configure a third interface (as DMZ). But the particular level we choose does not matter until we decide that we need a fourth interface. Functionaly it would work the same if we assigned a security level of 2 or of 99 or of 50 for the third interface.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :