https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749101#M178045 <P>Hi</P><P>&nbsp;</P><P>I've just started a new role and after looking at the ASA 5550 config I have an issue. &nbsp;The inside interface has security level 0 and outside security level 100!</P><P>It's been like this for years!</P><P>So there're lots of inbound rules , some NAT entries and a couple of site-to-site VPN's attached to outside interface that has built up over the years so the config is working.</P><P>So what I'm asking is if I were to swap security levels to the way it should be, surly the exiting config shouldn't be affected by the change?</P><P>Cheers&nbsp;</P><P>&nbsp;</P> Tue, 12 Mar 2019 06:43:53 GMT joepeters1982 2019-03-12T06:43:53Z https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749101#M178045 Tue, 12 Mar 2019 06:43:53 GMT https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749101#M178045 joepeters1982 2019-03-12T06:43:53Z https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749102#M178047 <P>Hi,</P><P>&nbsp;</P><P>If you are planning to change the security levels of the interface then should consider the traffic that should be permitted from the new lower security level interface to higher security level interface.</P><P>Also you have mentioned that you already have ACLs on the inside interface. So once you change the security level to 100 on the inside interface, the ACL will still take precedence and you will need to add more ACL entries to permit/deny traffic.</P><P>&nbsp;</P><P>Hope it helps!!!</P><P>Thanks,</P><P>R.Seth</P><P><SPAN style="font-size:10px;">Don't forget to mark the answer as correct if it helps in resolving your query!!!</SPAN></P> Mon, 12 Oct 2015 09:23:31 GMT https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749102#M178047 Rishabh Seth 2015-10-12T09:23:31Z https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749103#M178051 <P>Thanks Rishabh</P><P>After checking and re-checking finally swapped security levels, all seems ok so far...PHEW</P> Wed, 14 Oct 2015 07:13:48 GMT https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749103#M178051 joepeters1982 2015-10-14T07:13:48Z https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749104#M178054 <P>Great :)!!!</P> Wed, 14 Oct 2015 07:14:43 GMT https://community.cisco.com/t5/network-security/asa-security-level-help/m-p/2749104#M178054 Rishabh Seth 2015-10-14T07:14:43Z