10-11-2012 05:22 AM - edited 03-11-2019 05:07 PM
Hi,
This is a bit of a newbie question, but am looking for the best practices when using a Cisco ASA 5505 to provide NAT and protect my inside network from the outside.
I have the inside security level set to 100 and the outside set to 0, want other features can be used to protect the network from the Internet, am assuming that the security levels will ensure no traffic comes from the outside to the inside unless there is a rule that allows it.
Would any firewall policies be required to increase the level of security?
Many Thanks for any advice.
Karl
Solved! Go to Solution.
10-11-2012 05:26 AM
Hello Karl,
yes you are correct, nobody can come inside from lower security to higher security unless specified.. you can use the below command to prevent from spoofing attack.. which just came in my mind..
ip verify reverse-path interface outside
Regards
Harish.
10-11-2012 05:26 AM
Hello Karl,
yes you are correct, nobody can come inside from lower security to higher security unless specified.. you can use the below command to prevent from spoofing attack.. which just came in my mind..
ip verify reverse-path interface outside
Regards
Harish.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide