Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
1
Replies

Cisco ASA Internet Access Best Practices

Go to solution
karl_009
Level 1
Level 1

‎10-11-2012 05:22 AM - edited ‎03-11-2019 05:07 PM

Hi,

This is a bit of a newbie question, but am looking for the best practices when using a Cisco ASA 5505 to provide NAT and protect my inside network from the outside.

I have the inside security level set to 100 and the outside set to 0, want other features can be used to protect the network from the Internet, am assuming that the security levels will ensure no traffic comes from the outside to the inside unless there is a rule that allows it.

Would any firewall policies be required to increase the level of security?

Many Thanks for any advice.

Karl

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harish Balakrishnan
Spotlight
Spotlight

‎10-11-2012 05:26 AM

Hello Karl,

yes you are correct, nobody can come inside from lower security to higher security unless specified.. you can use the below command to prevent from spoofing attack.. which just came in my mind..

ip verify reverse-path interface outside

Regards

Harish.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Harish Balakrishnan
Spotlight
Spotlight

‎10-11-2012 05:26 AM

Hello Karl,

yes you are correct, nobody can come inside from lower security to higher security unless specified.. you can use the below command to prevent from spoofing attack.. which just came in my mind..

ip verify reverse-path interface outside

Regards

Harish.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card