Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
4
Replies

ASA and Security Levels

Go to solution
mingram27
Level 1
Level 1

‎03-28-2013 07:05 AM - edited ‎03-11-2019 06:21 PM

Hey guys I have a very basic question, as much as I know about Firewalls. This matter escapes, can someone explain to me what does the security levels mean on the interface and could have the same security level on two different interfaces that facing the internet?

Please advise and thank you

Matt

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
julomban
Level 3
Level 3

‎03-28-2013 07:17 AM

Hello Matthew,

The security level protects higher security  networks  from lower security networks by imposing additional protection  between  the two.

The level controls the following behavior:

Network   access—By default, there is an implicit permit from a higher security   interface to a lower security interface (outbound). Hosts on the higher   security interface can access any host on a lower security interface.   You can limit access by applying an access list to the interface.

Normally,  interfaces on the same security level  cannot communicate. If you want  interfaces on the same security level to  communicate, you need to add  the same-security-traffic inter-interface. You might want to assign two  interfaces to the same level and  allow protection features to be  applied  equally for traffic between two interfaces; for example, you  have two  departments that are equally secure.

I hope it helps.

Regards,

Juan Lombana

Please rate helpful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
julomban
Level 3
Level 3

‎03-28-2013 07:17 AM

Hello Matthew,

The security level protects higher security  networks  from lower security networks by imposing additional protection  between  the two.

The level controls the following behavior:

Network   access—By default, there is an implicit permit from a higher security   interface to a lower security interface (outbound). Hosts on the higher   security interface can access any host on a lower security interface.   You can limit access by applying an access list to the interface.

Normally,  interfaces on the same security level  cannot communicate. If you want  interfaces on the same security level to  communicate, you need to add  the same-security-traffic inter-interface. You might want to assign two  interfaces to the same level and  allow protection features to be  applied  equally for traffic between two interfaces; for example, you  have two  departments that are equally secure.

I hope it helps.

Regards,

Juan Lombana

Please rate helpful posts.

0 Helpful

Go to solution
mingram27
Level 1
Level 1
In response to julomban

‎03-28-2013 08:42 AM

Perfect answer!!! Thank you

0 Helpful

Go to solution
julomban
Level 3
Level 3
In response to mingram27

‎03-28-2013 08:45 AM

Your welcome!!!!

Please rate helpful posts.

0 Helpful

Go to solution
James Leinweber
Level 4
Level 4
In response to julomban

‎03-29-2013 11:54 AM

In practice, most interesting firewall designs end up putting access-lists on all the interfaces, at which point the security levels are moot.   The primary effect of Cisco security-level concept is that an out of the box vanilla configuration with just an inside and an outside network will more or less work: the firewall will block unsolicited inbound traffic, allow outbound traffic, and allow reply packets for existing connections in.

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card