07-09-2010 05:17 AM - edited 03-11-2019 11:09 AM
Hi All,
What is the default behavior of Cisco PIX/ASA before putting into the Production? & DMZ behavior also?
Regards,
Srinadh.
Solved! Go to Solution.
07-09-2010 05:21 AM
Default behaviour would be if it's in routed mode:
1) Traffic from high security level to low security level will be allowed by default if you don't have any ACL configured on the high security level interface.
2) Traffic from low security level to high security level would need the following configured:
- static NAT configuration
- ACL applied on the low security level interface to allow inbound traffic.
The above assumes that you have configured the necessary interface ip address, nameif, security level, routes and NAT.
Hope that helps.
07-09-2010 06:02 AM
Same rule applies to DMZ. If you configure security level 50 for DMZ, 100 for inside and 0 for outside:
- Traffic from DMZ towards inside will not be allowed by default
- Traffic from DMZ towards outside will be allowed by default
and again, that assumes NAT and routing is configured.
07-09-2010 05:21 AM
Default behaviour would be if it's in routed mode:
1) Traffic from high security level to low security level will be allowed by default if you don't have any ACL configured on the high security level interface.
2) Traffic from low security level to high security level would need the following configured:
- static NAT configuration
- ACL applied on the low security level interface to allow inbound traffic.
The above assumes that you have configured the necessary interface ip address, nameif, security level, routes and NAT.
Hope that helps.
07-09-2010 05:36 AM
Thank you so much..
What about DMZ any specific behavior ?
07-09-2010 06:02 AM
Same rule applies to DMZ. If you configure security level 50 for DMZ, 100 for inside and 0 for outside:
- Traffic from DMZ towards inside will not be allowed by default
- Traffic from DMZ towards outside will be allowed by default
and again, that assumes NAT and routing is configured.
07-09-2010 11:48 PM
Thanks A lot..Halijenn...thats verrry much helpful...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide