11-04-2005 02:14 PM - edited 03-09-2019 12:56 PM
If the Pix inside interface is configured for security, value of 100, while for the outside interface, a security value of 0:
1) What does this 0 and 100 mean? Any number in between such as 30, 50, 70, 90?
2) In terms of inbounding and outbounding, what does this 0 and 100 mean? My understanding, all the outbounding is allowed; But the inbounding from the external network, is only allowed to pass through the outside interface, but none is allowed to through the inside interface--Is this understanding correct?
Thanks to help.
Scott
Solved! Go to Solution.
11-04-2005 10:04 PM
the number means the security level, the highest is 100 and the lowest is 0.
pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.
with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.
alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).
that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).
11-04-2005 10:04 PM
the number means the security level, the highest is 100 and the lowest is 0.
pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.
with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.
alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).
that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).
04-27-2017 10:16 AM
Hi Jakko,
Give me some initial steps to configure cisco ASA 5501
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide