Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10317
Views
1
Helpful
2
Replies

Security level 0 - 100

Go to solution
otnj2ee
Level 1
Level 1

‎11-04-2005 02:14 PM - edited ‎03-09-2019 12:56 PM

If the Pix inside interface is configured for security, value of 100, while for the outside interface, a security value of 0:

1) What does this 0 and 100 mean? Any number in between such as 30, 50, 70, 90?

2) In terms of inbounding and outbounding, what does this 0 and 100 mean? My understanding, all the outbounding is allowed; But the inbounding from the external network, is only allowed to pass through the outside interface, but none is allowed to through the inside interface--Is this understanding correct?

Thanks to help.

Scott

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jackko
Level 7
Level 7

‎11-04-2005 10:04 PM

the number means the security level, the highest is 100 and the lowest is 0.

pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.

with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.

alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).

that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).

View solution in original post

2 Replies 2

Go to solution
jackko
Level 7
Level 7

‎11-04-2005 10:04 PM

the number means the security level, the highest is 100 and the lowest is 0.

pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.

with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.

alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).

that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).

Go to solution
subedi2009
Level 1
Level 1
In response to jackko

‎04-27-2017 10:16 AM

Hi Jakko,

Give me some initial steps to configure cisco ASA 5501

0 Helpful
Customers Also Viewed These Support Documents