cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

8021
Views
1
Helpful
2
Replies
Beginner

Security level 0 - 100

If the Pix inside interface is configured for security, value of 100, while for the outside interface, a security value of 0:

1) What does this 0 and 100 mean? Any number in between such as 30, 50, 70, 90?

2) In terms of inbounding and outbounding, what does this 0 and 100 mean? My understanding, all the outbounding is allowed; But the inbounding from the external network, is only allowed to pass through the outside interface, but none is allowed to through the inside interface--Is this understanding correct?

Thanks to help.

Scott

1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: Security level 0 - 100

the number means the security level, the highest is 100 and the lowest is 0.

pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.

with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.

alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).

that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).

2 REPLIES 2
Rising star

Re: Security level 0 - 100

the number means the security level, the highest is 100 and the lowest is 0.

pix by default has inside interface set to 100; whereas outside interface set to 0. when configuring dmz interfaces, you can assign any number in between.

with pix v6.x, once configured nat/global statement, all traffic from higher security level to lower security level is permitted. i.e. no acl is required.

alternatively, traffic destined for higher security level from lower security level is not permitted, unless there is an acl in place (usually with static statements as well).

that's why it's common to say that pix by default permits all outbound traffic. in fact, it's more accurate to say that pix by default permits all traffic from higher security level to lower security level (for those pix has more than 2 interfaces).

Beginner

Hi Jakko,

Hi Jakko,

Give me some initial steps to configure cisco ASA 5501