Hello,
If you are studying about Cisco ASA, then it is very important to understand the idea of Cisco ASA Security Levels.
The idea behind security level is about trusting traffic from one interface to another. In other words, is the traffic allowed to pass from one interface to another or not?
Cisco recommends using names for each interface when assigning IP addresses to the interfaces (ex, inside, outside, DMZ, ...etc). When using the inside for an interface, it will be automatically give a security level of 100, all other interfaces will be give a security level of 0. Notice that the security level can be changed on each interface. Here is the summary of Cisco ASA Security Levels:
If you are studying about Cisco ASA, then it is very important to understand the idea of Cisco ASA Security Levels.
The idea behind security level is about trusting traffic from one interface to another. In other words, is the traffic allowed to pass from one interface to another or not?
Cisco recommends using names for each interface when assigning IP addresses to the interfaces (ex, inside, outside, DMZ, ...etc). When using the inside for an interface, it will be automatically give a security level of 100, all other interfaces will be give a security level of 0. Notice that the security level can be changed on each interface. Here is the summary of Cisco ASA Security Levels:
- The security level is ranged between (0-100)
- The higher security level has a greater amount of trust (Traffic can move from a higher security level to a lower security level)
- Traffic from a lower security level is not permitted to a higher security level.
- The traffic is not permitted between the interfaces with the same security level
- The inside interface is always given the highest security level (100)
If you are still confused, the easy way to remember is to use the following quote
"Low to High, let the packet die! High to Low, go"
So, how to let the traffic not to die is in the next lesson Insha' Allah.
