Cisco ASA: Security level and nameif

Technology: Network Security
Area: Firewalls
Vendor: Cisco
Software: 8.X, 9.X
Platform: Cisco ASA

Each logical ASA interface must have an IP address, security level and nameif configured to work. Security levels are numbered from 0 to 100. Traffic is allowed to pass from higher to lower security-level interfaces by default. Traffic is denied from lower to higher security levels by default. To change this behavior ACLs must be used. The term “traffic” means a session being initiated. ASA “understands” sessions and treats packet flows as whole sessions. So the term “Traffic allowed from higher to lower interface” means a session that is initiated from higher to lower interface direction. The nameif is your custom name for a particular logical interface. You can think of it as a security zone thus giving it the meaningful name as a best practice.

To set the nameif and security level issue following commands:

ASA#configure terminal
ASA(config)#interface GigabitEthernet0/0
ASA(config-if)#nameif outside
ASA(config-if)#security-level 10
ASA(config-if)#ip address 192.168.202.201 255.255.255.0 
ASA(config-if)#no shutdown