US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • Cisco ASA: Security level and nameif

    Design & Configure

    Cisco ASA: Security level and nameif

    Technology: Network Security
    Area: Firewalls
    Vendor: Cisco
    Software: 8.X, 9.X
    Platform: Cisco ASA



    Ready to migrate from ASA to a supported firewall solution


    Each logical ASA interface must have an IP address, security level and nameif configured to work. Security levels are numbered from 0 to 100. Traffic is allowed to pass from higher to lower security-level interfaces by default. Traffic is denied from lower to higher security levels by default. To change this behavior ACLs must be used. The term “traffic” means a session being initiated. ASA “understands” sessions and treats packet flows as whole sessions. So the term “Traffic allowed from higher to lower interface” means a session that is initiated from higher to lower interface direction. The nameif is your custom name for a particular logical interface. You can think of it as a security zone thus giving it the meaningful name as a best practice.

    To set the nameif and security level issue following commands:

    ASA#configure terminal
    ASA(config)#interface GigabitEthernet0/0
    ASA(config-if)#nameif outside
    ASA(config-if)#security-level 10
    ASA(config-if)#ip address 
    ASA(config-if)#no shutdown




    Author: Marcin Bialy