Menu

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

  • en
  • pl
  • Cisco ASA: Security level and nameif

    Design & Configure

    Cisco ASA: Security level and nameif

    Technology: Network Security
    Area: Firewalls
    Vendor: Cisco
    Software: 8.X, 9.X
    Platform: Cisco ASA

     

    ASA migration options

     

    Each logical ASA interface must have an IP address, security level and nameif configured to work. Security levels are numbered from 0 to 100. Traffic is allowed to pass from higher to lower security-level interfaces by default. Traffic is denied from lower to higher security levels by default. To change this behavior ACLs must be used. The term “traffic” means a session being initiated. ASA “understands” sessions and treats packet flows as whole sessions. So the term “Traffic allowed from higher to lower interface” means a session that is initiated from higher to lower interface direction. The nameif is your custom name for a particular logical interface. You can think of it as a security zone thus giving it the meaningful name as a best practice.

    To set the nameif and security level issue following commands:

    ASA#configure terminal
    ASA(config)#interface GigabitEthernet0/0
    ASA(config-if)#nameif outside
    ASA(config-if)#security-level 10
    ASA(config-if)#ip address 192.168.202.201 255.255.255.0 
    ASA(config-if)#no shutdown

     

     

     

    Author: Marcin Bialy
     
    Grandmetric