Chapter 7 Configuring Interface Parameters; Security Level Overview - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring Interface Parameters
This chapter describes how to configure each interface (physical, redundant, or subinterface) for a name,
security level, and IP address.
•
•
To configure interfaces for the ASA 5505 adaptive security appliance, see
Note
Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance."
This chapter includes the following sections:
•
•
•
Security Level Overview
Each interface must have a security level from 0 (lowest) to 100 (highest). For example, you should
assign your most secure network, such as the inside host network, to level 100. While the outside
network connected to the Internet can be level 0. Other networks, such as DMZs can be in between. You
can assign interfaces to the same security level. See the
on the Same Security Level" section on page 7-7
The level controls the following behavior:
•
OL-12172-03
For single context mode, the procedures in this chapter continue the interface configuration started
in
Chapter 5, "Configuring Ethernet Settings, Redundant Interfaces, and Subinterfaces."
For multiple context mode, the procedures in
Interfaces, and Subinterfaces,"
in this chapter are performed within each security context.
Security Level Overview, page 7-1
Configuring Interface Parameters, page 7-2
Allowing Communication Between Interfaces on the Same Security Level, page 7-7
Network access—By default, there is an implicit permit from a higher security interface to a lower
security interface (outbound). Hosts on the higher security interface can access any host on a lower
security interface. You can limit access by applying an access list to the interface.
For same security interfaces, there is an implicit permit for interfaces to access other interfaces on
the same security level or lower.
C H A P T E R
Chapter 5, "Configuring Ethernet Settings, Redundant
are performed in the system execution space, while the procedures
"Allowing Communication Between Interfaces
for more information.
Cisco Security Appliance Command Line Configuration Guide
7
Chapter 4, "Configuring
7-1
Advertisement
Table of Contents
Troubleshooting
