Within the Cisco Firewall family (PIX/ASA) there are 2 security features known as Security Levels and NAT Control.
Security levels are numeric values (between 0 and 100) which are assigned to the firewalls interfaces and used to control traffic flows. Traffic is allowed to pass from a higher security level to a lower security level but not vice-versa. To allow traffic from a lower security level to a higher security level an access-list is required. By default the security level for the outside interface is 0 and the inside interface 100.
Below provides an example on how to explicitly configure an interface security level.
asa(config)# interface eth2
asa(config-if)# nameif dmz
asa(config-if)# security-level 50
NAT Control mandates that any traffic transversing from a higher security level to a lower security level must match a NAT rule.
Belows provides an example on how to disable NAT Control
asa(config)# no nat-control
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial