{"id":670,"date":"2012-04-25T07:18:09","date_gmt":"2012-04-25T07:18:09","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/04\/25\/cisco-asa-security-levels-nat-control\/"},"modified":"2021-07-24T18:16:57","modified_gmt":"2021-07-24T18:16:57","slug":"cisco-asa-security-levels-nat-control","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-security-levels-nat-control.html","title":{"rendered":"Cisco ASA – Security Levels \/ NAT Control"},"content":{"rendered":"
Within the Cisco Firewall family (PIX\/ASA) there are 2 security features known as Security Levels and NAT Control.<\/p>\n
Security levels are numeric values (between 0 and 100) which are assigned to the firewalls interfaces and used to control traffic flows. Traffic is allowed to pass from a higher security level to a lower security level but not vice-versa. To allow traffic from a lower security level to a higher security level an access-list is required. By default the security level for the outside interface is 0 and the inside interface 100.
Below provides an example on how to explicitly configure an interface security level.<\/p>\n
asa(config)# interface eth2
asa(config-if)# nameif dmz
asa(config-if)# security-level 50<\/p>\n
NAT Control mandates that any traffic transversing from a higher security level to a lower security level must match a NAT rule.
Belows provides an example on how to disable NAT Control<\/p>\n
asa(config)# no nat-control<\/p>\n","protected":false},"excerpt":{"rendered":"
Within the Cisco Firewall family (PIX\/ASA) there are 2 security features known as Security Levels and NAT Control. Security Levels Security levels are numeric values (between 0 and 100) which are assigned to the firewalls interfaces and used to control traffic flows. Traffic is allowed to pass from a higher security level to a lower … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"\n