From: Tyson Scott (tscott@ipexpert.com)
Date: Tue Jul 22 2008 - 16:02:40 ART
Chris,
0 is lower than 100. That is the way you should think of it. 0 is the
lowest so it requires the most security. >0 is a higher security interface
thus requires less security than the 0 interface.
This becomes important to understand in terms of NAT because in old pix
world any time you went from a lower security interface to a higher security
interface it required nat, or nat exemption. In ASA though it is no longer
true because you can turn off nat control but it is important to understand
the principle.
Regards,
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: tscott@ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Christopher Copley
Sent: Tuesday, July 22, 2008 2:22 PM
To: Hoogen
Cc: Cisco certification
Subject: Re: ASA Port forwarding
I dont think that your understanding my question. My question was in
respond to Brian saying the following...
"It should be the higher security interface, the lower security interface,
the lower, then the high again."
In the terms Higher security interface and lower security interface. In my
mind if you have an outside (public facing interface) the security level is
0. But that in my way of thinking is a Higher Security interface, because
you need MORE security on that interface to keep people on the outsie
comming in. And on the internal inside (LAN facing interface) with the
security level being 100 that you need less security b/c you are not worried
about what goes out of it. Is that a correct way of thinking of Higher and
lower security interface or not?
Chris
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART