Professional Documents
Culture Documents
The Cisco PIX and ASA firewall devices are hardware devices built specifically for firewalling, unlike
the firewall software running on routers which we have encountered in previous labs. The device
(or
being simulated) in this lab is a PIX 525, a medium to large enterprise device, with up to eight
10/100
Fast Ethernet interfaces, or three Gigabit interfaces.
Display the list of commands available in Privilege mode using ?
View the PIX configuration file with the command show running-config
Questions
Q: Which version of the ASA firewall Operating System is running?
Q: Compared to a router, which extra attributes can be defined for each interface of the ASA?
9.2.4 Configure Interfaces and Security Levels
ASA security devices use an algorithm called the Adaptive Security Algorithm (ASA), which allows
traffic to flow between the interfaces depending on the security level set on the interfaces
(related
to the trust levels for each attached network). The security trust level value can be set from 0 (the
lowest) to 100) the highest). By default the inside interface (trusted network) is set to 100, and the
outside interface (untrusted Internet) is set to 0. Other networks, such as DMZs are set to values
of
1-99.
By default, the ASA allows traffic to flow from a higher security level to a lower one, and between
levels with the same value, but blocks traffic flowing from a lower level to a higher one, as shown
in
the figure below.