Cisco ASA Security Zones

Note: This is a guest post by Ahmed Mukhtar, CCIE# 56428 on Cisco ASA Security Zones. We are pleased to have his wonderful tutorials shared on our blog once again.

In this post, Ahmed first explains security levels on Cisco ASA firewall and then shows how to configure them in order to allow or block your trusted or untrusted traffic from an interface. 

Before delving further into firewall security zones, I would like to share a brief introduction about trust levels. Security levels are basically defined and applied to set a level of trust to an interface. They can range from values between 0 to 100 where 0 is the least trusted and 100 is the most trusted level. By default, an interface has level 0 and is considered as untrusted. The most common example is the outside interface as you can’t trust anybody from outside unless specified. Similarly, the inside interface is always the most trusted and hence, gets assigned a security level of 100.

Lastly, traffic flow is allowed from an interface with a higher security level to an interface with a lower security level, provided no ACL is applied to the interface. On the contrary, traffic from a lower interface to a higher interface will be denied.

Ahmed has explained these concepts, their configurations and more in detail in the following videos.

Cisco ASA Security Zones – Part 1

Cisco ASA Security Zones – Part 2

In case you have any queries or would like to follow Ahmed, please subscribe to his Youtube channel called, Doctor Networks.

The following two tabs change content below.

Ahmed Mukhtar

Team Lead Networks, CCIE# 56428 (R&S)
Ahmed Mukhtar is CCIE RS (CCIE# 56428) certified and has a vast amount of experience in Cisco technologies. He is currently working as Team Lead Networks for a leading technology provider of products, services and solutions in Pakistan. In case of any questions or feedback, please feel free to follow him on his Youtube channel, Doctor Networks.

Latest posts by Ahmed Mukhtar (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *