Pages

Tuesday, 8 May 2012

Policy Implementation in Cisco ASA

Policy Implementation in Cisco ASA

The security algorithm is responsible for implementing and enforcing your security policies.
The algorithm uses a tiered hierarchy that allows you to implement multiple levels
of security. To accomplish this, each interface on the appliance is assigned a security level
number from 0 to 100, where 0 is the least secure and 100 is the most secure. The algorithm
uses these security levels to enforce its default policies.

Here are the four default security policy rules for traffic as it flows through the appliance:
Traffic flowing from a higher-level security interface to a lower one is permitted by default.
Traffic flowing from a lower-level security interface to a higher one is denied by default.
Traffic flowing from one interface to another with the same security level is denied by default.
Traffic flowing into and then out of the same interface is denied by default.

No comments:

Post a Comment