Cisco ASA - interface names

Discussion in 'Cisco' started by aleu@op.pl, Mar 29, 2009.

  1. Guest

    Perhaps a dumb question, but I need clarification on it.

    Many times on the Internet you can find articles describing different
    configurations (VPN, access lists etc.) where they refer to the
    interface as "outside" or "inside" (these words are being used in the
    device configuration itself.) How is this associated with physical
    firewall interfaces. I do not see binding between physical interface and
    the "outside" and "inside" keywords. Does one need to define the
    interfaces like:

    interface Ethernet0/0
    nameif outside
    interface Ethernet0/1
    nameif inside

    or perhaps this is achieved by defining the "security-level" e.g:
    security-level 100 (for inside) or security-level 0 (for outside)?

    Please clarify this for me.

    Thanks,
    AL
     
    , Mar 29, 2009
    #1
    1. Advertising

  2. Guest

    On 29 Mar, 19:17, "" <> wrote:
    > Perhaps a dumb question, but I need clarification on it.
    >
    > Many times on the Internet you can find articles describing different
    > configurations (VPN, access lists etc.) where they refer to the
    > interface as "outside" or "inside" (these words are being used in the
    > device configuration itself.) How is this associated with physical
    > firewall interfaces. I do not see binding between physical interface and
    > the "outside" and "inside" keywords. Does one need to define the
    > interfaces like:
    >
    > interface Ethernet0/0
    >         nameif outside
    > interface Ethernet0/1
    >         nameif inside
    >
    > or perhaps this is achieved by defining the "security-level" e.g:
    > security-level 100 (for inside) or security-level 0 (for outside)?
    >
    > Please clarify this for me.
    >
    > Thanks,
    > AL


    Hi Al,

    The "friendly" name for the interface is required and is associated
    with the interface by adding the "name ******" statement under the
    relivant interface configuation, You dont have to use inside and
    outside, you could use Public / Private for instance. A secutiry
    level is also required before you can enable an interface, security
    level 0 is the lowest and 100 the highest in terms of interfaces you
    trust. By default traffic from a higher security level interface can
    go out of a lower security interface, but for traffic to flow the
    other way access lists are required.

    I trust this makes sense,

    Stephen
     
    , Mar 29, 2009
    #2
    1. Advertising

  3. Guest

    wrote:
    > The "friendly" name for the interface is required and is associated
    > with the interface by adding the "name ******" statement under the
    > relivant interface configuation, You dont have to use inside and
    > outside, you could use Public / Private for instance. A secutiry
    > level is also required before you can enable an interface, security
    > level 0 is the lowest and 100 the highest in terms of interfaces you
    > trust. By default traffic from a higher security level interface can
    > go out of a lower security interface, but for traffic to flow the
    > other way access lists are required.


    Stephen,

    Thank you for the response. If I understand you correctly, one won't be
    able to bring the interface up if both "friendly name" and
    "security-level" are not specified? Once both are set and the interface
    is up, one can refer to it (in ACL etc.) via the defined friendly name?

    Thanks for the clarification,
    AL
     
    , Mar 29, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michele Franzoni

    CDP and interface names

    Michele Franzoni, Jul 1, 2005, in forum: Cisco
    Replies:
    0
    Views:
    443
    Michele Franzoni
    Jul 1, 2005
  2. linguafr
    Replies:
    1
    Views:
    448
    mcaissie
    Jun 4, 2007
  3. Michael Kuhn
    Replies:
    1
    Views:
    769
    Brian V
    Sep 1, 2007
  4. Tilman Schmidt
    Replies:
    1
    Views:
    2,698
    Thrill5
    Oct 22, 2008
  5. Replies:
    3
    Views:
    1,517
Loading...

Share This Page