Interface Security Levels and the Default Security Policy
By default, a Cisco Security Appliance applies security levels to each interface. The more
secure the network segment, the higher the security number. Security levels range from 0 to
100. By default, 0 is applied to Ethernet 0 and is given the default name outside; 100 is
applied to Ethernet 1 and is given the default name inside. Any additional interfaces are
configured using the nameif command. The security level for these additional interfaces can
be from 1 to 99.
The Adaptive Security Algorithm (ASA) allows traffic from a higher security level to pass to
a lower security level without a specific rule in the security policy that allows the connection
as long as a nat/global or static command is configured for those interfaces. Any traffic that
passes from a lower security level to a higher security level must be allowed by the security
policy (that is, access lists or conduits). If two interfaces are assigned the same security level,
traffic cannot pass between those interfaces (this configuration is not recommended).