Cisco ASA - interface names

Perhaps a dumb question, but I need clarification on it.

Many times on the Internet you can find articles describing different configurations (VPN, access lists etc.) where they refer to the interface as "outside" or "inside" (these words are being used in the device configuration itself.) How is this associated with physical firewall interfaces. I do not see binding between physical interface and the "outside" and "inside" keywords. Does one need to define the interfaces like:

interface Ethernet0/0 nameif outside interface Ethernet0/1 nameif inside

or perhaps this is achieved by defining the "security-level" e.g: security-level 100 (for inside) or security-level 0 (for outside)?

Please clarify this for me.

Thanks, AL

Reply to
Loading thread data ...

Hi Al,

The "friendly" name for the interface is required and is associated with the interface by adding the "name ******" statement under the relivant interface configuation, You dont have to use inside and outside, you could use Public / Private for instance. A secutiry level is also required before you can enable an interface, security level 0 is the lowest and 100 the highest in terms of interfaces you trust. By default traffic from a higher security level interface can go out of a lower security interface, but for traffic to flow the other way access lists are required.

I trust this makes sense,


Reply to


Thank you for the response. If I understand you correctly, one won't be able to bring the interface up if both "friendly name" and "security-level" are not specified? Once both are set and the interface is up, one can refer to it (in ACL etc.) via the defined friendly name?

Thanks for the clarification, AL

Reply to
aleu Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.