Logical ASA firewall interfaces must have ip address, security-level and nameif configured to work. Security levels are numbered from 0 to 100.
- Traffic is allowed to pass from higher to lower security level interface by default.
- Traffic is denied from lower to higher security level by default.
To change above behaviour ACLs must be used. Term “traffic” means initiated session. ASA “understands” sessions and treats packet flows as whole sessions. So term “Traffic allowed from higher to lower interface” means: session that is initiated from higher to lower interface direction.
The nameif is your custom name for particular logical interface. You can think of it as a security zone thus give it the meaningful name as a best practice.
To set the nameif and security level issue following commands:
ASA#configure terminal
ASA(config)#interface GigabitEthernet0/3
ASA(config-if)#nameif DMZ
ASA(config-if)#security-level 50
ASA(config-if)#ip address 2.2.2.2 255.255.255.0
ASA(config-if)#no shutdown