ASA Security Levels Even though we have the ability to configure Global and Interface ACLs on the Cisco ASA, Security Levels are still a key element to understand. Security Levels control the default behavior of transit traffic on the ASA. The rules are simple . q Each interface gets a security level. q Transit traffic can go from a higher to a lower security level, which creates an entry in the state table and allows for return traffic. q Transit traffic from a lower to a higher security level is denied by default. So , assuming the diagram below we can understand default traffic behavior. In our above topology,  outbound  traffic can transit the ASA from: 1. The DMZ to the OUTSIDE 2. The INSIDE to the DMZ 3. The INSIDE to the OUTSIDE Additionally,  inbound  traffic would be denied if it were: 1. OUTSIDE to DMZ 2. OUTSIDE to INSIDE 3. DMZ to INSIDE Security level 100 — The highest pos...