Configuring the interfaces (ports) are very similar to a Cisco router, however there are two additional commands we need. On the ASA, we need to tell the ASA the zone and trust level for each interface we going to assign an IP address on. As discussed earlier, the ASA needs to understand whether to allow traffic to flow between interfaces (zones) or not. We can using the following commands to configure the interfaces on the ASA respectively:
ASA-1(config)# interface gigabitethernet 0
ASA-1(config-if)# nameif Inside
ASA-1(config-if)# security-level 100
ASA-1(config-if)# ip address 192.168.2.1 255.255.255.0
ASA-1(config-if)# no shutdown
ASA-1(config-if)# exit
ASA-1(config)# interface gigabitethernet 1
ASA-1(config-if)# nameif Outside
ASA-1(config-if)# security-level 0
ASA-1(config-if)# ip address 200.1.1.2 255.255.255.252
ASA-1(config-if)# no shutdown
ASA-1(config-if)# exit
Using the nameif Inside command on an interface places a security level of 100 by default. The same concept would apply if nameif Outside is used on an interface, setting a security level of 0 by default.
Let's verify the configurations on the interfaces of the ASA.
Use the following commands will verify the available interfaces, IP address assignment, and the Layer 1 (Physical layer) and Layer 2 (Data Link layer) statuses:
ASA-1(config)# show interface ip brief
The show ip address command provides us with the interface ID, interface name, IP address, subnet mask, and method by which the interface received the IP address information:
Using the show running-config interface command displays the configurations under all the interfaces in the running-config on the ASA:
ASA-1# show running-config interface
!
interface GigabitEthernet0
nameif Inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1
nameif Outside
security-level 0
ip address 200.1.1.2 255.255.255.252
!