Common uses for security contexts, Context configuration files, Context configurations – Cisco ASA 5505 User Manual
Page 202: System configuration, Admin context configuration
5-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 5 Configuring Multiple Context Mode
Information About Security Contexts
•
Information About Resource Management, page 5-8
•
Information About MAC Addresses, page 5-11
Common Uses for Security Contexts
You might want to use multiple security contexts in the following situations:
•
You are a service provider and want to sell security services to many customers. By enabling
multiple security contexts on the ASA, you can implement a cost-effective, space-saving solution
that keeps all customer traffic separate and secure, and also eases configuration.
•
You are a large enterprise or a college campus and want to keep departments completely separate.
•
You are an enterprise that wants to provide distinct security policies to different departments.
•
You have any network that requires more than one ASA.
Context Configuration Files
This section describes how the ASA implements multiple context mode configurations and includes the
following sections:
•
Context Configurations, page 5-2
•
System Configuration, page 5-2
•
Admin Context Configuration, page 5-2
Context Configurations
The ASA includes a configuration for each context that identifies the security policy, interfaces, and
almost all the options you can configure on a standalone device. You can store context configurations on
the internal flash memory or the external flash memory card, or you can download them from a TFTP,
FTP, or HTTP(S) server.
System Configuration
The system administrator adds and manages contexts by configuring each context configuration location,
allocated interfaces, and other context operating parameters in the system configuration, which, like a
single mode configuration, is the startup configuration. The system configuration identifies basic
settings for the ASA. The system configuration does not include any network interfaces or network
settings for itself; rather, when the system needs to access network resources (such as downloading the
contexts from the server), it uses one of the contexts that is designated as the admin context. The system
configuration does include a specialized failover interface for failover traffic only.
Admin Context Configuration
The admin context is just like any other context, except that when a user logs in to the admin context,
then that user has system administrator rights and can access the system and all other contexts. The
admin context is not restricted in any way, and can be used as a regular context. However, because