Cascading security contexts – Cisco ASA 5505 User Manual
Page 206
5-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 5 Configuring Multiple Context Mode
Information About Security Contexts
For transparent firewalls, you must use unique interfaces.
shows a host on the Context B
inside network accessing the Internet. The classifier assigns the packet to Context B because the ingress
interface is Gigabit Ethernet 1/0.3, which is assigned to Context B.
Figure 5-3
Transparent Firewall Contexts
Cascading Security Contexts
Placing a context directly in front of another context is called cascading contexts; the outside interface
of one context is the same interface as the inside interface of another context. You might want to cascade
contexts if you want to simplify the configuration of some contexts by configuring shared parameters in
the top context.
Note
Cascading contexts requires that you configure unique MAC addresses for each context interface.
Because of the limitations of classifying packets on shared interfaces without MAC addresses, we do not
recommend using cascading contexts without unique MAC addresses.
Host
10.1.3.13
Host
10.1.2.13
Host
10.1.1.13
Context A
Context B
GE 1/0.3
GE 1/0.2
Admin
Context
GE 1/0.1
GE 0/0.3
GE 0/0.1
GE 0/0.2
Classifier
Inside
Customer A
Inside
Customer B
Internet
Admin
Network
92401