Security context overview – Cisco ASA 5505 User Manual

1-29

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 1 Introduction to the Cisco ASA 5500 Series

Security Context Overview

•

Authenticates users

•

Assigns user addresses

•

Encrypts and decrypts data

•

Manages security keys

•

Manages data transfer across the tunnel

•

Manages data transfer inbound and outbound as a tunnel endpoint or router

The ASA invokes various standard protocols to accomplish these functions.

Security Context Overview

You can partition a single ASA

into multiple virtual devices, known as security contexts. Each context

is an independent device, with its own security policy, interfaces, and administrators. Multiple contexts
are similar to having multiple standalone devices. Many features are supported in multiple context mode,
including routing tables, firewall features, IPS, and management. Some features are not supported,
including VPN and dynamic routing protocols.

In multiple context mode, the ASA includes a configuration for each context that identifies the security
policy, interfaces, and almost all the options you can configure on a standalone device. The system
administrator adds and manages contexts by configuring them in the system configuration, which, like
a single mode configuration, is the startup configuration. The system configuration identifies basic
settings for the ASA. The system configuration does not include any network interfaces or network
settings for itself; rather, when the system needs to access network resources (such as downloading the
contexts from the server), it uses one of the contexts that is designated as the admin context.

The admin context is just like any other context, except that when a user logs into the admin context,
then that user has system administrator rights and can access the system and all other contexts.