Cisco ASA 5505 User Manual

5-21

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 5 Configuring Multiple Context Mode

Configuring Multiple Contexts

Step 4

config-url

url

Example:

hostname(config-ctx)# config-url

ftp://user1:[email protected]/configlets/t

est.cfg

Identifies the URL from which the system downloads the context
configuration. When you add a context URL, the system
immediately loads the context so that it is running, if the
configuration is available.

Note

Enter the allocate-interface command(s) before you
enter the config-url command. If you enter the config-url
command first, the ASA loads the context configuration
immediately. If the context contains any commands that
refer to (not yet configured) interfaces, those commands
fail.

The filename does not require a file extension, although we
recommend using “.cfg”. The server must be accessible from the
admin context. If the configuration file is not available, you see
the following message:

WARNING: Could not fetch the URL disk:/url

INFO: Creating context with default config

For non-HTTP(S) URL locations, after you specify the URL, you
can then change to the context, configure it at the CLI, and enter
the write memory command to write the file to the URL location.
(HTTP(S) is read only).

Note

The admin context file must be stored on the internal flash
memory.

Available URL types include: disknumber (for flash memory),
ftp, http, https, or tftp.

To change the URL, reenter the config-url command with a new
URL. See the

“Changing the Security Context URL” section on

page 5-25

for more information about changing the URL.

Step 5

(Optional)

member

class_name

Example:

hostname(config-ctx)# member gold

Assigns the context to a resource class. If you do not specify a
class, the context belongs to the default class. You can only assign
a context to one resource class.

Step 6

(Optional)

join-failover-group

{1 | 2)

Example:

hostname(config-ctx)# join-failover-group

2

Assigns a context to a failover group in Active/Active failover. By
default, contexts are in group 1. The admin context must always
be in group 1.

See the

“Configuring the Primary Failover Unit” section on

page 63-8

for detailed information about failover groups.

Step 7

(Optional)

allocate-ips

sensor_name [mapped_name]

[default]

Example:

hostname(config-ctx)# allocate-ips sensor1

highsec

Assigns an IPS virtual sensor to this context if you have the AIP
SSM installed.

See the

“Assigning Virtual Sensors to a Security Context (ASA

5510 and Higher)” section on page 58-15

for detailed information

about virtual sensors.

Command

Purpose