security context in ASA 5520

Answered Question
Mar 30th, 2010
User Badges:

hi


may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips



karthik

Correct Answer by Federico Coto F... about 7 years 3 months ago

Hi,


Now the ASAs can be virtualized. This means that you can create security contexts in the same physical ASA, to allow one single ASA to act as multiple standalone firewalls.


Depending on the model and the license, you can create from 2 up to 250 security contexts.

Each context behaves as its own standalone firewall with its own firewall rules, NAT, routing, etc.

But there are some restrictions as well, for example can't use IPsec VPNs when in multiple mode.


You might want to read a bit and see if multiple mode will help for your scenario.

You can share interfaces or not, use overlapping addresses, in short is a very robust feature but with limitations.


Federico.

Correct Answer by Jon Marshall about 7 years 3 months ago

karthikgopi wrote:


hi


may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips



karthik


Karthik


Think of it as a virtual firewall. So you have the physical firewall device eg. an ASA 5520 device.  When you use contexts on a firewall you are using the same physical device but you can create multiple virtual firewalls. Each virtual firewall has it's own interfaces, although interfaces can be shared between contexts, it's own access-lists, it's own NAT rules etc.


A good use for contexts would be if you were a service provider where you could allocate a security context to each customer which keeps the configuration of each customer independant of the other customers.


Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 03/30/2010 - 12:15
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

karthikgopi wrote:


hi


may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips



karthik


Karthik


Think of it as a virtual firewall. So you have the physical firewall device eg. an ASA 5520 device.  When you use contexts on a firewall you are using the same physical device but you can create multiple virtual firewalls. Each virtual firewall has it's own interfaces, although interfaces can be shared between contexts, it's own access-lists, it's own NAT rules etc.


A good use for contexts would be if you were a service provider where you could allocate a security context to each customer which keeps the configuration of each customer independant of the other customers.


Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Correct Answer
Federico Coto F... Tue, 03/30/2010 - 12:16
User Badges:
  • Green, 3000 points or more

Hi,


Now the ASAs can be virtualized. This means that you can create security contexts in the same physical ASA, to allow one single ASA to act as multiple standalone firewalls.


Depending on the model and the license, you can create from 2 up to 250 security contexts.

Each context behaves as its own standalone firewall with its own firewall rules, NAT, routing, etc.

But there are some restrictions as well, for example can't use IPsec VPNs when in multiple mode.


You might want to read a bit and see if multiple mode will help for your scenario.

You can share interfaces or not, use overlapping addresses, in short is a very robust feature but with limitations.


Federico.

Actions

This Discussion