cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
580
Views
0
Helpful
2
Replies

security context in ASA 5520

hi

may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips

karthik

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

karthikgopi wrote:

hi

may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips

karthik

Karthik

Think of it as a virtual firewall. So you have the physical firewall device eg. an ASA 5520 device.  When you use contexts on a firewall you are using the same physical device but you can create multiple virtual firewalls. Each virtual firewall has it's own interfaces, although interfaces can be shared between contexts, it's own access-lists, it's own NAT rules etc.

A good use for contexts would be if you were a service provider where you could allocate a security context to each customer which keeps the configuration of each customer independant of the other customers.

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

View solution in original post

Hi,

Now the ASAs can be virtualized. This means that you can create security contexts in the same physical ASA, to allow one single ASA to act as multiple standalone firewalls.

Depending on the model and the license, you can create from 2 up to 250 security contexts.

Each context behaves as its own standalone firewall with its own firewall rules, NAT, routing, etc.

But there are some restrictions as well, for example can't use IPsec VPNs when in multiple mode.

You might want to read a bit and see if multiple mode will help for your scenario.

You can share interfaces or not, use overlapping addresses, in short is a very robust feature but with limitations.

Federico.

View solution in original post

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

karthikgopi wrote:

hi

may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips

karthik

Karthik

Think of it as a virtual firewall. So you have the physical firewall device eg. an ASA 5520 device.  When you use contexts on a firewall you are using the same physical device but you can create multiple virtual firewalls. Each virtual firewall has it's own interfaces, although interfaces can be shared between contexts, it's own access-lists, it's own NAT rules etc.

A good use for contexts would be if you were a service provider where you could allocate a security context to each customer which keeps the configuration of each customer independant of the other customers.

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Hi,

Now the ASAs can be virtualized. This means that you can create security contexts in the same physical ASA, to allow one single ASA to act as multiple standalone firewalls.

Depending on the model and the license, you can create from 2 up to 250 security contexts.

Each context behaves as its own standalone firewall with its own firewall rules, NAT, routing, etc.

But there are some restrictions as well, for example can't use IPsec VPNs when in multiple mode.

You might want to read a bit and see if multiple mode will help for your scenario.

You can share interfaces or not, use overlapping addresses, in short is a very robust feature but with limitations.

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: