Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 7.2 Adding a context in a multiple context environment

Hi,

On my production environment I have a firewall with already two contexts defined (15% of CPU used) and I want to add a new one.

This context is going to use the same interfaces as the others contexts. When I will enable the context, can I have some sort of repercussion on these two context ?

Thanks for your help.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

ASA 7.2 Adding a context in a multiple context environment

Hi,

Unless you have checked already, make sure that you have a license that enables you to use more than 2 Security Contexts on the ASA

Use the "show version" command on the system context configuration mode

The command "show context count" in system context configuration mode also shows the used context amount.

To make a new context, using the command "context " should be enough to create the context on the ASA. Use this command in system context configuration mode.

After this you should allocate the interfaces to the context with the command "allocate-interface "

Why would you have all the same interfaces on the new context compared to the old ones?

Or do you mean you have trunk interfaces on the ASA and you have subinterfaces attached to the contexts?

- Jouni

3 REPLIES
Super Bronze

ASA 7.2 Adding a context in a multiple context environment

Hi,

Unless you have checked already, make sure that you have a license that enables you to use more than 2 Security Contexts on the ASA

Use the "show version" command on the system context configuration mode

The command "show context count" in system context configuration mode also shows the used context amount.

To make a new context, using the command "context " should be enough to create the context on the ASA. Use this command in system context configuration mode.

After this you should allocate the interfaces to the context with the command "allocate-interface "

Why would you have all the same interfaces on the new context compared to the old ones?

Or do you mean you have trunk interfaces on the ASA and you have subinterfaces attached to the contexts?

- Jouni

New Member

ASA 7.2 Adding a context in a multiple context environment

Thanks a lot you for your help.

With the interfaces I meant a trunk with some subinterfaces and 4 subinterfaces are going to be shared between two contexts.

I just verified the licence problem and I have a 2 context licences so the solution I thought I will not be able to implement it.

I will continue to investigate how I could fix this issue without creating any outage.

Regards.

Super Bronze

Re: ASA 7.2 Adding a context in a multiple context environment

Hi,

I think the next available license in your case would be for 5 Security Context license.

Though actually you have at your disposal 3 Security Contexts at the moment.

Theres a context named "admin" on your device and it DOESNT get counted towards the limit of 2.

Naturally it is not intended to be used as anything else than providing management access to the device.

I have never used it for anything else than bringing the management connection to the ASA itself but  I guess it would be possible to use as 3rd context but as I said its probably not the best solution.

- Jouni

261
Views
0
Helpful
3
Replies