Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

security context in ASA 5520

hi

may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips

karthik

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: security context in ASA 5520

karthikgopi wrote:

hi

may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips

karthik

Karthik

Think of it as a virtual firewall. So you have the physical firewall device eg. an ASA 5520 device.  When you use contexts on a firewall you are using the same physical device but you can create multiple virtual firewalls. Each virtual firewall has it's own interfaces, although interfaces can be shared between contexts, it's own access-lists, it's own NAT rules etc.

A good use for contexts would be if you were a service provider where you could allocate a security context to each customer which keeps the configuration of each customer independant of the other customers.

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Re: security context in ASA 5520

Hi,

Now the ASAs can be virtualized. This means that you can create security contexts in the same physical ASA, to allow one single ASA to act as multiple standalone firewalls.

Depending on the model and the license, you can create from 2 up to 250 security contexts.

Each context behaves as its own standalone firewall with its own firewall rules, NAT, routing, etc.

But there are some restrictions as well, for example can't use IPsec VPNs when in multiple mode.

You might want to read a bit and see if multiple mode will help for your scenario.

You can share interfaces or not, use overlapping addresses, in short is a very robust feature but with limitations.

Federico.

2 REPLIES
Hall of Fame Super Blue

Re: security context in ASA 5520

karthikgopi wrote:

hi

may be it is a basic question but can anyone let me know what is actually a security context means when it comes to firewall or ips

karthik

Karthik

Think of it as a virtual firewall. So you have the physical firewall device eg. an ASA 5520 device.  When you use contexts on a firewall you are using the same physical device but you can create multiple virtual firewalls. Each virtual firewall has it's own interfaces, although interfaces can be shared between contexts, it's own access-lists, it's own NAT rules etc.

A good use for contexts would be if you were a service provider where you could allocate a security context to each customer which keeps the configuration of each customer independant of the other customers.

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Re: security context in ASA 5520

Hi,

Now the ASAs can be virtualized. This means that you can create security contexts in the same physical ASA, to allow one single ASA to act as multiple standalone firewalls.

Depending on the model and the license, you can create from 2 up to 250 security contexts.

Each context behaves as its own standalone firewall with its own firewall rules, NAT, routing, etc.

But there are some restrictions as well, for example can't use IPsec VPNs when in multiple mode.

You might want to read a bit and see if multiple mode will help for your scenario.

You can share interfaces or not, use overlapping addresses, in short is a very robust feature but with limitations.

Federico.

311
Views
0
Helpful
2
Replies
CreatePlease to create content