Information About Security Contexts
Common Uses for Security Contexts
You might want to use multiple security contexts in the following situations:
•
•
•
•
Context Configuration Files
This section describes how the adaptive security appliance implements multiple context mode
configurations and includes the following sections:
•
•
•
Context Configurations
The adaptive security appliance includes a configuration for each context that identifies the security
policy, interfaces, and almost all the options you can configure on a standalone device. You can store
context configurations on the internal flash memory or the external flash memory card, or you can
download them from a TFTP, FTP, or HTTP(S) server.
System Configuration
The system administrator adds and manages contexts by configuring each context configuration location,
allocated interfaces, and other context operating parameters in the system configuration, which, like a
single mode configuration, is the startup configuration. The system configuration identifies basic
settings for the adaptive security appliance. The system configuration does not include any network
interfaces or network settings for itself; rather, when the system needs to access network resources (such
as downloading the contexts from the server), it uses one of the contexts that is designated as the admin
context. The system configuration does include a specialized failover interface for failover traffic only.
Admin Context Configuration
The admin context is just like any other context, except that when a user logs in to the admin context,
then that user has system administrator rights and can access the system and all other contexts. The
admin context is not restricted in any way, and can be used as a regular context. However, because
logging into the admin context grants you administrator privileges over all contexts, you might need to
restrict access to the admin context to appropriate users. The admin context must reside on flash memory,
and not remotely.
Cisco ASA 5500 Series Configuration Guide using ASDM
6-2
You are a service provider and want to sell security services to many customers. By enabling
multiple security contexts on the adaptive security appliance, you can implement a cost-effective,
space-saving solution that keeps all customer traffic separate and secure, and also eases
configuration.
You are a large enterprise or a college campus and want to keep departments completely separate.
You are an enterprise that wants to provide distinct security policies to different departments.
You have any network that requires more than one adaptive security appliance.
Context Configurations, page 6-2
System Configuration, page 6-2
Admin Context Configuration, page 6-2
Chapter 6
Configuring Multiple Context Mode
OL-20339-01