Cisco ASA Series Cli Configuration Manual page 229

Chapter 1 Configuring Multiple Context Mode
to other contexts. The exception is VPN resource types, which you cannot oversubscribe, so the
resources assigned to each context are guaranteed. To accommodate temporary bursts of VPN sessions
beyond the amount assigned, the ASA supports a "burst" VPN resource type, which is equal to the
remaining unassigned VPN sessions. The burst sessions can be oversubscribed, and are available to
contexts on a first-come, first-served basis.
Default Class
All contexts belong to the default class if they are not assigned to another class; you do not have to
actively assign a context to the default class.
If a context belongs to a class other than the default class, those class settings always override the default
class settings. However, if the other class has any settings that are not defined, then the member context
uses the default class for those limits. For example, if you create a class with a 2 percent limit for all
concurrent connections, but no other limits, then all other limits are inherited from the default class.
Conversely, if you create a class with a limit for all resources, the class uses no settings from the default
class.
For most resources, the default class provides unlimited access to resources for all contexts, except for
the following limits:
•
•
•
•
•
Telnet sessions—5 sessions. (The maximum per context.)
SSH sessions—5 sessions. (The maximum per context.)
IPsec sessions—5 sessions. (The maximum per context.)
MAC addresses—65,535 entries. (The maximum per context.)
VPN site-to-site tunnels—0 sessions. (You must manually configure the class to allow any VPN
sessions.)
Information About Security Contexts
Cisco ASA Series CLI Configuration Guide
1-9