Chapter 4
Configuring Security Contexts
Figure 4-4
address of a web server, and the FWSM classifies the packet to go through Context C because it includes
a static translation for the address. The other server sends the packet to the real untranslated address, and
the packet is dropped because the FWSM cannot classify it.
Figure 4-4
Management Access to Security Contexts
The FWSM provides system administrator access in multiple context mode as well as access for
individual context administrators. The following topics describe logging in as a system administrator or
as a context administrator:
•
•
System Administrator Access
You can access the FWSM as a system administrator in two ways:
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
shows two servers on an inside shared interface. One server sends a packet to the translated
Originating Traffic on a Shared Interface
www.example.com
Admin
Context
Context A
FWSM
FWSM
VLAN 200
VLAN 200
HTTP Packet
Dest. Address:
209.165.201.4
Syslog Server
System Administrator Access, page 4-9
Context Administrator Access, page 4-10
Session to the FWSM from the switch.
From the switch, you access the system execution space.
209.165.201.4
Internet
VLAN 100
Context B
Context C
FWSM
FWSM
VLAN 200
Shared
Network
VLAN 200
Dest. Address:
AAA Server
Security Context Overview
HTTP Packet
Dest. Address:
209.165.201.4
Static Translation
10.1.2.27
209.165.201.4
HTTP Packet
10.1.2.27
4-9