Security Context Overview; Asa Sm Failover Mechanism; Active-Active Failover; Active-Standby Failover - Cisco 7600 Series Module Manual

Hide thumbs Also See for 7600 Series:

Hardware installation manual (144 pages)

Hardware manual (122 pages)

Manual (70 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

Table of Contents

Chapter 16

Adaptive Security Appliance Services Module

Security Context Overview

You can partition a single ASA SM into multiple virtual devices, known as security contexts. Each

context is an independent device, with its own security policy, interfaces, and administrators. Multiple

contexts are equivalent to multiple standalone devices. Multiple context mode supports multiple

features, routing tables, firewall features, IPS, and management. VPN and dynamic routing protocols are

not supported.

In the multiple context mode, ASA SM includes a configuration for each context that identifies the

security policy, interfaces, and most options you can configure on a standalone device. System

administrators configure contexts to add and manage them in the system configuration.

The following are characteristics of the system configuration:

•

ASA SM Failover Mechanism

Failover supports redundancy in ASA SMs. The failover mechanism helps you configure two ASA SMs.

If an ASA SM fails, the redundant ASA SM starts functioning.

ASA SM supports two failover configurations:

•

Active-Active failover

Active-Active failover is only available on units that run in the multiple context mode. In this failover,

both units can pass network traffic. This failover lets you configure load balancing on your network.

Active-Standby failover

Active-Standby failover is available on units that run in either the single or multiple context mode.

In this failover, one unit passes traffic while the other unit waits in a standby state.

Support on Chassis

ASA SM works with other modules in the router chassis to deliver robust security throughout the entire

chassis, effectively making every port a security port. ASA SM and the Firewall Services Module can

run simultaneously in the same chassis.

OL-9392-05

Like a single mode configuration, the system configuration is the startup configuration.

System configuration identifies the basic settings for ASA SM.

System configuration does not include any network interfaces or network settings for itself. When

the system needs to access network resources (such as downloading the contexts from the server), it

uses one of the contexts that is designated as the administrator context. The administrator context is

just like any other context. However, it gives the user who logs into the admin context system

administrator rights to access the system and all other contexts.

Active-Active failover

Active-Standby failover

Security Context Overview

Cisco 7600 Series Routers Module Guide

16-5

Table of Contents

Security Context Overview; Asa Sm Failover Mechanism; Active-Active Failover; Active-Standby Failover - Cisco 7600 Series Module Manual

Security Context Overview

ASA SM Failover Mechanism

Active-Active failover

Active-Standby failover

Support on Chassis

Related Manuals for Cisco 7600 Series

Related Content for Cisco 7600 Series

Table of Contents