Manualshelf

Specifications

ManualsBrandsCisco ManualsHome building and DecorPIX 525
41424344454647484950
3-2
Cisco Security Appliance Command Line Configuration Guide
OL-6721-01
Chapter 3 Enabling Multiple Context Mode
Security Context Overview
Common Uses for Security Contexts
You might want to use multiple security contexts in the following situations:
You are a service provider and want to sell security services to many customers. By enabling
multiple security contexts on the security appliance, you can implement a cost-effective,
space-saving solution that keeps all customer traffic separate and secure, and also eases
configuration.
You are a large enterprise or a college campus and want to keep departments completely separate.
You are an enterprise that wants to provide distinct security policies to different departments.
You have any network that requires more than one security appliance.
Unsupported Features
Multiple context mode does not support the following features:
Dynamic routing protocols
Security contexts support only static routes. You cannot enable OSPF or RIP in multiple context
mode.
VPN
Multicast
Context Configuration Files
Each context has its own configuration file that identifies the security policy, interfaces, and, for
supported features, all the options you can configure on a standalone device. You can store context
configurations on the internal Flash memory, or you can download them from a TFTP, FTP, or HTTP(S)
server.
In addition to individual security contexts, the security appliance also includes a system configuration
that identifies basic settings for the security appliance, including a list of contexts. Like the single mode
configuration, this configuration resides as the startup configuration.
The system configuration does not include any network interfaces or network settings for itself; rather,
when the system needs to access network resources (such as downloading the contexts from a server), it
uses one of the contexts that is designated as the admin context. The system configuration does include
a specialized failover interface for failover traffic only. If your system is already in multiple context
mode, or if you convert from single mode, the admin context is created automatically as a file on the
internal Flash memory called admin.cfg. This context is named “admin.” If you do not want to use
admin.cfg as the admin context, you can change the admin context.