ASA Security Contexts Tidbit

In this tidbit I want to explain what Cisco ASA Security Contexts are in this blog. A very plain & simple way to put it, security contexts are a way to logically divide the ASA into multiple logical firewalls. It is important to understand that the segregated ASA contexts operate with their own interfaces, rules, administrators, etc.


There are 3 main contexts types that you need be aware of:

  1. System Context = default context

  2. Admin Context = used for management on the hardware (ASA)

  3. Normal Context = Active virtual firewall

To break things down a bit further: System context is what is used to manage/deploy other contexts. It also allows us to implement high availability & physical port assignments. The admin context is the first context that actually counts against consuming a license & must be deployed prior to deploying other normal contexts. Administrators who have access to it have access to other contexts too. Lastly, the normal context is just the type name that defines a virtual firewall that will get used to manage traffic, etc.


Oh, and an important thing to note is that by default the ASA supports two contexts so if you want more you need a license :)


When it comes to having multiple contexts note that there is only one system & one admin context. You can have multiple "normal" contexts. When deploying security contexts there are 3 main components required for deployment:

  • Context name.

  • Location of context's startup configuration. Note that the configuration for each context is also known as a configlet.

  • Interface allocation.

Note that there are additional items that can be configured, but those 3 are the bare minimums.


To see more about configuring contexts, how packets are forwarded, & types of deployments see more posts via the asa tag. Cheers!


0 comments

Recent Posts

See All

In this tidbit I want to cover some high level notes on general trustsec items as well as some good-to-knows. A brief overview of what trustsec is: TrustSec provides scalable access controls by uniqu

In this tidbit I will cover some ESA nice-to-know CLI commands & their purposes: > status = view counters/gauges; counters are a total of various events in the system; gauges show current utilization