ASA Security Contexts Tidbit

In this tidbit I want to explain what Cisco ASA Security Contexts are in this blog. A very plain & simple way to put it, security contexts are a way to logically divide the ASA into multiple logical firewalls. It is important to understand that the segregated ASA contexts operate with their own interfaces, rules, administrators, etc.

There are 3 main contexts types that you need be aware of:

  1. System Context = default context

  2. Admin Context = used for management on the hardware (ASA)

  3. Normal Context = Active virtual firewall

To break things down a bit further: System context is what is used to manage/deploy other contexts. It also allows us to implement high availability & physical port assignments. The admin context is the first context that actually counts against consuming a license & must be deployed prior to deploying other normal contexts. Administrators who have access to it have access to other contexts too. Lastly, the normal context is just the type name that defines a virtual firewall that will get used to manage traffic, etc.

Oh, and an important thing to note is that by default the ASA supports two contexts so if you want more you need a license :)

When it comes to having multiple contexts note that there is only one system & one admin context. You can have multiple "normal" contexts. When deploying security contexts there are 3 main components required for deployment:

  • Context name.

  • Location of context's startup configuration. Note that the configuration for each context is also known as a configlet.

  • Interface allocation.

Note that there are additional items that can be configured, but those 3 are the bare minimums.

To see more about configuring contexts, how packets are forwarded, & types of deployments see more posts via the asa tag. Cheers!


Recent Posts

See All

ASA MultiContext Mode Packet Classification Tidbit

In order to understand how traffic flows through the segregated contexts it is important to understand how the ASA determines the context in which it will send the packets. This process is known as c

Fundamentals of PKI Tidbit

I want to touch on some of the fundamentals and standards involved with PKI to give us an overview of what things are/mean. To start let's cover what the standards are. So you have probably seen or

BGP Peer Groups Tidbit

I want to touch on BGP peer groups in this tidbit to explain what they are & why they are important. Peer groups in BGP can greatly simplify configuration when BGP neighbors share a lot of the same ou