CHAPT ER
5-1
Cisco ASA 5500 Series Configuration Guide using the CLI
5
Configuring Multiple Context Mode
This chapter describes how to configure multiple security contexts on the ASA and includes the
following sections:
Information About Security Contexts, page5-1
Licensing Requirements for Multiple Context Mode, page5-12
Guidelines and Limitations, page5-13
Default Settings, page5-14
Configuring Multiple Contexts, page5-14
Changing Between Contexts and the System Execution Space, page5-23
Managing Security Contexts, page5-23
Monitoring Security Contexts, page5-27
Configuration Examples for Multiple Context Mode, page5-38
Feature History for Multiple Context Mode, page 5-39

Information About Security Contexts

You can partition a single ASA into multiple virtual devices, known as security contexts. Each context
is an independent device, with its own security policy, interfaces, and administrators. Multiple contexts
are similar to having multiple standalone devices. Many features are supported in multiple context mode,
including routing tables, firewall features, IPS, and management. Some features are not supported,
including VPN and dynamic routing protocols.
Note When the ASA is configured for security contexts (for example, for Active/Active Stateful Failover),
IPsec or SSL VPN cannot be enabled. Therefore, these features are unavailable.
This section provides an overview of security contexts and includes the following topics:
Common Uses for Security Contexts, page5-2
Context Configuration Files, page5-2
How the ASA Classifies Packets, page5-3
Cascading Security Contexts, page5-6
Management Access to Security Contexts, page5-7