5-9
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter5 Configuring Multiple Context Mode
Information About Security Contexts
Figure5-5 Resource Oversubscription
If you assign an absolute value to a resource across all contexts that exceeds the practical limit of the
ASA, then the performance of the ASA might be impaired.
The ASA lets you assign unlimited access to one or more resources in a class, instead of a percentage or
absolute number. When a resource is unlimited, contexts can use as much of the resource as the system
has available or that is practically available. For example, Context A, B, and C are in the Silver Class,
which limits each class member to 1 percent of the connections, for a total of 3 percent; but the three
contexts are currently only using 2 percent combined. Gold Class has unlimited access to connections.
The contexts in the Gold Class can use more than the 97 percent of “unassigned” connections; they can
also use the 1 percent of connections not currently in use by Context A, B, and C, even if that means that
Context A, B, and C are unable to reach their 3 percent combined limit. (See Figure 5-6.) Setting
unlimited access is similar to oversubscribing the ASA, except that you have less control over how much
you oversubscribe the system.
Figure5-6 Unlimited Resources
Default Class
All contexts belong to the default class if they are not assigned to another class; you do not have to
actively assign a context to the default class.
Total Number of System Connections = 999,900
Maximum connections
allowed.
Connections denied
because system limit
was reached.
Connections in use.
12345678910
Max. 20%
(199,800)
16%
(159,984)
12%
(119,988)
8%
(79,992)
4%
(39,996)
Contexts in Class
104895
Maximum connections
allowed.
Connections denied
because system limit
was reached.
Connections in use.
ABC 123
1%
2%
3%
5%
4%
Contexts Silver Class Contexts Gold Class
50% 43%
153211