5-21
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter5 Configuring Multiple Context Mode
Configuring Multiple Contexts
Step4 config-url url
Example:
hostname(config-ctx)# config-url
ftp://user1:passw0rd@10.1.1.1/configlets/t
est.cfg
Identifies the URL from which the system downloads the context
configuration. When you add a context URL, the system
immediately loads the context so that it is running, if the
configuration is available.
Note Enter the allocate-interface command(s) before you
enter the config-url command. If you enter the config-url
command first, the ASA loads the context configuration
immediately. If the context contains any commands that
refer to (not yet configured) interfaces, those commands
fail.
The filename does not require a file extension, although we
recommend using “.cfg”. The server must be accessible from the
admin context. If the configuration file is not available, you see
the following message:
WARNING: Could not fetch the URL disk:/url
INFO: Creating context with default config
For non-HTTP(S) URL locations, after you specify the URL, you
can then change to the context, configure it at the CLI, and enter
the write memory command to write the file to the URL location.
(HTTP(S) is read only).
Note The admin context file must be stored on the internal flash
memory.
Available URL types include: disknumber (for flash memory),
ftp, http, https, or tftp.
To change the URL, reenter the config-url command with a new
URL. See the “Changing the Security Context URL” section on
page 5-25 for more information about changing the URL.
Step5 (Optional)
member class_name
Example:
hostname(config-ctx)# member gold
Assigns the context to a resource class. If you do not specify a
class, the context belongs to the default class. You can only assign
a context to one resource class.
Step6 (Optional)
join-failover-group {1 | 2)
Example:
hostname(config-ctx)# join-failover-group
2
Assigns a context to a failover group in Active/Active failover. By
default, contexts are in group 1. The admin context must always
be in group 1.
See the “Configuring the Primary Failover Unit” section on
page 63-8 for detailed information about failover groups.
Step7 (Optional)
allocate-ips sensor_name [mapped_name]
[default]
Example:
hostname(config-ctx)# allocate-ips sensor1
highsec
Assigns an IPS virtual sensor to this context if you have the AIP
SSM installed.
See the “Assigning Virtual Sensors to a Security Context (ASA
5510 and Higher)” section on page58-15 for detailed information
about virtual sensors.
Command Purpose