Cover by Gary A. Donahue

Safari, the world’s most comprehensive technology and business learning platform.

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required

O'Reilly logo

Managing Contexts

Multicontext mode allows virtual firewalls to exist within a single ASA firewall or a pair of them. A failover pair of ASAs will support multicontext mode as well, with active/active failover also being possible. Active/active failover is covered in Failover. Figure 28-3 shows a logical representation of multiple contexts residing within a single physical firewall.

Multiple contexts within a physical ASA

Figure 28-3. Multiple contexts within a physical ASA

Each context behaves as if it were a single standalone device, though there are ways that interfaces can be shared between contexts. Each context may have its own IP scheme, and networks can be replicated in multiple contexts without issue.

Most of the normal ASA features are available within each context, but there are some important features that are not. Though the ASA appliance is capable of many functions such as VPN, IDS, and the like, most of these additional features are disabled in multicontext mode. It bears repeating that multicontext mode disables the following features:

  • Support for OSPF, RIP, and EIGRP

  • VPN

  • Multicast routing; multicast bridging is supported

  • Threat detection

  • QoS

  • Phone proxy

That’s a pretty significant list! For many, the inability to support VPN alone may make contexts unusable. The disabled QoS and phone proxy features may also be serious negatives when you’re considering contexts. In a nutshell, if you need many firewalls with traditional ...

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required