Sunday 22 April 2012

Security Context:


Security Context:-
                Cisco Security appliance which have version 7.0 or above support Security context which allow them to Create multiple virtual firewall. Each virtualized partition is an independent device & have its own set of security policies.
                Multiple context modes do not support VPN, Dynamic routing and multicasting. Although it support static routing. It support both Routed and Transparent mode, but at a time only one mode can be used.
                It is done by creating sub interfaces on the main interface so that we can assign sub interface as main interface to the contexts we have created. Security contexts are generally used to reduce overall prize value. ISP use it to provide security to its customer by using 1 firewall they provide security to many that reduce overall prize value of firewall to ISP and also to its customer.

CONFIGURATION:-
Step1:-
                Put your firewall in to the multiple context mode by using command:-
                                mode multiple

Step2:-
                Enable your interfaces and then create sub interfaces on them so that you can assign them to context. Assign VLAN to the sub interfaces and configure switch as per VLAN but make the Switch-ASA cable as Trunk.
                                Interface ethernet0/0
                                No sh
                                Interface ethernet0/0.1
                                No sh
                                Vlan 10

Step3:-
                Cerate admin-context and save it to somewhere (on the flash or TFTP server of FTP server) . This context is used for configuration and monitoring of device.
                                Admin-context  administrator
                                Config-url flash:administrator.cfg

Step4:-
                Create another context allocate interfaces with name to it and save its .cfg file
                                Context c1
                                Allocate-interface ethernet0/0.1 outside
                                Config-url flash:c1.cfg
Outside is just name of the interface we want to give you can give any other also like c1outside or anything.

Step5:-
                Configure context.
                                Changeto context c1
                After giving this command your hostname will change.
                Eg ASA  to  ASA/c1
                Now you can configure context same as you configure you firewall.


For more information on configuration you can prefer this video I have uploaded I have done full configuration there. 

Posted by Aakar Periwal at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)