16-5
Cisco 7600 Series Routers Module Guide
OL-9392-05
Chapter 16 Adaptive Security Appliance Services Module
Security Context Overview
Security Context Overview
You can partition a single ASA SM into multiple virtual devices, known as security contexts. Each
context is an independent device, with its own security policy, interfaces, and administrators. Multiple
contexts are equivalent to multiple standalone devices. Multiple context mode supports multiple
features, routing tables, firewall features, IPS, and management. VPN and dynamic routing protocols are
not supported.
In the multiple context mode, ASA SM includes a configuration for each context that identifies the
security policy, interfaces, and most options you can configure on a standalone device. System
administrators configure contexts to add and manage them in the system configuration.
The following are characteristics of the system configuration:
• Like a single mode configuration, the system configuration is the startup configuration.
• System configuration identifies the basic settings for ASA SM.
• System configuration does not include any network interfaces or network settings for itself. When
the system needs to access network resources (such as downloading the contexts from the server), it
uses one of the contexts that is designated as the administrator context. The administrator context is
just like any other context. However, it gives the user who logs into the admin context system
administrator rights to access the system and all other contexts.
ASA SM Failover Mechanism
Failover supports redundancy in ASA SMs. The failover mechanism helps you configure two ASA SMs.
If an ASA SM fails, the redundant ASA SM starts functioning.
ASA SM supports two failover configurations:
• Active-Active failover
• Active-Standby failover
Active-Active failover
Active-Active failover is only available on units that run in the multiple context mode. In this failover,
both units can pass network traffic. This failover lets you configure load balancing on your network.
Active-Standby failover
Active-Standby failover is available on units that run in either the single or multiple context mode.
In this failover, one unit passes traffic while the other unit waits in a standby state.
Support on Chassis
ASA SM works with other modules in the router chassis to deliver robust security throughout the entire
chassis, effectively making every port a security port. ASA SM and the Firewall Services Module can
run simultaneously in the same chassis.
To Next Page
Loading...
Need help?
General
