Enabling Multiple Context Mode
This chapter describes how to use security contexts and enable multiple context mode. This chapter
includes the following sections:
•
•
Security Context Overview
You can partition a single security appliance into multiple virtual devices, known as security contexts.
Each context is an independent device, with its own security policy, interfaces, and administrators.
Multiple contexts are similar to having multiple standalone devices. Many features are supported in
multiple context mode, including routing tables, firewall features, IPS, and management. Some features
are not supported, including VPN and dynamic routing protocols.
This section provides an overview of security contexts, and includes the following topics:
•
•
•
•
•
•
Common Uses for Security Contexts
You might want to use multiple security contexts in the following situations:
•
•
•
•
OL-10088-01
Security Context Overview, page 3-1
Enabling or Disabling Multiple Context Mode, page 3-10
Common Uses for Security Contexts, page 3-1
Unsupported Features, page 3-2
Context Configuration Files, page 3-2
How the Security Appliance Classifies Packets, page 3-3
Cascading Security Contexts, page 3-8
Management Access to Security Contexts, page 3-9
You are a service provider and want to sell security services to many customers. By enabling
multiple security contexts on the security appliance, you can implement a cost-effective,
space-saving solution that keeps all customer traffic separate and secure, and also eases
configuration.
You are a large enterprise or a college campus and want to keep departments completely separate.
You are an enterprise that wants to provide distinct security policies to different departments.
You have any network that requires more than one security appliance.
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
3
3-1