Starting with Cisco Firewall version 7.x and upwards, the PIX and ASA Cisco firewalls can support now multiple contexts (or virtual firewalls) on the same physical chassis unit. Each security context runs independently with its own set of security policies, access rules, logging configuration, and so on. Out of the box, any cisco firewall appliance comes with a license of 2 security contexts. In this post, I will show you how to configure these two security contexts on a cisco PIX or ASA firewall that supports this feature:
ASA(config)# mode multiple
ASA(config)# context CONTEXT-A
ASA(config-ctx)# allocate-interface gigabitethernet0/0
ASA(config-ctx)# allocate-interface gigabitethernet0/1
ASA(config-ctx)# config-url flash:/contextA.cfg
ASA(config-ctx)# exit
ASA(config)# context CONTEXT-B
ASA(config-ctx)# allocate-interface gigabitethernet0/2
ASA(config-ctx)# allocate-interface gigabitethernet0/3
ASA(config-ctx)# config-url flash:/contextB.cfg
ASA(config-ctx)# exit
ASA(config)# exit
ASA# changeto context CONTEXT-A
The configuration above will create two security contexts and allocate two physical interfaces to each one. After the creation of the virtual firewalls, you can get into each individual security context using the command “changeto context” and start configuring each virtual firewall independently.
Leave a Reply