6-8
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 6 Configuring Multiple Context Mode
Information About Security Contexts
log in with a username, enter the login command. For example, you log in to the admin context with the
username “admin.” The admin context does not have any command authorization configuration, but all
other contexts include command authorization. For convenience, each context configuration includes a
user “admin” with maximum privileges. When you change from the admin context to context A, your
username is altered, so you must log in again as “admin” by entering the login command. When you
change to context B, you must again enter the login command to log in as “admin.”
The system execution space does not support any AAA commands, but you can configure its own enable
password, as well as usernames in the local database to provide individual logins.
Context Administrator Access
You can access a context using Telnet, SSH, or ASDM. If you log in to a non-admin context, you can
only access the configuration for that context. You can provide individual logins to the context. See
Chapter 32, “Configuring Management Access,” to enable Telnet, SSH, and SDM access and to
configure management authentication.
Information About Resource Management
By default, all security contexts have unlimited access to the resources of the adaptive security
appliance, except where maximum limits per context are enforced. However, if you find that one or more
contexts use too many resources, and they cause other contexts to be denied connections, for example,
then you can configure resource management to limit the use of resources per context.
The adaptive security appliance manages resources by assigning contexts to resource classes. Each
context uses the resource limits set by the class.
This section includes the following topics:
• Resource Limits, page 6-8
• Default Class, page 6-9
• Class Members, page 6-10
Resource Limits
When you create a class, the adaptive security appliance does not set aside a portion of the resources for
each context assigned to the class; rather, the adaptive security appliance sets the maximum limit for a
context. If you oversubscribe resources, or allow some resources to be unlimited, a few contexts can “use
up” those resources, potentially affecting service to other contexts.
You can set the limit for individual resources, as a percentage (if there is a hard system limit) or as an
absolute value.
You can oversubscribe the adaptive security appliance by assigning more than 100 percent of a resource
across all contexts. For example, you can set the Bronze class to limit connections to 20 percent per
context, and then assign 10 contexts to the class for a total of 200 percent. If contexts concurrently use
more than the system limit, then each context gets less than the 20 percent you intended. (See
Figure 6-5.)
To Next Page
Loading...
Need help?
General
