Licenses must be there to begin with, verify using show license features command and current mode using show mode command. show mode will display current mode as single mode.
Start with clearing configuration by config mode command clear configure all.
Change the mode to Multiple Context by the command mode multiple. ASA will go through a reboot.
Once you are in the Multiple Context mode, you are booted by default into a default context called system context. This context is there just to define your other contexts.
Also there is another default context called admin context. It is there just to access system context but you can use it for your normal purposes as well.
You can make your own context to be the admin context later. The * mark is there to identify the admin context.
Now I am creating 2 contexts called IT and SALES and allocate interfaces. This is done in system context.
context IT
allocate-interface e0
allocate-interface e1
config-url flash:IT.cfg
context FINANCE
allocate-interface e2
allocate-interface e3
config-url flash:SALES.cfg
Note that a config file needed to be created because a separate config file must be maintained for each Context.
Changing Security Mode can be done using changeto context command. You can change to any context via admin context and you can change to admin context via other non admin contexts. But you cannot change to non admin contexts or system context from non admin contexts.
After changing to Contexts you can configure just as you would do in a normal firewall. Now you have 2 virtual ASA firewalls in same box.
Let's change IT context as the admin context by the command admin-context IT.
Resource Allocation
This can be done through Class Maps in the following simple way.
class GOLD
limit-resource conns 100000
limit-resource Xlates 50000
class SILVER
limit-resource conns 75000
limit-resource Xlates 25000
Classes were defined and values were set for most resource utilizing features in ASA, connections and NAT translations.
Now let's assign those classes to Contexts,
context SALES
member GOLD
context FINANCE
member SILVER
If you want you can allocate same interface to other contexts. As an example Ethernet 0 is allocated to both IT context and SALES contexts.
write memory all will save all configuration made on all contexts at once.
No comments:
Post a Comment