dardan:asa_context
Cisco ASA Series CLI Configuration Guide, 9.0 https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config.html
Monitoring Security Contexts
---Viewing Context Information hostname# show context hostname# show context detail hostname# show context count ---Viewing Resource Allocation hostname# show resource allocation hostname# show resource allocation detail ---Viewing Resource Usage hostname# show resource usage context admin hostname# show resource usage summary hostname# show resource usage system counter all 0 ---Monitoring SYN Attacks in Contexts show perfmon show resource usage detail tcp-intercepts 328787 803610 unlimited 0 admin tcp-intercept-rate 16056 16254 unlimited 0 c1 show resource usage summary detail tcp-intercept-rate 341306 811579 unlimited 0 Summary ---Viewing Assigned MAC Addresses hostname# show running-config all context hostname# show running-config all context admin hostname/context# show interface | include (Interface)|(MAC)
Configuring a Security Context
---Changes to multiple context mode. You are prompted to reboot the ASA
hostname(config)# mode multiple
---Copies the backup version of your original running configuration to the current startup configuration.
hostname(config)# copy disk0:old_running.cfg startup-config
---Sets the mode to single mode. You are prompted to reboot the ASA.
hostname(config)# mode single
hostname(config)# context administrator ---context name
hostname(config-ctx)# description Administrator ---(Optional)
---To allocate an interface:
hostname(config-ctx)# allocate-interface gigabitethernet0/1.100 int1
hostname(config-ctx)# allocate-interface gigabitethernet0/1.200 int2
hostname(config-ctx)# allocate-interface gigabitethernet0/2.300-gigabitethernet0/2.305 int3-int8
---config-url url
hostname(config-ctx)# config-url ftp://user1:passw0rd@10.1.1.1/configlets/test.cfg
hostname(config-ctx)# member gold ---(Optional) member class_name, if no specified it belongs to the default class.
hostname(config-ctx)# allocate-ips sensor1 highsec ---(Optional) Assigns an IPS virtual sensor to this context
hostname(config-ctx)# join-failover-group 2 ---(Optional) Assigns a context to a failover group in Active/Active failover.
hostname(config-ctx)# scansafe ---(Optional) Enables Cloud Web Security for this context.
---Automatically Assigning MAC Addresses to Context Interfaces
hostname(config)# mac-address auto prefix 19
---Changing Between Contexts and the System Execution Space
changeto context "name" ---Changes to a context.
changeto system ---Changes to the system execution space
Managing Security Contexts
Removing a Security Context ---Removes a single context. no context "name" ---Removes all contexts (including the admin context). ---Changing the Admin Context admin-context "context_name" hostname(config)# admin-context administrator ---Changing the Security Context URL hostname(config)# changeto context ctx1 ---Changes to the context and clears its configuration. hostname/ctx1(config)# clear configure all hostname/ctx1(config)# changeto system ---Changes to the system execution space. hostname(config)# hostname(config)# context ctx1 ---Enters the context configuration mode for the context you want to change. hostname(config)# config-url ftp://user1:passw0rd@10.1.1.1/configlets/ctx1.cfg ---Enters the new URL.
Reloading a Security Context
hostname(config)# changeto context ctx1 ---Changes to the context that you want to reload. hostname/ctx1(comfig)# hostname/ctx1(config)# clear configure all ---Clears the running configuration hostname/ctx1(config)# copy startup-config running-config ---Reloads the configuration. ########################################################################################### **Examples** hostname(config)# mac-address auto prefix 19 hostname(config)# class default hostname(config-class)# limit-resource conns 10% hostname(config-class)# limit-resource vpn other 10 hostname(config-class)# limit-resource vpn burst other 5 hostname(config)# class gold hostname(config-class)# limit-resource mac-addresses 10000 hostname(config-class)# limit-resource conns 15% hostname(config-class)# limit-resource rate conns 1000 hostname(config-class)# limit-resource rate inspects 500 hostname(config-class)# limit-resource hosts 9000 hostname(config-class)# limit-resource asdm 5 hostname(config-class)# limit-resource ssh 5 hostname(config-class)# limit-resource rate syslogs 5000 hostname(config-class)# limit-resource telnet 5 hostname(config-class)# limit-resource xlates 36000 hostname(config-class)# limit-resource routes 700 hostname(config-class)# limit-resource vpn other 100 hostname(config-class)# limit-resource vpn burst other 50 hostname(config)# admin-context administrator hostname(config)# context administrator hostname(config-ctx)# allocate-interface gigabitethernet0/0.1 hostname(config-ctx)# allocate-interface gigabitethernet0/1.1 hostname(config-ctx)# config-url disk0:/admin.cfg hostname(config-ctx)# context test hostname(config-ctx)# allocate-interface gigabitethernet0/0.100 int1 hostname(config-ctx)# allocate-interface gigabitethernet0/0.102 int2 hostname(config-ctx)# allocate-interface gigabitethernet0/0.110-gigabitethernet0/0.115 int3-int8 hostname(config-ctx)# config-url ftp://user1:passw0rd@10.1.1.1/configlets/test.cfg hostname(config-ctx)# member gold hostname(config-ctx)# context sample hostname(config-ctx)# allocate-interface gigabitethernet0/1.200 int1 hostname(config-ctx)# allocate-interface gigabitethernet0/1.212 int2 hostname(config-ctx)# allocate-interface gigabitethernet0/1.230-gigabitethernet0/1.235 int3-int8 hostname(config-ctx)# config-url ftp://user1:passw0rd@10.1.1.1/configlets/sample.cfg hostname(config-ctx)# member gold
dardan/asa_context.txt · Last modified: 2019/02/21 19:22 by dardan