In context is a feature of Firewall .It create virtual firewall in a single ASA firewall .
In multiple security context mode, the Cisco security appliance can be divided into three types:
- A system execution space
- An admin context
- One or more customer contexts
System Execution Space
Unlike other contexts, the system execution space does not have any Layer 2 or Layer 3 interfaces or any network settings. Rather, it is mainly used to define the attributes of other security context attributes. Here are the three important attributes configured for each context in the system execution space:
- Context name.
- Location of context’s startup configuration. The configuration of each context is also known as a configlet.
- Interface allocation.
Additionally, many optional features, such as interface and boot parameters, can be configured within the system execution space.
The admin context provides connectivity to network resources, as mentioned earlier. The IP addresses on the allocated interfaces can be used for remote management purposes, such as SSH or Telnet. The security appliance also uses the IP addresses to retrieve configurations for other contexts if they are located on a network share. A system administrator with access to the admin context can switch into the other contexts to manage them. The security appliance uses the admin context to send the syslog messages that relate to the system.
The admin context must be created before defining other contexts. Additionally, it must reside on the local disk. A new admin context can be designated at any time by using the admin-context command.
Each customer context acts as a virtual firewall with its own configuration that contains almost all the options that are available in a standalone firewall.