https://community.cisco.com/t5/network-security/pix-8-0-security-context/m-p/1257947#M824105 <P>Hi</P><P>i want to have two security context for active/active failover. but I have a problem with the admin context</P><P>I want the context 1 to be empty and the context 2 to contient one gateway(on outside interface) and several vlans.</P><P>The context2 will be part of the failover group2 wich willbe active on security appliance2.</P><P>the context 1 will be part of the failover group1 wich will be active on security appliance1.</P><P></P><P>But wath do I do with the admin context? wath do I put or remove from this context? does it have to contains all the interfaces?</P><P></P><P> I have 802.1Q trunks for&nbsp; both, outside &amp; inside interfaces</P><P></P><P>I want&nbsp; vlan2, vlan3, vlan4,vlan5 in the inside &amp; vlan 10, vlan 11 in the outside</P><P></P><P></P><P>Security appliance1 would have:</P><P></P><P>context context1<BR />&nbsp; allocate-interface GigabitEthernet0.10 outside_context1<BR />&nbsp; allocate-interface GigabitEthernet1.2 vlan2</P><P>&nbsp; allocate-interface GigabitEthernet1.3 vlan3</P><P>&nbsp; config-url flash:/context1.cfg</P><P></P><P>context context2</P><P>&nbsp; config-url flash:/context2.cfg</P><P></P><P>Security appliance2 would have:</P><P></P><P>context context1</P><P>&nbsp; config-url flash:/context1.cfg</P><P>context context2<BR />&nbsp;&nbsp; allocate-interface GigabitEthernet0.11 outside_context1<BR />&nbsp;&nbsp; allocate-interface GigabitEthernet1.4 vlan4</P><P>&nbsp; allocate-interface GigabitEthernet1.5 vlan5</P><P>&nbsp; config-url flash:/context2.cfg</P><P></P><P>Wath about context admin wath do I out or wath doit remove?</P><P>Actually it has everithing:</P><P></P><P>context admin</P><P>&nbsp; allocate-interface GigabitEthernet0.10</P><P>&nbsp; allocate-interface GigabitEthernet0.11</P><P>&nbsp; allocate-interface GigabitEthernet1.2</P><P>&nbsp; allocate-interface GigabitEthernet1.3</P><P>&nbsp; allocate-interface GigabitEthernet1.4 </P><P>&nbsp; allocate-interface GigabitEthernet1.5</P><P>&nbsp; config-url flash:/admin.cfg</P><P></P><P></P><P>Thanks you very much</P> Mon, 11 Mar 2019 16:41:59 GMT roussillon 2019-03-11T16:41:59Z https://community.cisco.com/t5/network-security/pix-8-0-security-context/m-p/1257947#M824105 <P>Hi</P><P>i want to have two security context for active/active failover. but I have a problem with the admin context</P><P>I want the context 1 to be empty and the context 2 to contient one gateway(on outside interface) and several vlans.</P><P>The context2 will be part of the failover group2 wich willbe active on security appliance2.</P><P>the context 1 will be part of the failover group1 wich will be active on security appliance1.</P><P></P><P>But wath do I do with the admin context? wath do I put or remove from this context? does it have to contains all the interfaces?</P><P></P><P> I have 802.1Q trunks for&nbsp; both, outside &amp; inside interfaces</P><P></P><P>I want&nbsp; vlan2, vlan3, vlan4,vlan5 in the inside &amp; vlan 10, vlan 11 in the outside</P><P></P><P></P><P>Security appliance1 would have:</P><P></P><P>context context1<BR />&nbsp; allocate-interface GigabitEthernet0.10 outside_context1<BR />&nbsp; allocate-interface GigabitEthernet1.2 vlan2</P><P>&nbsp; allocate-interface GigabitEthernet1.3 vlan3</P><P>&nbsp; config-url flash:/context1.cfg</P><P></P><P>context context2</P><P>&nbsp; config-url flash:/context2.cfg</P><P></P><P>Security appliance2 would have:</P><P></P><P>context context1</P><P>&nbsp; config-url flash:/context1.cfg</P><P>context context2<BR />&nbsp;&nbsp; allocate-interface GigabitEthernet0.11 outside_context1<BR />&nbsp;&nbsp; allocate-interface GigabitEthernet1.4 vlan4</P><P>&nbsp; allocate-interface GigabitEthernet1.5 vlan5</P><P>&nbsp; config-url flash:/context2.cfg</P><P></P><P>Wath about context admin wath do I out or wath doit remove?</P><P>Actually it has everithing:</P><P></P><P>context admin</P><P>&nbsp; allocate-interface GigabitEthernet0.10</P><P>&nbsp; allocate-interface GigabitEthernet0.11</P><P>&nbsp; allocate-interface GigabitEthernet1.2</P><P>&nbsp; allocate-interface GigabitEthernet1.3</P><P>&nbsp; allocate-interface GigabitEthernet1.4 </P><P>&nbsp; allocate-interface GigabitEthernet1.5</P><P>&nbsp; config-url flash:/admin.cfg</P><P></P><P></P><P>Thanks you very much</P> Mon, 11 Mar 2019 16:41:59 GMT https://community.cisco.com/t5/network-security/pix-8-0-security-context/m-p/1257947#M824105 roussillon 2019-03-11T16:41:59Z https://community.cisco.com/t5/network-security/pix-8-0-security-context/m-p/1257948#M824135 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>roussillon wrote:</P><P></P><P>Hi</P><P>i want to have two security context for active/active failover. but I have a problem with the admin context</P><P>I want the context 1 to be empty and the context 2 to contient one gateway(on outside interface) and several vlans.</P><P>The context2 will be part of the failover group2 wich willbe active on security appliance2.</P><P>the context 1 will be part of the failover group1 wich will be active on security appliance1.</P><P></P><P>But wath do I do with the admin context? wath do I put or remove from this context? does it have to contains all the interfaces?</P><P></P><P> I have 802.1Q trunks for&nbsp; both, outside &amp; inside interfaces</P><P></P><P>I want&nbsp; vlan2, vlan3, vlan4,vlan5 in the inside &amp; vlan 10, vlan 11 in the outside</P><P></P><P></P><P>Security appliance1 would have:</P><P></P><P>context context1<BR />&nbsp; allocate-interface GigabitEthernet0.10 outside_context1<BR />&nbsp; allocate-interface GigabitEthernet1.2 vlan2</P><P>&nbsp; allocate-interface GigabitEthernet1.3 vlan3</P><P>&nbsp; config-url flash:/context1.cfg</P><P></P><P>context context2</P><P>&nbsp; config-url flash:/context2.cfg</P><P></P><P>Security appliance2 would have:</P><P></P><P>context context1</P><P>&nbsp; config-url flash:/context1.cfg</P><P>context context2<BR />&nbsp;&nbsp; allocate-interface GigabitEthernet0.11 outside_context1<BR />&nbsp;&nbsp; allocate-interface GigabitEthernet1.4 vlan4</P><P>&nbsp; allocate-interface GigabitEthernet1.5 vlan5</P><P>&nbsp; config-url flash:/context2.cfg</P><P></P><P>Wath about context admin wath do I out or wath doit remove?</P><P>Actually it has everithing:</P><P></P><P>context admin</P><P>&nbsp; allocate-interface GigabitEthernet0.10</P><P>&nbsp; allocate-interface GigabitEthernet0.11</P><P>&nbsp; allocate-interface GigabitEthernet1.2</P><P>&nbsp; allocate-interface GigabitEthernet1.3</P><P>&nbsp; allocate-interface GigabitEthernet1.4 </P><P>&nbsp; allocate-interface GigabitEthernet1.5</P><P>&nbsp; config-url flash:/admin.cfg</P><P></P><P></P><P>Thanks you very much</P></PRE><P></P><P>The admin context is used purely for administering the ASA so it doesn't need to have all the interfaces in it. It should have it's own interfaces that ar used purely to remotely logon to the ASA and also for remotely accessing config files etc.</P><P></P><P>Jon</P></BODY></HTML> Tue, 24 Nov 2009 11:24:18 GMT https://community.cisco.com/t5/network-security/pix-8-0-security-context/m-p/1257948#M824135 Jon Marshall 2009-11-24T11:24:18Z https://community.cisco.com/t5/network-security/pix-8-0-security-context/m-p/1257949#M824154 <HTML><HEAD></HEAD><BODY><P>yes it worked, Thank.</P><P></P><P>but&nbsp; I can not make ping &amp; traceroute work</P><P></P><P>I added</P><P></P><PRE>access-list outside_access_in extended permit icmp any any time-exceeded log disable <BR />access-list outside_access_in extended permit icmp any any echo-reply log disable<BR /><BR />access-group outside_access_in in interface outside<BR /><BR />It works fine in single mode but it seems to have no effect in context mode<BR /><BR />is there something missing?<BR /><BR />Thanks<BR /></PRE></BODY></HTML> Tue, 24 Nov 2009 17:09:48 GMT https://community.cisco.com/t5/network-security/pix-8-0-security-context/m-p/1257949#M824154 roussillon 2009-11-24T17:09:48Z