Tasks
● Change ASA mode to multiple
● Clear all the configurations on the ASA
● Create context Admin and give database name admin.cfg
● Create context C1 and allocate interface e0 and int e2 , database c1.cfg
● Create context C2 and allocate interface e1 and e2 , database c2.cfg
● Configure C1 int e0 ip 192.168.1.10 with nameif inside and security level 100 and int e2 ip add 101.1.1.10 wih nameif outside and security level 0
● Configure C2 int e1 ip 192.168.2.10 with nameif inside and int e1 ip 101.1.1.11 with nameif outside and security level 0
● Configure ip on R1 192.168.1.1 , R2 ip 192.168.2.1 and R3 ip 101.1.1.1
● Create two classes C1 and C2
● In class C1 limit-resources Conns by 30%, inspect rate by 40, ssh by 2% and make this class member of context C1
● In Class C2 linit-resources ASDM 2 , Mac-address 8%, routes 70 and make this member of Context C2
Explanation
Whenever we create Security context on ASA that security context can utilize all the resources of main firewall resulting in no resources left for other context. So we can limit the resources by creating the class and then binding with context.
Configuration
1) Go to mode multiple
This will save all your configuration in old_running_configuration.cfg
Delete the file ending with “*.cfg”
Clear the context
Check the context
create the Admin-context and initialize it
create the context C1 and allocate interface e0 , e2 with database C1.cfg
create the context C2 and allocate interface e0 , e2 with database C2.cfg
Create class C1 and C2 and allocate resources(System Cli)
Allocate the class to the context by member <class-name >
